One Identity Safeguard Reviews

We have more than 1,000 servers or application servers, and we have several layers of teams. We have super admins, system admins, and operations staff, and we also have application vendors using the system. In such a large environment, it was really difficult for us to do identity management on a daily basis. We had new people joining the team, and we also had people leaving. We had to put in additional manpower to monitor these activities and comply with the regulations. That was the main reason we moved to automation with the One Identity solution. We are using their Privileged Account Management solution.

We have virtual appliances. We don't have physical ones.

We have several data centers located all over the globe. Previously, if someone needed access or certain permissions, we had to manually go to our Active Directory, identify the user, and give permission. We had to do that one by one. When we had hundreds of new joiners, it was a time-consuming activity. Sometimes, this activity would take more than two days. One Identity has made all this easier. Monitoring has become much easier, and I can invest the energy in other things instead of monitoring which user is doing what. It has become a one-console management for us.

For my team, it has reduced the task of monitoring who did what and using which ID by 80%. They only have to do 20% of the work than before.

We are using all of the access features. It is much easier for a new user to adopt this solution. It also works perfectly fine with a VPN.

All the features are promising, but we love the reporting feature because we can get each and every report. That's a major compliance requirement. Its reporting is really amazing, and it has made life a lot easier.

Its setup is quick. It is easy to set up and operate. It doesn't matter whether you have a deep IT background or not.

Cost-wise, it is a little bit expensive, which makes it difficult to get management approval. Its price should be reduced.

In terms of features, I'm completely satisfied with it. I am not expecting any more features. Its cost is the only issue. Everything else is okay.

We introduced this product in our organization in 2014.

It is pretty stable.

It is very scalable. We recently increased the number of licenses. Previously, we had a thousand servers, but now, the number has increased. The number of users has also increased. So, we upgraded our system. 

We are using it mostly for privileged users, developers, and system administrators. In total, we have around 300 users. We have plans to increase its usage. We have some upcoming projects where we want to use it on a larger basis. We have plans to use it for DevOps users and third-party vendors, but it will take a little bit of time.

We have not integrated the solution with any other parts of the business, such as DevOps, RPA, or cloud targets. We are evolving day by day. We are upgrading our technology, and we have plans to do that in the future.

We had premium support initially, but we don't require that now. We didn't encounter any critical issues. We are using their regular support. I would rate their support a nine out of ten.

Positive

We were not using another solution previously. Privilege management was a really tough task before the One Identity solution.

It was straightforward. Of course, when you are introducing a new product, you need to do a little bit of research, but the steps were very simple. You don't need much technical knowledge, and you don't need to go so deep to do the configuration. You can just have a look at the setup start guide. Anyone should be able to do it easily.

Our deployment took around six months because we did a few PoC. We also tested it in different system environments before bringing it to the production environment. Out of these six months, we spent almost two months doing the PoC with other products, and then for two months, we put it in the UAT environment or the test environment, and then we brought it into the production environment. So, overall, it took six months for the rollout.

The deployment wasn't disruptive for our privileged users because they were working with the old method while we were implementing it. So, there was no pause during the implementation. Once we completely rolled out One Identity, they started using it.

To start using the solution, you at least need knowledge of the policies and configurations available. You require a little bit of training because one change is going to impact thousands of users.

When we did the deployment, we had a team of about 30 people. Now, we don't have a dedicated team for its maintenance. We have a team of about 15 people doing other activities and managing various technologies, including One Identity.

I have definitely seen an ROI. It is not necessarily in terms of cost. My work has reduced, and I'm able to focus the saved energy or time working on other technologies or implementing new things in other areas of my organization.

Its subscription cost is too much, and sometimes, it is very difficult to pitch the solution to the management for cost approval. If the cost is reduced a little bit, it would be easier. If its cost was less, many other organizations that currently cannot afford it would be able to use this technology. I'm sure many organizations around the globe are having issues with identity management, and it is a very difficult task for IT to manage privileged accounts.

We did PoC to identify different solutions. We tried several solutions, but it didn't work out. We did a PoC with the One Identity solution, and it was easy to manage because it helped us to meet all the compliance requirements and do other things. That's why we went with this solution.

I would recommend it if you are looking for a privilege management or identity management solution. If you are having challenges with reporting and compliance, it will certainly be helpful because you will get a lot of details for auditing and monitoring purposes.

I would rate it a nine out of ten. It is an amazing product, but its cost needs improvement.

The first time I used One Identity Safeguard was when I was the manager of the infrastructure of Ayendeh Bank, and we are currently using it now at my present company.

Our main use case is in security reviews for all of the change management and incident management services, and we also use it for the VPN connection for PAM. It allows us to review everything that goes on over the working day.

For example, our third-parties who support all of our services, including network services (e.g. Cisco) and our Linux servers, are eligible to connect via the VPN, and through One Identity Safeguard, they are able to make contact with and use the various services.

Our company works alongside various PSPs (Payment Service Providers),
and our work here is mainly to prepare the software switch for them, and
to handle the SLA for infrastructure maintenance services. Due to the nature of our work, we also use One Identity Safeguard for on-call and direct administrators whether they are in-house or external to our company. It is, in fact, the main tool for managing access for all the services. And because of that, I'm available for these companies 24/7 all year long.

At present, we have around 17 direct users of One Identity who use it on a daily basis, which includes 10 people from my own department.

The first feature I like about One Identity Safeguard is the live contact point for the VPNs. This has been working very well for us, as it's both highly available and reliable.

The second thing I like is the services that let us review all the contacts and take all the passwords from another administrator. These services are very reasonable. For instance, some of the third-parties will leave our company and support, but then fail to relinquish the usernames and passwords. With the security orchestra that One Identity Safeguard provides, this is no longer a problem.

We currently have a problem with the Active Directory integrations on Windows. Some of our users need to be logged with Active Directory, but we are having communication issues between One Identity and Active Directory. It seems that Active Directory is not well-integrated.

Apart from that, when we are using the interactive login, such as when logging in and going inside the site for support, we find that we need to repeat the username and password, sometimes even two or three times.

When it comes to suggestions for new features, I would like to see something along the lines of an automated command prevention system. To elaborate, sometimes we will have users who input unsafe commands, and we would like to prevent those commands from being processed, and to be able to identify those users who sent the commands.

I believe some kind of automation, possibly based on AI, would be appropriate for this, and it would help the administrators and managers to more easily prevent these kinds of incidents. Part of my role is to reduce the number of total incidents, and if we had an automated mechanism to prevent unsafe commands from being entered in the first place, it would help a great deal.

I have been using One Identity Safeguard for about six years.

I can say that it is 100% stable because during the past two years we have not had a single problem with stability.

In our company, the scalability is good enough for us at present. In my department, there are ten direct users, and outside my department there are another seven direct users. Perhaps when we increase our customers, we will scale up further.

At present, because of the sanction department for technology in Iran, we cannot use the direct customer support. Instead, we use third-party support. For example, we have a contact point with a company who has branches in Turkey, and they are taking the tickets for Safeguard. Before that, with Balabit, we got responses in less than 24 hours.

Positive

Before Safeguard, we were using Balabit. However, Balabit has now been acquired by One Identity.

Another solution that was being used by some of the other companies I consulted for was WALLIX Bastion. Using WALLIX was a really different experience. With One Identity, we have no problems with connections or slow communications in the network, but with WALLIX there were many problems to do with the networking. Sometimes the servers would even crash or hang, but none of these issues have been found in Safeguard. By comparison, Safeguard is much better in terms of performance, networking, and server stability.

There were no real problems with the setup. Regarding the ease of installation, if you have a professional team, then it is easy. But, for example, if it's your first time setting it up as a junior administrator, then it can be quite difficult. I would Safeguard a 3.5 out of 5 in terms of how complex the initial setup is.

We used an in-house team for the implementation, because myself and the other companies we work with have a lot of experience in it. Thus, for us, it was no problem to implement.

The license is very expensive for us, partly due to inflation and partly because of the exchange rate between the Dollar and the Iranian Rial. We purchased a perpetual license that we've been using up until now, but I believe that we are not going to update it in the future. Instead, we plan to find another third-party  to support us with the license, in the sense that we would have access to their license as a shared agreement.

I would rate One Identity Safeguard a nine out of ten.

I work for a bank, and we use Safeguard to manage access to our Internet banking services. We use Safeguard for two things: identity and access management and detection recording. We have our services onboarded on SysTrack doing RDP directly to the servers or station, and we use virtual appliances for collection. The solution covers around 150 users at this organization. 

I like Safeguard's snapshot feature that enables us to review the last time an application was opened and by whom. If there are any issues, we can look behind the scenes to see what has been done. We can suspend a user's access or close off a server. 

We've had issues managing accounts and access to some data saved on the servers. Accounts are granted a new working certificate daily. We have an account to do it on APIs online and sync it with that. If the path changes at some point or someone changes the password, I don't know if it's from the Active Directory or what. 

I have used Safeguard for one year.

Safeguard is stable. 

It's scalable, depending on the solution case. I don't know if it's domain-based because it was not restricted. We're gradually moving to the Azure cloud.

One Identity support is okay. 

Deploying Safeguard was straightforward.

I rate One Identity Safeguard eight out of 10.

We use Safeguard for managing privileged passwords only, using physical appliances.

So far, I haven't seen any type of improvement from using this solution when compared with other products in the identity and access management space. It has been neutral.

I like the discovery functionality and the change password feature through the check-in. I also like the bulk import with the help of templates that come with it out of the box. With the help of these few features, my tasks are made easier.

We also use the Secure Remote Access feature for privileged users. Access is based on group membership and with that membership they connect to the remote machine. It's an easy process to manage. 

The main thing that needs improvement is the slowness. Apart from that, the change password check-in feature also needs improvement because it is not working perfectly accurately.

I have been using One Identity Safeguard for the last two and a half years. I work as an implementer and provide support operations to our clients.

It's not a stable solution, but it's not bad. It's neutral in terms of stability.

It's not scalable.

We are not using their Premier Support, but I am okay with the vendor's regular support. But if the product is running on an unsupported version, that is a very negative point. They should support unsupported versions as well so that their customers are not stuck somewhere in between.

Neutral

As an organization, we are using other PAM solutions for other projects, but I'm not sure which other solutions are in use.

The initial setup for Safeguard is straightforward. Because it was deployed a long time ago in our organization, before my tenure, my expertise is based on adding to clusters. If we are going to add clients within a cluster, it depends on the speed, meaning how the network connectivity is between the cluster and the target device.

In terms of the effect of deployment on users, they are provisioned, with the help of group membership, into Safeguard. Once they are assigned to a particular group, they can follow the previous sites. Based on the previous site, they can log in and check out the password of their privileged account.

As for the amount of training needed, it depends on the solution. If the solution is only for privileged passwords, about three weeks' training is required to understand the solution. And if the server for privileges is also integrated with the solution, it will take a month or as much as 45 days.

We have an implementation team and an operations team. Between them, there are a total of five or six people required for this solution to deploy and maintain it.

I'm not aware of the product cost, but if it's going to cost more, first they have to maintain and stabilize the product.

My impression of the form factor of the Safeguard physical appliance is not good and not bad. It's neutral. Similarly, feedback about the usability and functionality is neutral.

My advice, if you have the budget, is to buy other products, like CyberArk Privileged Access Manager or BeyondTrust Endpoint Privilege Management. If you don't have that kind of budget you can use this product.

We use the on-demand version. We use the solution for monitoring and connection to the customer's server for Windows and Linux.

It's easier to connect to the server and it makes it more secure. We've seen about a 40% improvement in that regard.

The monitoring system is very good.

It has a very nice user interface.

The product is very fast to implement.

We use the solution's transparent mode for privileged sessions.

There is a lack of documentation and many problems with the plugins.

I did run into problems with transparent mode for privileged sessions. We didn't connect correctly to the server. It was an issue we had with the customer's server, not the product itself.

The security of the connection could be improved. 

I've been using the solution for one year. 

It's not completely stable. Sometimes the newest version does not support an older version.

The solution is not so scalable. 

Mabe 20 or so users are leveraging it in our organization. They are admins. 

We use regular support. The response times are too long. Sometimes it could take days. 

Positive

I previously used CyberArk. I changed companies, and now I work with this product. I find Safeguard to be easier to implement, however, it does lack documentation.

It is fast to implement. 

While the process is not technically complex, there was a lack of documentation and we had to figure out how to do it ourselves. The deployment took three weeks. We had two people working on the process.

We have yet to witness an ROI.

The solution is offered at a good price. We pay a monthly fee. I'm not sure of the exact cost we pay.

I'm a product partner. 

We are using the latest version of the solution. 

I have yet to use the cloud assistant feature, so I can't say much about that aspect of the solution. We also do not use the solution's secure remote access feature for privileged users. We don't have it integrated with DevOps or RPA.

While basic knowledge is important, there isn't much training required to start using the solution. 

I'd rate the solution six out of ten.

One Identity Safeguard is used by administrators to access their devices. They will log in using identity management in order to secure the administrator's login.

One Identity Safeguard can improve by having more integration with multiple devices.

I have been using One Identity Safeguard for approximately one year.

I have found One Identity Safeguard to be stable.

The scalability of One Identity Safeguard is good, we can add multiple devices.

We have approximately 40 administrates using this solution in my organization.

We plan to increase usage in the future.

I have not contacted support.

The initial installation was simple.

The full deployment took approximately a couple of months. Not because of the One Identity Safeguard, but because of us, we were busy doing other projects in parallel.

We used a third-party vendor for the implementation and we had a good experience with them.

My advice to others is One Identity Safeguard is a must to have because it's part of the cybersecurity framework, such as Nest ISO. We should have an identity management solution to manage the whole identity, such as privileged users.

I rate One Identity Safeguard an eight out of ten.

We primarily use the solution to manage passwords and use for the RDP access. 

Our infrastructure is three SPPs and two SPSs. This is across 1,000 users and approximately 500 targets. 

Safeguard can define and update processes and procedures into the security framework of a company, including mobile. It allows us to change the policies and configurations on a mass scale in regards to security.

The most interesting thing about this product is it is very easy to implement and configure as well as its usability. Also, for the final user, the work experience doesn't change when using the SPS for the Linux administrator, which is fantastic. You change only a little bit of the connection. Everything else is really easy.

I just received a question from a customer in regards to a connection with Oracle OID. I tried to integrate Safeguard with the Oracle YAML as well as something else to manage the groups and users from a different system, like AD or LDAP. This one feature could be better. At this moment, the platform system can only use the integration with LDAP or AD. The software for research and development to create a connector to a YAML platform can be very complicated.

I started using it two years ago.

It is a very stable system. There are no problems when using the platform.

The scalability is fantastic. It is very easy to connect and use the solution, if you need it.

There are two different supports: one for SPS and another for SPP. The technical preparation of the support is very high. They have very quickly given me the solution for a couple of issues that I have seen.

We switched from CyberArk to Safeguard. In order to manage CyberArk, it is a very big effort. The platform is very complex. The management system of Safeguard is very easy. Also, the configuration for the targeted user is easier in Safeguard rather than CyberArk. Lastly, the cost of CyberArk's licensing is very expensive.

We try to understand what the customer needs in order to fit the solution for what they want, then we plan all the activities based on that.

We can deploy the system in a couple of days, then the system is up and running. The next step is importing the whole system. The time frame of this depends on many targets the customer has, but it doesn't take too long.

I work at a system integrator, designing and implementing the solution for our customers. I think our customers see a return of the investment using this solution.

Safeguard is cheaper than CyberArk.

It is a good solution. There is no limit to its usage in a company, e.g., IT or financial.

Check the basic rules in the documentation because the solution is easy to use.

I would rate the solution as 10 out of 10.

Our company is regulated by the central bank in our country. There are about 4,000 employees in our organization. 

Our main need was to reduce the operational cost of our department by increasing the window of operations to 24-hour rather than have office unemployment. 

We are now digitizing the access control function through One Identity. Whoever forgets their password can reset it on their own rather than reaching out to the security desk. Whenever we have a new employee, we found that it was taking at least two days to get them a username or access to the system. Now, once they are logged into the organization and are registered on our ERP system, their complete access will be ready within five seconds. They will receive an SMS with their username and password so they can start working. This has increased efficiency and effectiveness of the access control function. It has reduced operational costs as well as providing services 24/7 with a platform that can be used anytime and anywhere for investigation in case we have a requirement. 

We use the physical appliances, as they are more reliable. Around the world, dedicated appliances are more reliable than having a virtual version/copy. We went with the physical appliances because they are dedicated and closed like a black box. However, we haven't reported any misses with the virtual version. 

We use the solution’s Approval Anywhere feature which enables us to add an extra layer of security for critical passwords without adding time-consuming approval processes. In the past, we were having problems when a user went on vacation. There were many recalled cases of password sharing. When we received this type of incidence and started to investigate, we found out the past setup had no solution. For example, if someone with a daily duty went on vacation, they still had to do it within the office. That is why sometimes people tried to justify the sharing of passwords by the importance of their duties. Now, by using this platform, if someone goes on a vacation, out of office, or needs urgent/planned leave, then our setup will select the functions tied to that person and automatically delegate them to the next person. That person can start performing that duty based on their access. No sharing of passwords is required.

The multilanguage functionality does not support the Arabic language, even though this solution is deployed in an Arabic region. However, it matches our criteria and requirements overall.

One Identity is using a third-party to create one-time passwords. Due to our security restrictions, we needed to build our own. When we discussed this with One Identity, "Why they don't provide a technology that can be hosted on our data center and be built by One Identity," they said they are using a third-party. This was their justification, so I think it's based on their strategy and there's no harm using a third party. However, we were having an issue using a third-party.

I have using this solution for about six months. The project started about one year back. We started product introduction through phases. We went full-fledged with One Identity using Cloud Access Manager, Password Manager, and Privileged Access Management along with identity and access management.

We have been trying to stabilize the system until now. We haven't had the chance to revisit the deployment to find out if there are any expansion plans, as we are working to sustain the set up. We want to increase end user awareness and start building the number of reports.

I didn't have a requirement to test the scalability of the solution. We did discuss the scalability with the system integrator at the beginning, and it's on the license level. I don't think we will have an issue once we come to the point of needing to scale.

We have 3,000 end users and 10 administrators.

I haven't had a chance to work the One Identity technical team. We work with the local partner instead.

None of my team has gone for training yet. However, they did have a handover for operation of the solution. It doesn't need that much training as long as you know the basics of access control functions. End users only need to have a tutorial to the portal. This is what we provide: a tutorial for how to use it and the know-how.

We previously were using a manual process. One Identity helped us to automate this process.

We integrated One Identity with our ERP system (Oracle) and also with our security operations center (Splunk). The integration went perfectly. It was an easy connection. We built the connectivity directly through the API. What we found time consuming: the setup and connecting One Identity. E.g., Oracle takes more time than Splunk to connect because Splunk's system is ready to send the security logs to the security operations centers. With Oracle, the integration depends on the business needs and there are a number of different requirements based on those business needs. The enhancement One Identity made is the historical part related to system access control goes through our SOC to this tool.

My team worked on the initial setup. I don't remember any critical escalations related to technicalities during their field deployments. The local system integrator helped us with any deployment challenges. There was zero disruption to privilege users during the deployment, which can be attributed to the work of the project management team. The deployment took about six months using two outsourced resources.

For the consultation services, we went with a well-known, famous system integration company (Exceed Gulf), who is local. They were cooperative, experienced, and professional. They have led many successful deployments in our region. Sometimes, they provide better advice when we are releasing an RFP to the market, e.g., when they got this RFP, they added value by doing a slight amendment to the deployment. This contributed a lot to the success of this project. Their advice comes based on their experience in the deployment for such a solution in our region. I strongly recommend working with Exceed Gulf and the same team that we worked with, as their technical skills were perfect.

We have not yet seen ROI. The benefit that we get from using One Identity is that it reduces operational costs.

We have a yearly license. The cost depends on how much a company wants to invest in technology. In our organization, we believe in modern digitization and automation processes so we found it affordable. One Identity was not that much less than other solutions and it is not a cheap solution. There were number of cheaper solutions. However, it's the most effective, according to our evaluation.

When we started thinking about approaching such a solution, there was an increased need to digitize or have a platform that helped to provided access control functions. There were a number of solutions in the market, like Oracle and Microsoft. One Identity (per our evaluation) was our selected solution. One Identity won when we match these criteria against other solutions in the market:

• Support
• The system integrator
• Strength of the solution
• Complexity of the solution (less complex than other solutions).

Make sure to always get the support. This solution could not be successfully implemented with no support of the HR and procurement system. You will need to mature all of your HR and procurement processes to do the deployment in a secure manner. This is a security solution, not an IT solution. If you want to deploy it as a security requirement, you need to ensure that the HR and procurement processes are correctly in place. You can use it as a technology solution, because not all the technology requires security, but all security requires technology.

We haven't activated the session recordings yet. We have tested it, and while it worked successfully, we didn't apply it fully because of internal technical issues.

All the logs in the system are recorded and sent to our security operations center (SOC) for analysis. In our SOC, we have end user behavior analysis, but do not depend directly on One Identity to provide this. However, I might ask to have a report for the user behavioral analysis going forward.

I can rate the solution as an eight (out of 10).