Try our new research platform with insights from 80,000+ expert users
VP Risk Management at a financial services firm with 1,001-5,000 employees
Real User
We can record everything third-party vendors do to ensure that they're only doing the needed changes
Pros and Cons
  • "We are able to log and get reporting on all privileged activity that is being performed. We like the fact that we can leverage the session recording feature, which is especially valuable when we're dealing with third-party vendors that have to remote into our our boxes and servers to do any work on behalf of the bank. Now, we can record everything they are doing to ensure that they're only doing the changes that were needed. In addition, we use it to leverage knowledge transfer with our internal staff."
  • "Some of the out-of-the-box reporting isn't that rich. We spoke to our Safeguard reps who have acknowledged that some of the reporting features can certainly be improved and that we're not the only customer who has cited this. There are very little out-of-the-box reporting capabilities. You have to build the queries and the report. I believe in the next release they're going to be addressing this."

What is our primary use case?

The three main use cases that we have are:

  1. Ensure our human and non-human privilege accounts are locked up in a password vault. 
  2. Have workflows to handle the major types of usage, such as break glass and business as usual. 
  3. Changes in usage of the credentials are tied into approved change requests. 

These drive our first goal to take all our privileged users on the help desk, our local accounts on our desktops, our servers (web servers, app servers, or database servers), and individuals in our network group who do our firewalls, then migrate all these human accounts into Safeguard Password Vault. Last Fall, we went group by group and revised their accounts. We took away any type of privilege account that they had, ensuring that all of these accounts were then migrated to the Vault. They could then check out passwords to facilitate any type of privilege activities they needed to do on behalf of the bank.

We use virtual appliances for this solution, which made sense for us, especially if we will plan to perhaps migrate to the cloud. Right now, it's all virtualized on-premise.

How has it helped my organization?

Anytime new tools and technologies are being brought into the bank, the biggest impact is to the process, procedures, and culture. There is a culture change when any new technology gets rolled out. This solution changes the way we have done the business for many years. We're taking a very controlled, conservative approach in how we roll the technology out.

What is most valuable?

It is working as it's supposed to work. We had a lot of good support from the One Identity team who helped us build it and do a test. 

We are able to log and get reporting on all privileged activity that is being performed. We like the fact that we can leverage the session recording feature, which is especially valuable when we're dealing with third-party vendors that have to remote into our our boxes and servers to do any work on behalf of the bank. Now, we can record everything they are doing to ensure that they're only doing the changes that were needed. In addition, we use it to leverage knowledge transfer with our internal staff.

We use the solution’s Approval Anywhere feature. We do have the Starling 2FA app on our mobile devices. We haven't rolled out the request and approval yet. We want to get people to use it in their daily functions, whether it's business as usual work, break glass, or any changes that they need to make tied into an approved formal change request. Starting in April, we will be rolling out the request and approval phase. Based on the type of change being requested, break glass will need to be approved, especially if they're doing it during the daytime or off-hours. Then, we will have change requests tied into our change-advisory board. Once there's a change that's approved via our CAB process, then that person will be allowed to check out the credentials they need and tie it back into the ServiceNow ticket that was created. This gives us the audibility between when that change was being made and ensuring that it's being performed for its intended purposes. We are taking a crawl-walk-run approach.

What needs improvement?

Some of the out-of-the-box reporting isn't that rich. We spoke to our Safeguard reps who have acknowledged that some of the reporting features can certainly be improved and that we're not the only customer who has cited this. There are very little out-of-the-box reporting capabilities. You have to build the queries and the report. I believe in the next release they're going to be addressing this.

Buyer's Guide
One Identity Safeguard
October 2024
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.

For how long have I used the solution?

We have been using Safeguard in a production capacity for about nine months now.

What do I think about the stability of the solution?

We haven't had any problems at all. 

There was one issue where we had to put a certain fix on and were able to work with the One Identity people. We downloaded the fix and put it onto our dev environment. After it was baked into our dev environment for a day or so, we then scheduled that change to go live into our production environment. That went very smoothly.

Two people are needed for deployment and maintenance. They're both in the cybersecurity area. There's a manager along with a senior cyber security analyst who runs the platform.

What do I think about the scalability of the solution?

The tool does everything that it is designed to do. It is one of the leading privileged access management products out on the market. They rebuilt the whole product, giving it a nice brand a new clean user interface, which is very user-friendly and easy to use. One Identity has done a very good job taking the old product, TPAM, and doing a whole refresh of that tool. We're very happy with the Safeguard product.

We have approximately 50 to 60 human privilege accounts whose roles are everything, everywhere. From the information security department to the desktop people, there are about 12 users in that area. There are about 20 people who comprise our IT engineering group and another 15 or so who comprise our network team. Then, there are the third-party users who have to login on behalf of the bank to do changes for us, which is another 10 or so privileged accounts which have been setup for a one-time usage when a third-party vendor needs to remote into our system. Crawl-walk-run impacts about 30 percent of all the changes being made. Most changes are made to the production environment and need to be done with a privilege account.

How are customer service and support?

I would rate the technical support as very good and strong. We're happy with the support we get from our One Identity team. We see it as something that will be accepted more as the culture changes at the bank. We did the human accounts first because with the non-human service accounts there have been challenges this year. You have to tread water very slowly since you have to do a good analysis and understand what these non-human service accounts are used for. It's not just a simple lock them up in a vault type of scenario. It will take us a bit more time to put a plan together beginning in the second quarter to address the onboarding of these non-human service accounts into the password vault.

There wasn't much training required for those who manage the product. It was pretty straightforward. We did do training though. We had a training manual as well as a hour training class with various user groups. Our hour training, manual, and how-to guide along with being able to support issues/concerns via our cybersecurity team was beneficial to the success of the implementation.

Which solution did I use previously and why did I switch?

We did not use another solution previously.

Prior to this Safeguard implementation, we did not know when somebody was using their elevated privileges to do certain features or functions. We only hoped that it was according to whomever the change request was associated. Now that we're able to audit log and record what is being done, we can play back all the sessions to make sure no type of unattended usage of the privilege or elevated credentials were being used. From securing the bank standpoint, it has helped tremendously.

How was the initial setup?

The team shared with us that the initial setup was pretty straightforward.

The deployment took no more time from when we got the servers brought in to when got the software installed. This took a few weeks to get it up, configured, and customized for our needs. Then, there was some sandbox testing which was done, then we started the pilots within the first three months of having the solution stood up.

Anytime you are putting in a deployment change that affects privilege users, it's going to create some problems. That's why we took a very slow approach of taking one user from all of our various groups. We had one person from each of our teams: desktop, network, and IT engineering. We worked with them for about a month. We tried to shake out any bugs and issues that they would have before we gradually rolled it out to others. 

People are very adverse to change. When you have this type of a solution, the technical capabilities of the product along with all the process change creates some issues. However, we expected that.

What about the implementation team?

My role was as head of identity and access management to work in concert with our cybersecurity manager. It is his team who owned and rolled out the technology to the bank. My responsibility was making sure from an identity and access management process that the procedures had been in place and they satisfied our internal and external audit requirements. I'm more of the process guy, not the technician.

What was our ROI?

Being in information security, anytime you can sit down with the board of directors, and say "We now have a more secure bank," there is ROI. The reason: The biggest threat to any bank is an insider threat. Now, with our privileged access, we have them logged, recorded, and locked up in a password vault so we know who's making changes, when they're making change, and why they're making changes. This helps greatly improve the security posture of the bank. That's what we use to sell and justify that it was a good investment for the bank.

Which other solutions did I evaluate?

In addition to Safeguard, we looked at a product by the name of CyberArk and one by the name of BeyondTrust. These were the three products that we brought in for a proof of concept. In the summer of 2018, we made the decision to go with Safeguard. Then, between June and July 2019, we had it up and running, starting pilots and rolling it out accordingly.

When we did our scoring criteria on the three products, all the products were very close. What it came down to was price. We had individuals on the cyber team who had previous experience with the One Identity Privileged Access Management product at that time, which was called TPAM back then. Those individuals had a very good relationship and understanding of that tool. This weighed into our decision as well as cost to go with the One Identity Safeguard solution. It was definitely cheaper than the other two products that we evaluated.

What other advice do I have?

The solution is part of our identity and access management product. We use Saviynt as our identity, governance and administrative tool. We certify all privilege accounts on a schedule basis. There is some integration with our identity and access management platform/program at the bank. It allows us to be in a position where we can identify and detect as well as prevent any type of privilege act that's being used as a threat at the bank. The integration was easy. It didn't pose any problems.

We have had a mixed bag regarding the solution’s usability and functionality. We have had some people who said that the tools worked nicely. They checked out their credentials every morning, use them for the better part of the day. We set the duration for eight hours. Once somebody checks out something in the morning, they pretty much use that password for the entire day. For some groups, this created a problem because of the type of work that they do, such as long running processes. We've had some issues where their password expired while a process was still running. We had to work with our IT engineering group to come up with a different type of the duration for their needs. One Identity has been very good at working with us to help us through these use cases. 

Understand each use case very carefully and thoroughly. This changes the way someone conducts their business. We had to be cognizant of the impact to our day-to-day operations. If I could do it all over again, I would spend more time understanding the impact of a security tool, such as a privileged access management solution. I think we could have done somethings better than we did.

We haven't started to use the solution’s behavior analytics feature, but as we start building up some data, then that puts us in a position to be able to identify any type of exception or anomalous behavior. We haven't built up enough trending data to leverage that functionality at this time.

We are very happy with the tool. I would rate the solution as an eight (out of 10).

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
IT Specialist at a tech services company with 201-500 employees
Real User
Top 20
Fast to implement and has good pricing but lacks documentation
Pros and Cons
  • "The monitoring system is very good."
  • "There is a lack of documentation and many problems with the plugins."

What is our primary use case?

We use the on-demand version. We use the solution for monitoring and connection to the customer's server for Windows and Linux.

How has it helped my organization?

It's easier to connect to the server and it makes it more secure. We've seen about a 40% improvement in that regard.

What is most valuable?

The monitoring system is very good.

It has a very nice user interface.

The product is very fast to implement.

We use the solution's transparent mode for privileged sessions.

What needs improvement?

There is a lack of documentation and many problems with the plugins.

I did run into problems with transparent mode for privileged sessions. We didn't connect correctly to the server. It was an issue we had with the customer's server, not the product itself.

The security of the connection could be improved. 

For how long have I used the solution?

I've been using the solution for one year. 

What do I think about the stability of the solution?

It's not completely stable. Sometimes the newest version does not support an older version.

What do I think about the scalability of the solution?

The solution is not so scalable. 

Mabe 20 or so users are leveraging it in our organization. They are admins. 

How are customer service and support?

We use regular support. The response times are too long. Sometimes it could take days. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I previously used CyberArk. I changed companies, and now I work with this product. I find Safeguard to be easier to implement, however, it does lack documentation.

How was the initial setup?

It is fast to implement. 

While the process is not technically complex, there was a lack of documentation and we had to figure out how to do it ourselves. The deployment took three weeks. We had two people working on the process.

What was our ROI?

We have yet to witness an ROI.

What's my experience with pricing, setup cost, and licensing?

The solution is offered at a good price. We pay a monthly fee. I'm not sure of the exact cost we pay.

What other advice do I have?

I'm a product partner. 

We are using the latest version of the solution. 

I have yet to use the cloud assistant feature, so I can't say much about that aspect of the solution. We also do not use the solution's secure remote access feature for privileged users. We don't have it integrated with DevOps or RPA.

While basic knowledge is important, there isn't much training required to start using the solution. 

I'd rate the solution six out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
One Identity Safeguard
October 2024
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
Director of Information Security at a healthcare company with 1,001-5,000 employees
Real User
Approval Anywhere feature enables review and approval of a request with one click
Pros and Cons
  • "There are a lot of features, so it's going to sound funny, but one of the most simplistic features, the Favorites feature, is the one we like the best. You do a full run-through of configuration to check out a server and then you can save that whole configuration as a favorite. So the next time you go in, you click on the favorite that you configured and it automatically takes you to the end so you can check the server out that much faster. It saves a lot of time..."
  • "There is room for improvement in the launch module. They built in a launch button but they don't have effective instructions for configuring it to allow it to launch an RDP session. They're working on that, but the button is in the live product. If they were going to install something that wasn't useful, they should have just disabled it and not rolled it out with the product."

What is our primary use case?

We use it primarily for our IT team, so they can access our production and pre-production environments, to have better accountability. They have to create a ticket, check it out, and then they have to get approval from our approvers group. So there's accountability from beginning to end, and we also record the sessions.

How has it helped my organization?

The time frame to get sessions rolling has been cut to a third. From a productivity standpoint that's tremendous.

In addition to that, the ease of use is fantastic because our IT team is able to check out sessions very quickly because it's so intuitive and easy to work with. They're pleased with it and it allows them to do their jobs much faster. That's probably the largest way it has improved things for us.

Finally, because of the intuitiveness and ease of use for end-users it has been really simple to train on. This product has worked flawlessly for us.

What is most valuable?

There are a lot of features, so it's going to sound funny, but one of the most simplistic features, the Favorites feature, is the one we like the best. You do a full run-through of configuration to check out a server and then you can save that whole configuration as a favorite. So the next time you go in, you click on the favorite that you configured and it automatically takes you to the end so you can check the server out that much faster. It saves a lot of time, resulting in an increase in productivity and a decrease in issues and errors and interface problems. It increases redundancy and gives us a much easier interface to use.

We're using virtual appliances for Safeguard because of the flexibility of virtual appliances. We can snapshot them, we can restore them quickly. There's a lot more flexibility with virtual.

We use the solution’s Approval Anywhere feature, and it allows a group of five individuals to receive notifications on their phones, through Starling, and review a request and approve it with one click.

We also use the solution’s “transparent mode” feature for privileged sessions. We record them and we also review them. That way, if there are problems with any configurations they did, we can go back and review them. Also, for mentoring, teams utilize it to help individuals deploy code better or to make changes to configurations. There are a lot of positives with that feature. It was very easy to start using this feature. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with. The rollout of "transparent mode" was seamless for our users. We sent out picture instructions on how to do it and offered to get on a call with people to discuss it with us, but nobody had any questions. In terms of the monitoring itself, it doesn't affect things any differently than the previous solution. It's pretty much the same. Obviously, using the tools is easier, but we were monitoring the same type of information as before.

What needs improvement?

There is room for improvement in the launch module. They built in a launch button but they don't have effective instructions for configuring it to allow it to launch an RDP session. They're working on that, but the button is in the live product. If they were going to install something that wasn't useful, they should have just disabled it and not rolled it out with the product. Because we don't tie it to an RDP session, you actually have to click the download button and then open the RDP session from there, versus just clicking the launch button and it automatically opening RDP.

For how long have I used the solution?

Before Safeguard we used TPAM, which is one identity's product as well. We upgraded but we've been using the overall product since 2016.

What do I think about the stability of the solution?

Overall the solution is very stable. We have not had any major issues on it. It's a nice system.

The only issue I have run into was with our failover two our redundant. There was a pointer to the One Identity platform, it's called an SPP, and it wasn't pointing correctly. But we were able to resolve it. There have really been no issues besides that. Otherwise, everything is very seamless when doing failover and full redundancy.

What do I think about the scalability of the solution?

We can continue to add more VMs to support thresholds. We can certainly scale up with it. It's being used on about 300 servers right now and we have plans to expand to about 200 more.

We have 50-plus people using safeguard right now and they're all in IT. For deployment and maintenance we have one to two people.

How are customer service and support?

We haven't had to use technical support. It's been a solid platform so far.

Which solution did I use previously and why did I switch?

Previous to this, we were using TPAM and, while it worked, it was horrible to work with. When we saw and got a demo of Safeguard and saw that we would be able to approve things from our phones, saw the user interface which was so much nicer — more intuitive, a lot easier to configure — we went from our teams complaining about the old product every day to not hearing one complaint at all. As a matter of fact, I hear compliments about how much they love Safeguard.

The feedback I have had from users has been a lot of compliments about how much they enjoy working in the interface. It's so much easier to use. It's quick. They can get to the point of checking out a server and of being compliant with security requirements, while at the same time being able to troubleshoot an issue much faster than they used to be able to.

How was the initial setup?

The initial setup was a little complex.

What about the implementation team?

We worked with an integrator, Rallypoint Solutions, to accomplish it because we hadn't accomplished it before with Safeguard specifically. The integrator was tremendous. I have nothing but good things to say about Rallypoint. They helped integrate the whole thing. They really had a great understanding of it. We worked with them throughout the entire setup. We were the hands and they were guiding us. Overall, it was very easy to get up and running.

It did take about a week, eight hours a day — so 40 hours — to get fully up and running and everything imported from the old system into the new one, and to make sure all testing and redundancy were done.

The deployment was not disruptive to our privileged users at all. We ran both the old system and the new system in parallel and allowed them to migrate over after a period of two weeks. However, we had most people on it the first week and they loved it. They were eager to get off the old system.

It required no training. I provided step-by-step picture instructions that we had written out and that was it. They were good to go. We did have a strategy in place, if we needed to work with our teams from a training standpoint. We had sessions set up and ready to go where a live person could walk them through it. But none of our IT users seemed to need that. It was very intuitive.

What was our ROI?

We have seen ROI using Safeguard. For example, configuring a session in the old version used to take them 10 or 15 minutes, or more. Not only that, but the live person who was the approver had to be logged into the system. So the requester could actually wait a couple of hours before somebody would be able to log in and approve the session. With Safeguard, it's approved within less than a minute because approvers get the notifications on their phones and are able to review the tickets effectively. They understand what's being accomplished and know that it has a ticket number with more detailed information that they can verify, and they can approve the session right there. The individual gets that approval immediately. We went from an average of from anywhere between 15 minutes and two hours down to less than a minute or two. That's tremendous.

What's my experience with pricing, setup cost, and licensing?

They offer a fair price for a robust solution.

In addition to the standard licensing fees there are costs for Starling, but they're very minimal annually. You need Starling to use the mobile Approval Anywhere feature that is so convenient. So it's worth every dime. That extra cost is so small that it's not really even noticeable.

There are integration costs if you aren't looking to do it yourself. I highly recommend their integrators. They are a little expensive but certainly worth the money.

Which other solutions did I evaluate?

We did evaluate other solutions, but this is the best choice. We went with Safeguard because of the flexibility, the interface, and a more seamless migration from the old system to the new system. And costs were a consideration, obviously.

What other advice do I have?

If you're looking for something that is easy to use with a very intuitive interface — even the administrator interface is very intuitive — I would highly recommend Safeguard. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with.

The biggest lesson I have learned from using Safeguard is to make sure you have enough accounts available for individuals' sessions so that they can check out. The way Safeguard works, an account is created just for Safeguard. Individuals go in as themselves and then they have to check out this account in order for that account to be able to remote to the server. That account would be the only one allowed to remote to the server. But if multiple people have the account checked out for multiple hours, that presents an issue. So keep your session times as minimal as possible. Even for timeout, allow them to change it if they think they're going to use it longer. But the important thing is to make sure that you either have enough accounts or have your session timeouts limited.

We do use the solution's behavior analytics feature, but I wouldn't say that it's too useful at this point for us because we know what their usage is because it has to be done through tickets. For how long they're using it, what kind of configurations they're doing, and what they're doing, the analytics piece of it is more expected for us, as a result. It does help us to identify risky actions without having to create a set of rules or policies, and without any effort on our part. But in our environment, if users don't put in a ticket and provide effective comments, then our approvals group doesn't approve it. There's no automatic approval set up. An individual reviews every request, so malicious use would not be possible.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Software Solutions Architect at a computer software company with 11-50 employees
Real User
Simple deployment, responsive support, and scalable
Pros and Cons
  • "I have found the most useful feature of One Identity Safeguard to be Privileged Sessions."
  • "When we compare One Identity Safeguard with Cyberark, we know CyberArk has other tools or other features that are more complex and more useful for the customers. For example, I have one customer that wants to elevate the permission that is available in CyberArk."

What is most valuable?

I have found the most useful feature of One Identity Safeguard to be Privileged Sessions.

What needs improvement?

When we compare One Identity Safeguard with Cyberark, we know CyberArk has other tools or other features that are more complex and more useful for the customers. For example, I have one customer that wants to elevate the permission that is available in CyberArk. 

Another example is, I have one potential customer that wants to use some feature that is available only in CyberArk. The scenario is one user request a patient, however, that user doesn't have the permissions. In that request, he wants to request more permissions elevation and more rights under the live connection. This can be done in CyberArk and not in One Identity Safeguard.

We need to allow more permissions for the user who requests access for the previous account in a live connection.

CyberArk gives stronger features for safeguarding at this moment.

For how long have I used the solution?

I have been using One Identity Safeguard for approximately one year.

What do I think about the stability of the solution?

One Identity Safeguard is a stable solution.

What do I think about the scalability of the solution?

I have found One Identity Safeguard to be scalable.

How are customer service and support?

I have contacted support. I can create tickets for support and in approximately one hour, I have a response from the support. They are very quick.

Which solution did I use previously and why did I switch?

I have previously used Cyberark.

How was the initial setup?

The initial setup of One Identity Safeguard was simple. In one week we can be ready to fully operate.

What other advice do I have?

My advice to others wanting to implement this solution is to do the implementation slowly and concentrate.

I rate One Identity Safeguard a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1161345 - PeerSpot reviewer
Works with 10,001+ employees
MSP
Session auditing and replay capabilities help to secure our production environment
Pros and Cons
  • "All sessions are audited and they are indexed/searchable through the GUI."
  • "Monitoring of the platform should be easier and more functional so that you can have a clear picture of the running service."

What is our primary use case?

We use this solution to separate the office environment from the production environment with a secure network zone. All user sessions go through One Identity Safeguard before they can reach the production environment. All sessions are audited and they are indexed/searchable through the GUI. Some of the data are transferred to our SIEM solution. For the moment we use the product for RDP and SSH sessions. We are going to use it for Citrix farms also in transparent mode. 

How has it helped my organization?

All user sessions are going through Safeguard. They are all audited and secured with forcing the minimum security settings on the side of the user. With this setup, you can easily secure all of the connections to the production environment from the office. Especially if you have a lot of different places connecting to the production environment, it is a PCI DSS requirement that you secure the flow. In our company we already audited the product as part of the PCI DSS certification.

What is most valuable?

The most valuable feature is auditing the sessions. All of the sessions (RDP, SSH, Citrix) can be audited and replayed on demand.

Complete indexing on SSH sessions means that all commands are searchable after indexing.

What needs improvement?

Management of the farm of appliances. When you have more than one server to handle the traffic, you need to configure everything on each console and maintain seperately. The cluster feature is coming in the next versions, until then you can handle with some scripts but its not straight forward. In case you want to use a farm of appliances instead of one you should consider this.

Monitoring of the platform should be easier and more functional so that you can have a clear picture of the running service. Again when you have a farm of appliances you need to have all the monitoring data centrally so you know what is happening with the overall service. This feature is missing. You have to go on each server to see what is the status there.

For how long have I used the solution?

We have been using this solution for two years.

What do I think about the stability of the solution?

This is an extremely stable product. Outages depend only on your environment. The service can run smoothly forever, depending on your company's setup and possible maintenance outages.

What do I think about the scalability of the solution?

No problem to scale. It's always a good option to use a load balancer in front of the solution to handle the traffic.

How are customer service and technical support?

Our experience with technical support has been extremely good. 

Which solution did I use previously and why did I switch?

This was the first implementation of such a product in the company.

How was the initial setup?

Setup is straightforward as long as you plan correctly.

What about the implementation team?

The initial setup was with the vendor. They have extremely good knowledge of the product and provide good support.

What was our ROI?

This solution provides PCI-DSS compliance, so ROI can be considered very good.

What's my experience with pricing, setup cost, and licensing?

The full license is expensive but if you plan to use it in a big organization then it is the best option because it is more flexible.

Which other solutions did I evaluate?

More options where evaluated, like Centrify and CyberArk, before we choose this solution.

What other advice do I have?

Before you decide, do a full analysis of your requirements and see if the product fulfills them. Performing such an analysis after the fact is going to be difficult.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Consultant at Controlware GmbH
Consultant
There is a very logical, clear user interface, and the integration of scripts is thoughtfully implemented
Pros and Cons
  • "It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage."
  • "The technical support is tremendous."
  • "The high availability function of the box requires a long time to switch over from one appliance to another."
  • "The automated change of the passwords, which is now integrated, could be improved to be more flexible regarding different systems."

What is our primary use case?

The primary use case for our customers is to monitor and audit external vendors, as well as keep track of internal actions when privileged user accounts are being used to access systems internally.

How has it helped my organization?

For our customers, it's much easier for them to be in line with audits. A lot of our customers work in the medical field, where it is important for them to keep track of external vendors, e.g., maintaining medical appliances inside of a hospital. This solution gives them real confidence that they can keep their customers safe and their data protected.

What is most valuable?

There are a variety of protocols that it supports.

The video-like stream and audit capabilities, in combination with its indexing capabilities to search for critical events quickly, are valuable features.

The transparent mode for privileged sessions is really nice because it keeps the integration quite smooth. Also, users don't have to change the way that they currently are used to working. 

It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage.

What needs improvement?

There are some features which are still missing compared to other competitors. For example, some customers need legacy VPN authentication capabilities.

The automated change of the passwords, which is now integrated, could be improved to be more flexible regarding different systems.

What do I think about the stability of the solution?

The overall stability has improved quite a bit throughout the years. The appliances run well, both virtual and physical. The product is pretty good, especially compared to other vendors and products.

What do I think about the scalability of the solution?

Because of the nature of the connections being monitored, you can load balance it quite well. It is easy to shift the load from one appliance to another. However, the high availability function of the box itself requires a long time to switch over from one appliance to another. So, there is room for improvement

How are customer service and technical support?

The technical support is tremendous. For large projects, we have had some challenges, but we were never left alone by the vendor. Also, in one case for a small customer, One Identity assigned one engineer to help with assessing the AD infrastructure of our customers, which was really helpful.

How was the initial setup?

The install and deployment are quite rapid. For a smaller project, sometimes it only takes us about two to three days to implement and get the policies inline. For larger projects, it's actually also not that long for the appliance itself. The product requires a lot of changes on the management side, how vendors work, and how you need to counsel people how to use it, especially in Germany. Then, they are monitored, which is the quite larger portion of it.

For our implementations in Germany, we implement an explicit model most of the time. Therefore, the transparent mode for privileged sessions has not been used that much in my projects.

What other advice do I have?

Look at the entire portfolio, since it has changed so rapidly. The capabilities have improved quite a bit. You need to make sure not to miss out on any features.

The Approval Anywhere for Privileged Passwords is a really good concept, because it enables admins to do other work, be more flexible, and work from home. However, we don't have any real experience with it yet, as we are looking into it at the moment.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Identity & Access Manager at Reist Telecom
Real User
We are able to demonstrate what has happened on systems and who did what, but we want to be able to generate CSRs from the interface for certificates
Pros and Cons
  • "The transparent mode for privileged sessions is one of the best things for customers, because they don't see the system in-between."
  • "The system is easy to manage, as it is not a system that you will change everything all of a sudden. It evolves most of the time with customer requests."
  • "For some users, the physical appliance has been a bit buggy."
  • "We would like to be able to generate certificate signing requests (CSRs) from the interface for certificates."

What is our primary use case?

We primarily use One Identity Safeguard for Privileged Sessions (SPS) for managing our customers' access to their critical systems.

How has it helped my organization?

We are able to demonstrate what has happened on the systems and who did what, when we have to investigate, in regards to audits using evidence.

What is most valuable?

  • Acting as a proxy
  • Session encryption
  • Flexibility of usage

The transparent mode for privileged sessions is one of the best things for customers, because they don't see the system in-between. Thus, it is transparent for them.

The system is easy to manage, as it is not a system that you will change everything all of a sudden. It evolves most of the time with customer requests.

What needs improvement?

  • We have not yet found the solution to be extensible through cloud-delivered services.
  • Our external indexers are able to integrate with a hardware security module (HSM), which is good. What we have now requested is the integration of HSM with the SPS solution to be able to not have to manage certificates and the private key outside of any tamperproof system.
  • We would like to be able to generate certificate signing requests (CSRs) from the interface for certificates. 
  • We would like to be able to manage the lifecycle of the archived audit traits. If they are on the box, the cleanup and archiving policies are applied, as soon as they are archived on the external share, this does not apply. We need our customers to not have to manually delete these archives.
  • From a web interface perspective, we would like to be able to duplicate connections, so we can reorder them.

What do I think about the stability of the solution?

We have not had a major issues regarding stability once we migrated our users onto the virtual solution. However, for some users, the physical appliance has been a bit buggy.

What do I think about the scalability of the solution?

As of now, we use mainly virtual and have not tested the scalability and high availability, because it is a new thing.

How are customer service and technical support?

The technical support is good. There has been great improvement to all the knowledge base articles available. Therefore, we are able to find a lot of solutions already when we create support requests.

It takes us a long time to make the people from product management and development to understand our needs, e.g., integrating this product with HSM.

Which solution did I use previously and why did I switch?

Because we are a service provider, we have to demonstrate that our systems are really tamperproof. We had that experience previously, and now again, with One Identity SPS, as the product fits our needs.

How was the initial setup?

The initial setup is quite simple, not complex. The installation documentation is good, so the installation is okay. You just need to read the documentation, understand how it works, and how it has to be integrated. Once you do your homework, it's quite easy.

What about the implementation team?

We are the integrator for the deployment.

To install and deploy the solution for the customers, we count one day for a workshop with all the people involved: network, business users, IT, support, etc. Then, for the implementation, it can take another one to five days.

What was our ROI?

It is the life of our customers because it brings a lot of security. So, the return on investment is really on all aspects of compliance, security, and audit.

Which other solutions did I evaluate?

We implement this solution upon customer request.

What other advice do I have?

Test it and its competitors. You will probably choose SPS.

Both the search functionality and speed have been greatly improved.

We are not using privileged passwords.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
MohamedEladawy - PeerSpot reviewer
Service Security Lead at Salam Technology
Real User
Scalable, reliable, and simple implementation
Pros and Cons
  • "I have found One Identity Safeguard to be stable."
  • "One Identity Safeguard can improve by having more integration with multiple devices."

What is our primary use case?

One Identity Safeguard is used by administrators to access their devices. They will log in using identity management in order to secure the administrator's login.

What needs improvement?

One Identity Safeguard can improve by having more integration with multiple devices.

For how long have I used the solution?

I have been using One Identity Safeguard for approximately one year.

What do I think about the stability of the solution?

I have found One Identity Safeguard to be stable.

What do I think about the scalability of the solution?

The scalability of One Identity Safeguard is good, we can add multiple devices.

We have approximately 40 administrates using this solution in my organization.

We plan to increase usage in the future.

How are customer service and support?

I have not contacted support.

How was the initial setup?

The initial installation was simple.

The full deployment took approximately a couple of months. Not because of the One Identity Safeguard, but because of us, we were busy doing other projects in parallel.

What about the implementation team?

We used a third-party vendor for the implementation and we had a good experience with them.

What other advice do I have?

My advice to others is One Identity Safeguard is a must to have because it's part of the cybersecurity framework, such as Nest ISO. We should have an identity management solution to manage the whole identity, such as privileged users.

I rate One Identity Safeguard an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free One Identity Safeguard Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free One Identity Safeguard Report and get advice and tips from experienced pros sharing their opinions.