One Identity Safeguard Reviews

I have found the most useful feature of One Identity Safeguard to be Privileged Sessions.

When we compare One Identity Safeguard with Cyberark, we know CyberArk has other tools or other features that are more complex and more useful for the customers. For example, I have one customer that wants to elevate the permission that is available in CyberArk. 

Another example is, I have one potential customer that wants to use some feature that is available only in CyberArk. The scenario is one user request a patient, however, that user doesn't have the permissions. In that request, he wants to request more permissions elevation and more rights under the live connection. This can be done in CyberArk and not in One Identity Safeguard.

We need to allow more permissions for the user who requests access for the previous account in a live connection.

CyberArk gives stronger features for safeguarding at this moment.

I have been using One Identity Safeguard for approximately one year.

One Identity Safeguard is a stable solution.

I have found One Identity Safeguard to be scalable.

I have contacted support. I can create tickets for support and in approximately one hour, I have a response from the support. They are very quick.

I have previously used Cyberark.

The initial setup of One Identity Safeguard was simple. In one week we can be ready to fully operate.

My advice to others wanting to implement this solution is to do the implementation slowly and concentrate.

I rate One Identity Safeguard a nine out of ten.

We primarily use the solution to manage passwords and use for the RDP access. 

Our infrastructure is three SPPs and two SPSs. This is across 1,000 users and approximately 500 targets. 

Safeguard can define and update processes and procedures into the security framework of a company, including mobile. It allows us to change the policies and configurations on a mass scale in regards to security.

The most interesting thing about this product is it is very easy to implement and configure as well as its usability. Also, for the final user, the work experience doesn't change when using the SPS for the Linux administrator, which is fantastic. You change only a little bit of the connection. Everything else is really easy.

I just received a question from a customer in regards to a connection with Oracle OID. I tried to integrate Safeguard with the Oracle YAML as well as something else to manage the groups and users from a different system, like AD or LDAP. This one feature could be better. At this moment, the platform system can only use the integration with LDAP or AD. The software for research and development to create a connector to a YAML platform can be very complicated.

I started using it two years ago.

It is a very stable system. There are no problems when using the platform.

The scalability is fantastic. It is very easy to connect and use the solution, if you need it.

There are two different supports: one for SPS and another for SPP. The technical preparation of the support is very high. They have very quickly given me the solution for a couple of issues that I have seen.

We switched from CyberArk to Safeguard. In order to manage CyberArk, it is a very big effort. The platform is very complex. The management system of Safeguard is very easy. Also, the configuration for the targeted user is easier in Safeguard rather than CyberArk. Lastly, the cost of CyberArk's licensing is very expensive.

We try to understand what the customer needs in order to fit the solution for what they want, then we plan all the activities based on that.

We can deploy the system in a couple of days, then the system is up and running. The next step is importing the whole system. The time frame of this depends on many targets the customer has, but it doesn't take too long.

I work at a system integrator, designing and implementing the solution for our customers. I think our customers see a return of the investment using this solution.

Safeguard is cheaper than CyberArk.

It is a good solution. There is no limit to its usage in a company, e.g., IT or financial.

Check the basic rules in the documentation because the solution is easy to use.

I would rate the solution as 10 out of 10.

We use this solution to separate the office environment from the production environment with a secure network zone. All user sessions go through One Identity Safeguard before they can reach the production environment. All sessions are audited and they are indexed/searchable through the GUI. Some of the data are transferred to our SIEM solution. For the moment we use the product for RDP and SSH sessions. We are going to use it for Citrix farms also in transparent mode. 

All user sessions are going through Safeguard. They are all audited and secured with forcing the minimum security settings on the side of the user. With this setup, you can easily secure all of the connections to the production environment from the office. Especially if you have a lot of different places connecting to the production environment, it is a PCI DSS requirement that you secure the flow. In our company we already audited the product as part of the PCI DSS certification.

The most valuable feature is auditing the sessions. All of the sessions (RDP, SSH, Citrix) can be audited and replayed on demand.

Complete indexing on SSH sessions means that all commands are searchable after indexing.

Management of the farm of appliances. When you have more than one server to handle the traffic, you need to configure everything on each console and maintain seperately. The cluster feature is coming in the next versions, until then you can handle with some scripts but its not straight forward. In case you want to use a farm of appliances instead of one you should consider this.

Monitoring of the platform should be easier and more functional so that you can have a clear picture of the running service. Again when you have a farm of appliances you need to have all the monitoring data centrally so you know what is happening with the overall service. This feature is missing. You have to go on each server to see what is the status there.

We have been using this solution for two years.

This is an extremely stable product. Outages depend only on your environment. The service can run smoothly forever, depending on your company's setup and possible maintenance outages.

No problem to scale. It's always a good option to use a load balancer in front of the solution to handle the traffic.

Our experience with technical support has been extremely good. 

This was the first implementation of such a product in the company.

Setup is straightforward as long as you plan correctly.

The initial setup was with the vendor. They have extremely good knowledge of the product and provide good support.

This solution provides PCI-DSS compliance, so ROI can be considered very good.

The full license is expensive but if you plan to use it in a big organization then it is the best option because it is more flexible.

More options where evaluated, like Centrify and CyberArk, before we choose this solution.

Before you decide, do a full analysis of your requirements and see if the product fulfills them. Performing such an analysis after the fact is going to be difficult.

We use it primarily for our IT team, so they can access our production and pre-production environments, to have better accountability. They have to create a ticket, check it out, and then they have to get approval from our approvers group. So there's accountability from beginning to end, and we also record the sessions.

The time frame to get sessions rolling has been cut to a third. From a productivity standpoint that's tremendous.

In addition to that, the ease of use is fantastic because our IT team is able to check out sessions very quickly because it's so intuitive and easy to work with. They're pleased with it and it allows them to do their jobs much faster. That's probably the largest way it has improved things for us.

Finally, because of the intuitiveness and ease of use for end-users it has been really simple to train on. This product has worked flawlessly for us.

There are a lot of features, so it's going to sound funny, but one of the most simplistic features, the Favorites feature, is the one we like the best. You do a full run-through of configuration to check out a server and then you can save that whole configuration as a favorite. So the next time you go in, you click on the favorite that you configured and it automatically takes you to the end so you can check the server out that much faster. It saves a lot of time, resulting in an increase in productivity and a decrease in issues and errors and interface problems. It increases redundancy and gives us a much easier interface to use.

We're using virtual appliances for Safeguard because of the flexibility of virtual appliances. We can snapshot them, we can restore them quickly. There's a lot more flexibility with virtual.

We use the solution’s Approval Anywhere feature, and it allows a group of five individuals to receive notifications on their phones, through Starling, and review a request and approve it with one click.

We also use the solution’s “transparent mode” feature for privileged sessions. We record them and we also review them. That way, if there are problems with any configurations they did, we can go back and review them. Also, for mentoring, teams utilize it to help individuals deploy code better or to make changes to configurations. There are a lot of positives with that feature. It was very easy to start using this feature. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with. The rollout of "transparent mode" was seamless for our users. We sent out picture instructions on how to do it and offered to get on a call with people to discuss it with us, but nobody had any questions. In terms of the monitoring itself, it doesn't affect things any differently than the previous solution. It's pretty much the same. Obviously, using the tools is easier, but we were monitoring the same type of information as before.

There is room for improvement in the launch module. They built in a launch button but they don't have effective instructions for configuring it to allow it to launch an RDP session. They're working on that, but the button is in the live product. If they were going to install something that wasn't useful, they should have just disabled it and not rolled it out with the product. Because we don't tie it to an RDP session, you actually have to click the download button and then open the RDP session from there, versus just clicking the launch button and it automatically opening RDP.

Before Safeguard we used TPAM, which is one identity's product as well. We upgraded but we've been using the overall product since 2016.

Overall the solution is very stable. We have not had any major issues on it. It's a nice system.

The only issue I have run into was with our failover two our redundant. There was a pointer to the One Identity platform, it's called an SPP, and it wasn't pointing correctly. But we were able to resolve it. There have really been no issues besides that. Otherwise, everything is very seamless when doing failover and full redundancy.

We can continue to add more VMs to support thresholds. We can certainly scale up with it. It's being used on about 300 servers right now and we have plans to expand to about 200 more.

We have 50-plus people using safeguard right now and they're all in IT. For deployment and maintenance we have one to two people.

We haven't had to use technical support. It's been a solid platform so far.

Previous to this, we were using TPAM and, while it worked, it was horrible to work with. When we saw and got a demo of Safeguard and saw that we would be able to approve things from our phones, saw the user interface which was so much nicer — more intuitive, a lot easier to configure — we went from our teams complaining about the old product every day to not hearing one complaint at all. As a matter of fact, I hear compliments about how much they love Safeguard.

The feedback I have had from users has been a lot of compliments about how much they enjoy working in the interface. It's so much easier to use. It's quick. They can get to the point of checking out a server and of being compliant with security requirements, while at the same time being able to troubleshoot an issue much faster than they used to be able to.

The initial setup was a little complex.

We worked with an integrator, Rallypoint Solutions, to accomplish it because we hadn't accomplished it before with Safeguard specifically. The integrator was tremendous. I have nothing but good things to say about Rallypoint. They helped integrate the whole thing. They really had a great understanding of it. We worked with them throughout the entire setup. We were the hands and they were guiding us. Overall, it was very easy to get up and running.

It did take about a week, eight hours a day — so 40 hours — to get fully up and running and everything imported from the old system into the new one, and to make sure all testing and redundancy were done.

The deployment was not disruptive to our privileged users at all. We ran both the old system and the new system in parallel and allowed them to migrate over after a period of two weeks. However, we had most people on it the first week and they loved it. They were eager to get off the old system.

It required no training. I provided step-by-step picture instructions that we had written out and that was it. They were good to go. We did have a strategy in place, if we needed to work with our teams from a training standpoint. We had sessions set up and ready to go where a live person could walk them through it. But none of our IT users seemed to need that. It was very intuitive.

We have seen ROI using Safeguard. For example, configuring a session in the old version used to take them 10 or 15 minutes, or more. Not only that, but the live person who was the approver had to be logged into the system. So the requester could actually wait a couple of hours before somebody would be able to log in and approve the session. With Safeguard, it's approved within less than a minute because approvers get the notifications on their phones and are able to review the tickets effectively. They understand what's being accomplished and know that it has a ticket number with more detailed information that they can verify, and they can approve the session right there. The individual gets that approval immediately. We went from an average of from anywhere between 15 minutes and two hours down to less than a minute or two. That's tremendous.

They offer a fair price for a robust solution.

In addition to the standard licensing fees there are costs for Starling, but they're very minimal annually. You need Starling to use the mobile Approval Anywhere feature that is so convenient. So it's worth every dime. That extra cost is so small that it's not really even noticeable.

There are integration costs if you aren't looking to do it yourself. I highly recommend their integrators. They are a little expensive but certainly worth the money.

We did evaluate other solutions, but this is the best choice. We went with Safeguard because of the flexibility, the interface, and a more seamless migration from the old system to the new system. And costs were a consideration, obviously.

If you're looking for something that is easy to use with a very intuitive interface — even the administrator interface is very intuitive — I would highly recommend Safeguard. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with.

The biggest lesson I have learned from using Safeguard is to make sure you have enough accounts available for individuals' sessions so that they can check out. The way Safeguard works, an account is created just for Safeguard. Individuals go in as themselves and then they have to check out this account in order for that account to be able to remote to the server. That account would be the only one allowed to remote to the server. But if multiple people have the account checked out for multiple hours, that presents an issue. So keep your session times as minimal as possible. Even for timeout, allow them to change it if they think they're going to use it longer. But the important thing is to make sure that you either have enough accounts or have your session timeouts limited.

We do use the solution's behavior analytics feature, but I wouldn't say that it's too useful at this point for us because we know what their usage is because it has to be done through tickets. For how long they're using it, what kind of configurations they're doing, and what they're doing, the analytics piece of it is more expected for us, as a result. It does help us to identify risky actions without having to create a set of rules or policies, and without any effort on our part. But in our environment, if users don't put in a ticket and provide effective comments, then our approvals group doesn't approve it. There's no automatic approval set up. An individual reviews every request, so malicious use would not be possible.

We primarily use the solution for managing and monitoring privileged users, both internal and external.

Gave much more visibility over who is doing what and more granular control over external support engineers.

The solution's most valuable features are the efficiency and the quality of the recording.

I would like to see an adjustment with more enterprise architecture. Currently for SPS (SafeGuard for Privileged Sessions) there is only a single appliance option (both virtual and physical). It can be scaled using a load balancer to handle huge amount of sessions (although the device is quite efficient), but it also means you will need to purchase multiple boxes. It would be beneficial to have segregated modules as an option and you could buy and implement them separately. For example: trap module (proxy), audit module (search interface), storage module (store and encrypt recordings), etc.

I've been using the solution for over three years with multiple customers and installations.

The stability of the solution is good.

If your current architecture is not designed for this, then it can it may be difficult to expand beyond a certain amount. Our current biggest deployment is for thousands of users.

Technical support is brilliant. They are very helpful.

I was using other solutions in a lab environment for some demos and comparisons, but in real practice, I have not integrated other solutions.

The initial setup is quite straightforward. However, to figure out how to use it, a consultant or an integrator for new users is highly advised.

We're integrators for the solution. We help clients implement it.

Yes, I made some comparison on CyberArk, BeyondTrust, SSH and CA.

We use the on-premises deployment model. We're an integrator company for this solution.

In terms of advice, I'd say new users should involve the integrator architecture team from the beginning.  From a technical perspective, you need to have discussions with the network team from the beginning.

I'd rate the solution nine out of ten.

The primary use case for our One Identity Safeguard solution is to optimize security across private accounts, accounts which can be secured upstream and downstream. The solution enables us to implement encryption protocols across channels. It is designed so that depending on the cryptographic case, different policies can be applied in correlation. 

I don't think it's improved our organization internally. I've had to suspend workflows and focus my time and attention on creating technical, instructional, documentation regarding user procedures and practices.

The majority of the features offered with this solution are the same as with other similar systems. The most unique and valuable features are the upstream and downstream throughput capacities; the Safeguard platform provides agile integration.

In actuality, all the features are valuable. They're good and user-friendly.

The technical support for this solution needs to be immediate, intuitive, and responsive especially as it refers to supporting ticket submissions and processing.

Furthermore, we've had trouble understanding how certain policy framework applies. I would like to see clearly laid out policies or better support and explanations around policy dynamics.

The stability and downtime of the solution could also be upgraded to include a messaging function which would give users a clear understanding of what's happening without having to navigate to a particular section of the page.

Lastly, I would also like to see the price reduced.

It's very stable. There are about 150 users, mostly administration, currently using this solution in our company. We don't encounter many problems with the system.

I am encountering issues when it comes to the scalability of the solution.

Our experience with technical support has been disappointing. We require more prompt and faster response times. We require answers to our questions right away but we haven't received that level of support.

The initial setup was very easy. We followed the given instruction protocol. We also used white papers when necessary for clarification and better understanding. It only took us one month to implement.

We used an integrator for the deployment. It was a good experience. 

Setup cost, pricing and licensing are all very expensive.

We are very pleased with the Safeguard platform feature. You can't find this technology anywhere else.

On a scale from one to ten, one being the worst and ten being the best, I would give this product a nine rating. If the technical support was better I'd give it a 10 out of 10.

One of the most valuable features is that it supports the Linux operating system. Also, the transparent mode for privileged sessions is a very good solution.

On a scale of one to ten, the stability is an eight.

The scalability is great.

Technical support is great. We use the case platform.

We didn't switch from another product. Using this solution has been a great decision in helping with our tasks.

Deployment of the solution took two to three months. Our engineers installed it.

It's a great product for our industry, which is banking.

The primary use case for our customers is to monitor and audit external vendors, as well as keep track of internal actions when privileged user accounts are being used to access systems internally.

For our customers, it's much easier for them to be in line with audits. A lot of our customers work in the medical field, where it is important for them to keep track of external vendors, e.g., maintaining medical appliances inside of a hospital. This solution gives them real confidence that they can keep their customers safe and their data protected.

There are a variety of protocols that it supports.

The video-like stream and audit capabilities, in combination with its indexing capabilities to search for critical events quickly, are valuable features.

The transparent mode for privileged sessions is really nice because it keeps the integration quite smooth. Also, users don't have to change the way that they currently are used to working. 

It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage.

There are some features which are still missing compared to other competitors. For example, some customers need legacy VPN authentication capabilities.

The automated change of the passwords, which is now integrated, could be improved to be more flexible regarding different systems.

The overall stability has improved quite a bit throughout the years. The appliances run well, both virtual and physical. The product is pretty good, especially compared to other vendors and products.

Because of the nature of the connections being monitored, you can load balance it quite well. It is easy to shift the load from one appliance to another. However, the high availability function of the box itself requires a long time to switch over from one appliance to another. So, there is room for improvement

The technical support is tremendous. For large projects, we have had some challenges, but we were never left alone by the vendor. Also, in one case for a small customer, One Identity assigned one engineer to help with assessing the AD infrastructure of our customers, which was really helpful.

The install and deployment are quite rapid. For a smaller project, sometimes it only takes us about two to three days to implement and get the policies inline. For larger projects, it's actually also not that long for the appliance itself. The product requires a lot of changes on the management side, how vendors work, and how you need to counsel people how to use it, especially in Germany. Then, they are monitored, which is the quite larger portion of it.

For our implementations in Germany, we implement an explicit model most of the time. Therefore, the transparent mode for privileged sessions has not been used that much in my projects.

Look at the entire portfolio, since it has changed so rapidly. The capabilities have improved quite a bit. You need to make sure not to miss out on any features.

The Approval Anywhere for Privileged Passwords is a really good concept, because it enables admins to do other work, be more flexible, and work from home. However, we don't have any real experience with it yet, as we are looking into it at the moment.