We use One Identity Safeguard as a central control point for all our privileged access, which helps standardize the access policies across teams and platforms. We also use it for the approval workflows, which are enforced for high-risk systems and add an extra security layer for production access. I have been using it for one and a half years. The best feature I appreciate is the session proxying and recording. It provides transparent session access for admins without exposing the real passwords. Another valuable feature is automated password rotation, which changes the credentials automatically after each use or on a schedule. It reduces the risk of leakage and reuse of passwords. Additionally, the approval workflow and the access request feature add governance with multi-level approvals for sensitive systems. These are the features that I appreciate the most. When we started using the session proxying and recording features, overall, it was a manageable and fairly smooth process for us. However, like most security platform deployments, it had a few learning curves. Session proxying and recording worked with our major systems including Windows, Linux, and network devices with minimal configuration. Some devices and services required slight changes to firewall rules and configuration to ensure the proxy could connect cleanly. Additionally, our admins needed orientation so they understood they were joining a recorded session, particularly for remote or support use. We spent considerable time adjusting the session filtering, retention settings, and naming conventions so recordings were useful and not overwhelming. These are some areas where we encountered challenges.
