One Identity Safeguard Reviews

We introduce One Identity Safeguard to customers, primarily Italian customers who need to partner with solutions that protect their target resources.

What I like about One Identity Safeguard is its interface, which is easy to understand, even for people new to the product. I also like that the solution collects data without any access to the machine, plus it has a feature that lets people explore access to machines within a network.

Regarding the usability and functionality of One Identity Safeguard, the most common feedback I receive from users is that the solution is easy to use and can easily move data.

I also like that One Identity Safeguard lets you configure the maximum number of connections to the target, a configuration I didn't find in its competitor.

My customers use the transparent mode for privileged sessions in One Identity Safeguard, and it is easy to use, though it may be more difficult to configure. I haven't received any customer complaints about that feature, so it's not that difficult to use.

To start using One Identity Safeguard in terms of training for people who manage the solution and the end-users, my colleague and I took a course from One Identity. That training was enough for the basic features, but for some other features, my colleague and I had to create some tickets, though he and I know the database and processes. For users, it is easy because my company provides them with a two-page resource manual with screenshots. Then, I spent some time with the managers to show how One Identity Safeguard works, which is very easy because I've used the solution before. 

The analytics interface of One Identity Safeguard is also easy to understand.

A feature I found in a competitor would make One Identity Safeguard better, and that is the ability to load balance the traffic in the target. For example, in two machines with some applications, I would like to balance traffic between the two machines with the help of One Identity Safeguard. It would be great if the solution allowed users to add some applications to a cluster and balance the traffic between the applications.

I've been working with One Identity Safeguard for customers for six months.

Stability-wise, One Identity Safeguard is okay. It's been running for almost one year, and there's no problem with its stability, so, in terms of stability, it's a seven out of ten for me.

The scalability, including the clustering for One Identity Safeguard, could be improved. It is fair right now, scalability-wise, and from an engineering perspective, it may not be as easy to do that because the appliance would have to be encrypted, and there's a security requirement. Still, it would be nicer if scalability could be improved in One Identity Safeguard.

Support for One Identity Safeguard could be improved because sometimes the support team doesn't have an answer or solution for some bugs. Support-wise, it's an eight out of ten for me.

Positive

I used a different solution previously, but One Identity Safeguard could limit the maximum number of connections to a target. The other solution, on the other hand, could not do that but has a load-balancing feature.

My company deploys One Identity Safeguard for customers, and I found the process easy.

My customers use the One Identity Safeguard virtual appliances.

I have not used the Cloud Assistant feature of the solution.

I have not used the Remote Access feature for privileged users in One Identity Safeguard.

My company does not integrate the solution with any other parts of the business, such as development, operations, and RPA. It was just tested but not rolled out in production.

In terms of how the deployment of One Identity Safeguard affects privileged users may be a complex question because the customer didn't have a previous infrastructure. The customer is now building the infrastructure, so it's a dynamic environment. The customer doesn't have an old environment.

I'm a One Identity Safeguard integrator, and my company also resells it.

Regarding maintenance, usually, it's not required. Still, sometimes a user could complain about not being able to access passwords in One Identity Safeguard or that there is some misconfiguration I need to analyze, and in the end, the issue is with the target appliance and not One Identity Safeguard.

My rating for One Identity Safeguard is eight out of ten overall.

We use Safeguard for managing privileged passwords only, using physical appliances.

So far, I haven't seen any type of improvement from using this solution when compared with other products in the identity and access management space. It has been neutral.

I like the discovery functionality and the change password feature through the check-in. I also like the bulk import with the help of templates that come with it out of the box. With the help of these few features, my tasks are made easier.

We also use the Secure Remote Access feature for privileged users. Access is based on group membership and with that membership they connect to the remote machine. It's an easy process to manage. 

The main thing that needs improvement is the slowness. Apart from that, the change password check-in feature also needs improvement because it is not working perfectly accurately.

I have been using One Identity Safeguard for the last two and a half years. I work as an implementer and provide support operations to our clients.

It's not a stable solution, but it's not bad. It's neutral in terms of stability.

It's not scalable.

We are not using their Premier Support, but I am okay with the vendor's regular support. But if the product is running on an unsupported version, that is a very negative point. They should support unsupported versions as well so that their customers are not stuck somewhere in between.

Neutral

As an organization, we are using other PAM solutions for other projects, but I'm not sure which other solutions are in use.

The initial setup for Safeguard is straightforward. Because it was deployed a long time ago in our organization, before my tenure, my expertise is based on adding to clusters. If we are going to add clients within a cluster, it depends on the speed, meaning how the network connectivity is between the cluster and the target device.

In terms of the effect of deployment on users, they are provisioned, with the help of group membership, into Safeguard. Once they are assigned to a particular group, they can follow the previous sites. Based on the previous site, they can log in and check out the password of their privileged account.

As for the amount of training needed, it depends on the solution. If the solution is only for privileged passwords, about three weeks' training is required to understand the solution. And if the server for privileges is also integrated with the solution, it will take a month or as much as 45 days.

We have an implementation team and an operations team. Between them, there are a total of five or six people required for this solution to deploy and maintain it.

I'm not aware of the product cost, but if it's going to cost more, first they have to maintain and stabilize the product.

My impression of the form factor of the Safeguard physical appliance is not good and not bad. It's neutral. Similarly, feedback about the usability and functionality is neutral.

My advice, if you have the budget, is to buy other products, like CyberArk Privileged Access Manager or BeyondTrust Endpoint Privilege Management. If you don't have that kind of budget you can use this product.

The primary use case for our One Identity Safeguard solution is to optimize security across private accounts, accounts which can be secured upstream and downstream. The solution enables us to implement encryption protocols across channels. It is designed so that depending on the cryptographic case, different policies can be applied in correlation. 

I don't think it's improved our organization internally. I've had to suspend workflows and focus my time and attention on creating technical, instructional, documentation regarding user procedures and practices.

The majority of the features offered with this solution are the same as with other similar systems. The most unique and valuable features are the upstream and downstream throughput capacities; the Safeguard platform provides agile integration.

In actuality, all the features are valuable. They're good and user-friendly.

The technical support for this solution needs to be immediate, intuitive, and responsive especially as it refers to supporting ticket submissions and processing.

Furthermore, we've had trouble understanding how certain policy framework applies. I would like to see clearly laid out policies or better support and explanations around policy dynamics.

The stability and downtime of the solution could also be upgraded to include a messaging function which would give users a clear understanding of what's happening without having to navigate to a particular section of the page.

Lastly, I would also like to see the price reduced.

It's very stable. There are about 150 users, mostly administration, currently using this solution in our company. We don't encounter many problems with the system.

I am encountering issues when it comes to the scalability of the solution.

Our experience with technical support has been disappointing. We require more prompt and faster response times. We require answers to our questions right away but we haven't received that level of support.

The initial setup was very easy. We followed the given instruction protocol. We also used white papers when necessary for clarification and better understanding. It only took us one month to implement.

We used an integrator for the deployment. It was a good experience. 

Setup cost, pricing and licensing are all very expensive.

We are very pleased with the Safeguard platform feature. You can't find this technology anywhere else.

On a scale from one to ten, one being the worst and ten being the best, I would give this product a nine rating. If the technical support was better I'd give it a 10 out of 10.

We use One Identity Safeguard to manage our privileged accounts.

We use One Identity Safeguard on both physical and virtual appliances.

One Identity Safeguard uses a secure remote access feature that does not use a VPN. This is important because it is cheaper and more secure than implementing a VPN for remote access.

People can start using the solution after five days of training.

We don't need to use VPN for remote access.

One Identity Safeguard is slow and not user-friendly.

Managing remote access for privileged users is difficult because it requires a lot of customization.

Current integration with other solutions requires custom API development. I would like to see out-of-the-box integration built into One Identity Safeguard, similar to other solutions.

The deployment affects our privileged users because it takes a long time for them to request privileges, which impacts the SLA.

I have been using One Identity Safeguard for nearly three years.

One Identity Safeguard is unstable. Many bugs affect its performance, particularly when generating bundle batches and performing discovery.

One Identity Safeguard is scalable, but its performance degrades as it is scaled up.

Customer support is a nightmare. They take a long time to respond to tickets, and when they don't understand the issue, they stall by requesting logs.

Negative

I previously used BeyondTrust Endpoint Privilege Management, which is a better solution because it includes recording and remote access out of the box, whereas One Identity Safeguard requires us to integrate each of those components separately. Additionally, each component is a different appliance.

The initial setup is straightforward. The installation takes a couple of hours. One person is required for the deployment.

One Identity Safeguard is expensive and the cost goes up as we scale.

Licensing fees increase as we expand, as does the cost of basic support, which allows us to open tickets. Additionally, we must pay to update outdated appliances.

I would rate One Identity Safeguard three out of ten.

I only recommend One Identity Safeguard for small businesses.

When using One Identity Safeguard, we need to be patient.

I work for a bank, and we use Safeguard to manage access to our Internet banking services. We use Safeguard for two things: identity and access management and detection recording. We have our services onboarded on SysTrack doing RDP directly to the servers or station, and we use virtual appliances for collection. The solution covers around 150 users at this organization. 

I like Safeguard's snapshot feature that enables us to review the last time an application was opened and by whom. If there are any issues, we can look behind the scenes to see what has been done. We can suspend a user's access or close off a server. 

We've had issues managing accounts and access to some data saved on the servers. Accounts are granted a new working certificate daily. We have an account to do it on APIs online and sync it with that. If the path changes at some point or someone changes the password, I don't know if it's from the Active Directory or what. 

I have used Safeguard for one year.

Safeguard is stable. 

It's scalable, depending on the solution case. I don't know if it's domain-based because it was not restricted. We're gradually moving to the Azure cloud.

One Identity support is okay. 

Deploying Safeguard was straightforward.

I rate One Identity Safeguard eight out of 10.

The primary use case for our customers is to monitor and audit external vendors, as well as keep track of internal actions when privileged user accounts are being used to access systems internally.

For our customers, it's much easier for them to be in line with audits. A lot of our customers work in the medical field, where it is important for them to keep track of external vendors, e.g., maintaining medical appliances inside of a hospital. This solution gives them real confidence that they can keep their customers safe and their data protected.

There are a variety of protocols that it supports.

The video-like stream and audit capabilities, in combination with its indexing capabilities to search for critical events quickly, are valuable features.

The transparent mode for privileged sessions is really nice because it keeps the integration quite smooth. Also, users don't have to change the way that they currently are used to working. 

It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage.

There are some features which are still missing compared to other competitors. For example, some customers need legacy VPN authentication capabilities.

The automated change of the passwords, which is now integrated, could be improved to be more flexible regarding different systems.

The overall stability has improved quite a bit throughout the years. The appliances run well, both virtual and physical. The product is pretty good, especially compared to other vendors and products.

Because of the nature of the connections being monitored, you can load balance it quite well. It is easy to shift the load from one appliance to another. However, the high availability function of the box itself requires a long time to switch over from one appliance to another. So, there is room for improvement

The technical support is tremendous. For large projects, we have had some challenges, but we were never left alone by the vendor. Also, in one case for a small customer, One Identity assigned one engineer to help with assessing the AD infrastructure of our customers, which was really helpful.

The install and deployment are quite rapid. For a smaller project, sometimes it only takes us about two to three days to implement and get the policies inline. For larger projects, it's actually also not that long for the appliance itself. The product requires a lot of changes on the management side, how vendors work, and how you need to counsel people how to use it, especially in Germany. Then, they are monitored, which is the quite larger portion of it.

For our implementations in Germany, we implement an explicit model most of the time. Therefore, the transparent mode for privileged sessions has not been used that much in my projects.

Look at the entire portfolio, since it has changed so rapidly. The capabilities have improved quite a bit. You need to make sure not to miss out on any features.

The Approval Anywhere for Privileged Passwords is a really good concept, because it enables admins to do other work, be more flexible, and work from home. However, we don't have any real experience with it yet, as we are looking into it at the moment.

We primarily use One Identity Safeguard for Privileged Sessions (SPS) for managing our customers' access to their critical systems.

We are able to demonstrate what has happened on the systems and who did what, when we have to investigate, in regards to audits using evidence.

• Acting as a proxy
• Session encryption
• Flexibility of usage

The transparent mode for privileged sessions is one of the best things for customers, because they don't see the system in-between. Thus, it is transparent for them.

The system is easy to manage, as it is not a system that you will change everything all of a sudden. It evolves most of the time with customer requests.

• We have not yet found the solution to be extensible through cloud-delivered services.
• Our external indexers are able to integrate with a hardware security module (HSM), which is good. What we have now requested is the integration of HSM with the SPS solution to be able to not have to manage certificates and the private key outside of any tamperproof system.
• We would like to be able to generate certificate signing requests (CSRs) from the interface for certificates. 
• We would like to be able to manage the lifecycle of the archived audit traits. If they are on the box, the cleanup and archiving policies are applied, as soon as they are archived on the external share, this does not apply. We need our customers to not have to manually delete these archives.
  
• From a web interface perspective, we would like to be able to duplicate connections, so we can reorder them.

We have not had a major issues regarding stability once we migrated our users onto the virtual solution. However, for some users, the physical appliance has been a bit buggy.

As of now, we use mainly virtual and have not tested the scalability and high availability, because it is a new thing.

The technical support is good. There has been great improvement to all the knowledge base articles available. Therefore, we are able to find a lot of solutions already when we create support requests.

It takes us a long time to make the people from product management and development to understand our needs, e.g., integrating this product with HSM.

Because we are a service provider, we have to demonstrate that our systems are really tamperproof. We had that experience previously, and now again, with One Identity SPS, as the product fits our needs.

The initial setup is quite simple, not complex. The installation documentation is good, so the installation is okay. You just need to read the documentation, understand how it works, and how it has to be integrated. Once you do your homework, it's quite easy.

We are the integrator for the deployment.

To install and deploy the solution for the customers, we count one day for a workshop with all the people involved: network, business users, IT, support, etc. Then, for the implementation, it can take another one to five days.

It is the life of our customers because it brings a lot of security. So, the return on investment is really on all aspects of compliance, security, and audit.

We implement this solution upon customer request.

Test it and its competitors. You will probably choose SPS.

Both the search functionality and speed have been greatly improved.

We are not using privileged passwords.

We use this solution to separate the office environment from the production environment with a secure network zone. All user sessions go through One Identity Safeguard before they can reach the production environment. All sessions are audited and they are indexed/searchable through the GUI. Some of the data are transferred to our SIEM solution. For the moment we use the product for RDP and SSH sessions. We are going to use it for Citrix farms also in transparent mode. 

All user sessions are going through Safeguard. They are all audited and secured with forcing the minimum security settings on the side of the user. With this setup, you can easily secure all of the connections to the production environment from the office. Especially if you have a lot of different places connecting to the production environment, it is a PCI DSS requirement that you secure the flow. In our company we already audited the product as part of the PCI DSS certification.

The most valuable feature is auditing the sessions. All of the sessions (RDP, SSH, Citrix) can be audited and replayed on demand.

Complete indexing on SSH sessions means that all commands are searchable after indexing.

Management of the farm of appliances. When you have more than one server to handle the traffic, you need to configure everything on each console and maintain seperately. The cluster feature is coming in the next versions, until then you can handle with some scripts but its not straight forward. In case you want to use a farm of appliances instead of one you should consider this.

Monitoring of the platform should be easier and more functional so that you can have a clear picture of the running service. Again when you have a farm of appliances you need to have all the monitoring data centrally so you know what is happening with the overall service. This feature is missing. You have to go on each server to see what is the status there.

We have been using this solution for two years.

This is an extremely stable product. Outages depend only on your environment. The service can run smoothly forever, depending on your company's setup and possible maintenance outages.

No problem to scale. It's always a good option to use a load balancer in front of the solution to handle the traffic.

Our experience with technical support has been extremely good. 

This was the first implementation of such a product in the company.

Setup is straightforward as long as you plan correctly.

The initial setup was with the vendor. They have extremely good knowledge of the product and provide good support.

This solution provides PCI-DSS compliance, so ROI can be considered very good.

The full license is expensive but if you plan to use it in a big organization then it is the best option because it is more flexible.

More options where evaluated, like Centrify and CyberArk, before we choose this solution.

Before you decide, do a full analysis of your requirements and see if the product fulfills them. Performing such an analysis after the fact is going to be difficult.