One Identity Safeguard Reviews

We primarily use the solution to manage passwords and use for the RDP access. 

Our infrastructure is three SPPs and two SPSs. This is across 1,000 users and approximately 500 targets. 

Safeguard can define and update processes and procedures into the security framework of a company, including mobile. It allows us to change the policies and configurations on a mass scale in regards to security.

The most interesting thing about this product is it is very easy to implement and configure as well as its usability. Also, for the final user, the work experience doesn't change when using the SPS for the Linux administrator, which is fantastic. You change only a little bit of the connection. Everything else is really easy.

I just received a question from a customer in regards to a connection with Oracle OID. I tried to integrate Safeguard with the Oracle YAML as well as something else to manage the groups and users from a different system, like AD or LDAP. This one feature could be better. At this moment, the platform system can only use the integration with LDAP or AD. The software for research and development to create a connector to a YAML platform can be very complicated.

I started using it two years ago.

It is a very stable system. There are no problems when using the platform.

The scalability is fantastic. It is very easy to connect and use the solution, if you need it.

There are two different supports: one for SPS and another for SPP. The technical preparation of the support is very high. They have very quickly given me the solution for a couple of issues that I have seen.

We switched from CyberArk to Safeguard. In order to manage CyberArk, it is a very big effort. The platform is very complex. The management system of Safeguard is very easy. Also, the configuration for the targeted user is easier in Safeguard rather than CyberArk. Lastly, the cost of CyberArk's licensing is very expensive.

We try to understand what the customer needs in order to fit the solution for what they want, then we plan all the activities based on that.

We can deploy the system in a couple of days, then the system is up and running. The next step is importing the whole system. The time frame of this depends on many targets the customer has, but it doesn't take too long.

I work at a system integrator, designing and implementing the solution for our customers. I think our customers see a return of the investment using this solution.

Safeguard is cheaper than CyberArk.

It is a good solution. There is no limit to its usage in a company, e.g., IT or financial.

Check the basic rules in the documentation because the solution is easy to use.

I would rate the solution as 10 out of 10.

Our company is regulated by the central bank in our country. There are about 4,000 employees in our organization. 

Our main need was to reduce the operational cost of our department by increasing the window of operations to 24-hour rather than have office unemployment. 

We are now digitizing the access control function through One Identity. Whoever forgets their password can reset it on their own rather than reaching out to the security desk. Whenever we have a new employee, we found that it was taking at least two days to get them a username or access to the system. Now, once they are logged into the organization and are registered on our ERP system, their complete access will be ready within five seconds. They will receive an SMS with their username and password so they can start working. This has increased efficiency and effectiveness of the access control function. It has reduced operational costs as well as providing services 24/7 with a platform that can be used anytime and anywhere for investigation in case we have a requirement. 

We use the physical appliances, as they are more reliable. Around the world, dedicated appliances are more reliable than having a virtual version/copy. We went with the physical appliances because they are dedicated and closed like a black box. However, we haven't reported any misses with the virtual version. 

We use the solution’s Approval Anywhere feature which enables us to add an extra layer of security for critical passwords without adding time-consuming approval processes. In the past, we were having problems when a user went on vacation. There were many recalled cases of password sharing. When we received this type of incidence and started to investigate, we found out the past setup had no solution. For example, if someone with a daily duty went on vacation, they still had to do it within the office. That is why sometimes people tried to justify the sharing of passwords by the importance of their duties. Now, by using this platform, if someone goes on a vacation, out of office, or needs urgent/planned leave, then our setup will select the functions tied to that person and automatically delegate them to the next person. That person can start performing that duty based on their access. No sharing of passwords is required.

The multilanguage functionality does not support the Arabic language, even though this solution is deployed in an Arabic region. However, it matches our criteria and requirements overall.

One Identity is using a third-party to create one-time passwords. Due to our security restrictions, we needed to build our own. When we discussed this with One Identity, "Why they don't provide a technology that can be hosted on our data center and be built by One Identity," they said they are using a third-party. This was their justification, so I think it's based on their strategy and there's no harm using a third party. However, we were having an issue using a third-party.

I have using this solution for about six months. The project started about one year back. We started product introduction through phases. We went full-fledged with One Identity using Cloud Access Manager, Password Manager, and Privileged Access Management along with identity and access management.

We have been trying to stabilize the system until now. We haven't had the chance to revisit the deployment to find out if there are any expansion plans, as we are working to sustain the set up. We want to increase end user awareness and start building the number of reports.

I didn't have a requirement to test the scalability of the solution. We did discuss the scalability with the system integrator at the beginning, and it's on the license level. I don't think we will have an issue once we come to the point of needing to scale.

We have 3,000 end users and 10 administrators.

I haven't had a chance to work the One Identity technical team. We work with the local partner instead.

None of my team has gone for training yet. However, they did have a handover for operation of the solution. It doesn't need that much training as long as you know the basics of access control functions. End users only need to have a tutorial to the portal. This is what we provide: a tutorial for how to use it and the know-how.

We previously were using a manual process. One Identity helped us to automate this process.

We integrated One Identity with our ERP system (Oracle) and also with our security operations center (Splunk). The integration went perfectly. It was an easy connection. We built the connectivity directly through the API. What we found time consuming: the setup and connecting One Identity. E.g., Oracle takes more time than Splunk to connect because Splunk's system is ready to send the security logs to the security operations centers. With Oracle, the integration depends on the business needs and there are a number of different requirements based on those business needs. The enhancement One Identity made is the historical part related to system access control goes through our SOC to this tool.

My team worked on the initial setup. I don't remember any critical escalations related to technicalities during their field deployments. The local system integrator helped us with any deployment challenges. There was zero disruption to privilege users during the deployment, which can be attributed to the work of the project management team. The deployment took about six months using two outsourced resources.

For the consultation services, we went with a well-known, famous system integration company (Exceed Gulf), who is local. They were cooperative, experienced, and professional. They have led many successful deployments in our region. Sometimes, they provide better advice when we are releasing an RFP to the market, e.g., when they got this RFP, they added value by doing a slight amendment to the deployment. This contributed a lot to the success of this project. Their advice comes based on their experience in the deployment for such a solution in our region. I strongly recommend working with Exceed Gulf and the same team that we worked with, as their technical skills were perfect.

We have not yet seen ROI. The benefit that we get from using One Identity is that it reduces operational costs.

We have a yearly license. The cost depends on how much a company wants to invest in technology. In our organization, we believe in modern digitization and automation processes so we found it affordable. One Identity was not that much less than other solutions and it is not a cheap solution. There were number of cheaper solutions. However, it's the most effective, according to our evaluation.

When we started thinking about approaching such a solution, there was an increased need to digitize or have a platform that helped to provided access control functions. There were a number of solutions in the market, like Oracle and Microsoft. One Identity (per our evaluation) was our selected solution. One Identity won when we match these criteria against other solutions in the market:

• Support
• The system integrator
• Strength of the solution
• Complexity of the solution (less complex than other solutions).

Make sure to always get the support. This solution could not be successfully implemented with no support of the HR and procurement system. You will need to mature all of your HR and procurement processes to do the deployment in a secure manner. This is a security solution, not an IT solution. If you want to deploy it as a security requirement, you need to ensure that the HR and procurement processes are correctly in place. You can use it as a technology solution, because not all the technology requires security, but all security requires technology.

We haven't activated the session recordings yet. We have tested it, and while it worked successfully, we didn't apply it fully because of internal technical issues.

All the logs in the system are recorded and sent to our security operations center (SOC) for analysis. In our SOC, we have end user behavior analysis, but do not depend directly on One Identity to provide this. However, I might ask to have a report for the user behavioral analysis going forward.

I can rate the solution as an eight (out of 10).

There are two parts to Safeguard: the sessions recording part and the password management appliance. With the password management appliance, we have been using version 2.10. For the sessions recording, we started off with version 6.2. It has new additions and updates which have come out, thus we've upgraded. Currently, we are up to version 6.5.

We are doing a sessions recording for all of our UAT and production servers. Therefore, if something breaks/happens or there's a change during the day without the proper change control mechanisms, we can determine the session by pulling the last session on the box and finding out who did what. Then, for the password part, it is used to consolidate enterprise-wide all our passwords for our 2000-plus server accounts.

We have five physical alliances for the password part. Then, for the sessions recording, there are three virtual appliances. We went with these particular versions because they were the latest and greatest. I like to keep things updated instead of dragging stuff out, which is how people get stuck with legacy devices unable to upgrade or with no upgrade path available.

It has greatly helped improve our security posture. Safeguard has an option where it will reset passwords on service accounts, then go out to those servers where that service account is running as a service and update the password on it. That makes password changes very easy. We can regularly change passwords now and are planning on making it an annual activity, where all the people who own service accounts will go in and make sure all their passwords get changed, updated, and reset. That's a huge scary stance right there because people leave the company and memorize all their passwords. Now, they're null and void, and we're in a far more secure place.

We are still building out the Safeguard behavioral analytics feature, but so far, it's pretty good about being able to detect nonhuman input. This has increased our security posture as well. It's really easy to use. Security guys are able to identify, "Why is this person logging into spots on the weekend when historically they've never accessed it on the weekend whatsoever?" We're able to keep watch as there is a lot better visibility of our environment.

The password part is the most valuable because we were going to start vaulting certain accounts to get a lot of passwords changed. Historically, we have had really stale passwords on non-human and service accounts. E.g., on one of our service accounts, the password hasn't changed for 17 years. It was not even that complicated or good of a password in the first place. 

This solution has definitely helped us consolidate. It replicates to other appliances, so we're replicating to our DR site. Thus, if anything were to happen to our data center or personnel, whomever was trying to pick up the pieces and try to put the business back together would at least have all the passwords available to them.

The physical appliance form factors are pretty nice. They are definitely Dell inspired and easy to set up with accurate instructions. We have had no problems.

Regarding usability and functionality:

• It has a nice, clean interface. 
• It's pretty direct and easy to personalize. 
• Users can set up favorites on certain things that they request. Very often, they shortcut it. So, it reduces the clicks down to three clicks. 
• You can have a password for any account. 
• It's auditable, which makes the security guys' happy.

We tried the solution's “transparent mode” feature for privileged sessions. It ended up making a lot of Cisco Layer 2 configurations hard and was using a lot of ACLs to control the traffic, which we identified as type of a risk. In order for it to do production that would put an unnecessary burden on our network guys to configure it because that's thousands and thousands of lines of code that they'd have to update and change. We did use this feature for the PoC and that worked out well. However, for production, we are using the Remote Desktop Gateway feature.

Transparent mode was too cumbersome, so I don't foresee us being able to use it. On paper when we were initially talking about it, it was definitely going to be the preferred method until we realized the burden it would be on our network guys. Then, we had to step back and reevaluate what we wanted to do. That's when we changed our approach to use the RD Gateway feature.

I would like their transparent mode to have an easier implementation. If there was a way that we could do transparent mode without having to use ACLs that would be incredibly beneficial. 

They could do a better discovery to find out where service accounts are being used on non-Windows Boxes, such as Linux. That would be a good benefit.

Six months.

The stability is very good. There have been no problems at all so far.

We have four administrators who do maintenance. One of them is the security guy. He will go in and through the audits, looking at session recordings. We also have it locked down so that only he view these things. There are three other admins, including me, are responsible for maintaining the product. We keep things up, making sure the Gateway works, and helping users troubleshoot if they have problems with the Gateway.

It is very scalable. If we want to add another site or stand up another data center, we just buy a couple more appliances. Then, we set up a couple more session boxes and everything is covered.

So far, we are just using it for passwords, then passive session monitoring. Therefore, our usage is pretty minimal:

• Trying to track down people's accounts.
• Getting locked out because of user password changes.
• Not closing out of RDP session right. This is sort of a pain. However, people are getting better about logging off appropriately instead of just closing out the window.

We have about 140 end users because it is really just for our IT people. So far, businesses or anybody outside the IT organization doesn't even know the solution exists.

I love the tech support guys. Anytime that I have a problem, I can always put in a ticket. They get back to me right away. We have access to the product team and their Level 3 engineers. I've suggested a couple of feature requests and improvements on the product, then within six months, they were able to put those into an update which was rolled out. So, they are very efficient and quick.

I was surprised because I have dealt with Microsoft support, and we all know how it is: It's pretty terrible. I've dealt with other support companies where you will get somebody with a thick Indian accent and spend 70 percent of the conversation making sure he said what you thought he said. However, with the One Identity folks, it was easy and quick. They're a great group of guys.

PAM is totally new to our enterprise. Safeguard was definitely a cultural shift.

The initial setup was very straightforward and only got complex as we added use cases. We added the complexity on ourselves, but the product itself is very straightforward. The deployment took five months.

The implementation strategy was:

1. Setting up the sessions box. 
2. Ensuring it was set up once we received the Gateway configurations. 
3. Setting up policies and notifying people on how to change their Remote Desktop Client configurations. 
4. Shifting gears and switching over to trying to input all the service accounts and getting all the passwords loaded up into Safeguard. 

After that, it was a done deal.

Our privileged users did complain and grip a bit due to the deployment. At first, they made it seem like the solution was disruptive to them. However, as time went on, complaints went down. Therefore, I think they're used to it by now. They just needed to understand the new technology and get comfortable with it.

We really did have old passwords. People hung onto their processes and certain ways of things. When you asked them to change, they got grumpy. I knew that they were going to get a little grumpy, but I didn't know they were going to be that grumpy. They are over themselves now, especially since the director stepped in, and said, "This is how it's going to be. Get used to it."

We used One Identity Professional Services. They were great. We got the same guy who helped us roll out our Identity Manager. It was really good to work with the same guy. He was a familiar face, already very knowledgeable about the product, and very quick to get answers.

For the deployment, it took about five total people: a security guy, a network guy and a couple of infrastructure guys.

We were able to get rid of a couple products, e.g., Identity Manager replaced FIM. Safeguard was totally new. Two-factor authentication has saved us from a couple of brute force attacks on a couple of our C-level executives. That was a pretty good return on investment. We have been able to protect ourselves against a couple of major compromises.

There have been at least three instances where 2fA protected us from compromises, and probably a whole lot more. It seems like people are constantly trying to hit, attack, and penetrate a lot of the things that we have on the perimeter and are Internet exposed.

It is a bit on the pricey side, but you get what you pay for. You don't want to get anything too cheap because then you get cheap stuff and cheap support. That really never helps anybody.

There are other additional costs for some training on their other products because Identity manager can get very involved. Once we got the products and licensing setup, everything else since then has been cake. I don't think we have been spending a whole bunch of money.

We didn't want to use a whole bunch of vendors. We had already picked One Identity for their two-factor authentication, Identity Manager, Cloud Access Manager, and Password Manager (self-service) solutions. We just sort of drank all the Kool-Aid.

We tried to look for a comprehensive product offering and One Identity was the only one who checked off all the boxes and things that we were looking at to roll down for the next five years. They are a great partner and always willing to work with us. They are awesome.

We did evaluate other vendors: Centrify, Okta, Azure AD, Azure 2FA, and Ping Identity. We were able to quickly rule them out, but these were the main competitors. 

Azure AD is a lot of hype. It sort of sucks. The One Identity product works a lot better, as it's a lot easier to use and GUI-driven with a lot of wizards in it. Azure AD is a bit more complex and doesn't seem like it works all the time. That's why we didn't choose it. It seemed pretty unreliable compared to One Identity.

Take your time. Talk to as many different aspects of the business in the company as you can. Get a lot of input from many people. Know how to sift through good and bad input. Use Professional Services, if you can. The tech on-demand services was much cheaper than their full-blown professional services. For the tech on demand services, we never had to wait more than a few days for some type of response.

The training was pretty easy. There was a one-day training class for the admin. Then, for the users, there were a couple of Word docs that we circulated around which were good enough.

We have not integrated it with other parts of our business. It is standalone and independent.

More time is being spent because there are more steps to check out a password or if you get a password.

We have just starting to really use the product. There is a lot of design, building, and configuring involved, so we have just started to truly take advantage of some of the features it has.

We haven't set up any type of approvals. We're pretty tight on who can see and request passwords in the first place. I would imagine at some point in time we'll probably end up utilizing the Approval Anywhere feature, just not right now.

As far as privilege access management goes, I'd rate it a nine (out of 10). So far, the product has been really easy to use and set up. I'd just make the rollout and implementation of the transparent mode better.

We started with administrative use cases and we were able to take control of all the local administrator accounts for endpoints and servers. We then started controlling privileged accounts for our domain administrators as well as for any kind of privileged account that had access to our switches, routers, and the like. 

This year we're looking at taking control of all of the servers and application accounts. But that's going to be a longer journey for us because there are a lot more of those accounts, and there is a lot more testing that needs to be done because of the nature of the accounts.

Another use case this year is integrating Safeguard into the SQL database, so we can start taking control of the SA accounts within SQL. 

Furthermore, we have a use case where we are using Safeguard to manage the account for our IIGA solution, which is our identity governance solution. When it creates new users or transfers or terminates users, it's using a privileged account that is being handled by Safeguard.

We have a lot more use cases but these are enough to give you an idea of how we use it.

We went from a state where privileged accounts were being used and not being monitored or even audited to our situation now where we are starting to monitor these privileged accounts more closely. That's where we show value in the product. Whenever a change is happening, we know because we find it in the logs. Our reporting and monitoring team is looking at it, and they are now starting to question changes that are associated with some kind of ticket or some kind CAB (change advisory board) request. It has improved our visibility for privileged access.

We have physical appliances for this solution. We went with that version of it because it was easier for us to deploy it and not have the IT engineers involved with our deployment. We wanted to control everything, from the deployment to the supportability to the usability of the product. I really enjoy the form factor of the appliance because it's definitely a change from the previous version, which was a bigger box. This one is a lot easier. It doesn't take up room on the rack, and it's very efficient as far as resources go.

The ease of use of the GUI is a really nice feature. It has a nice look and feel to it.

The actual checkout process is simple. You log into the portal and you're presented with accounts. That makes that so much easier because you don't have to go searching for stuff. It identifies what accounts you have, you click on it, and you go through the checkout process.

It's one of the best products we've seen. When you start looking at the functionality and use cases and usability of the product, it's straightforward. They designed this product with the end-user in mind, and they also had the sysadmin who is supporting the product in mind. They really did a nice job. Overall, it's a nice product to work with.

We use the Approval Anywhere feature and, through an app, it allows us to approve or deny requests. We don't have that turned on across the board, but we are turning it on slowly but surely. It adds an extra layer of security for critical passwords without adding time-consuming approval processes. That extra layer of security is our "belt and suspender" approach. It's making sure that you are approved to make a change, especially during production hours; it's approved by the person's manager.

From a usability perspective, what we are finding out is that our privileged domain admin users, in particular, want functionality for extending a checkout session. So we are working with One Identity support to see if there's an enhancement that can be made to the product. 

There is another area for improvement that I have sent over to One Identity. I said, "Whenever you check out a password, there should be a radio code associated with the password." That's something that we're trying to work on with them. It was submitted as a request for enhancement. Sometimes, you can't tell if an "O" is an "O" or a zero is a zero. If we had a radio code, the person could correctly read that password and make sure that they're not fat-fingering it.

We've been using One Identity Safeguard since the end of 2017, so it's a little over two years. I was also a user of the previous version, which was TPAM, for many more years in my previous role.

We have never had an issue with the software or even with the appliances.

It's very scalable. It doesn't matter what size of organization you have. If you have an organization of 1,000 or 100,000, the product is going to be scalable to your needs.

In our company, we have sporadic roles and we have about 55 users who are tuned into Safeguard. We're managing over 3,000 privileged accounts. Some of the users' roles are network administrators, IT administrators, help desk administrators, and InfoSec administrators. Our marketing team has users of the product, as they have applications whose passwords are being managed through Safeguard. We have a nice blend of users who are using the product daily. It has really done a good job of keeping up with the demand.

We definitely have plans to expand the usage of the product. Any area that's going to require some kind of privileged account, especially as we go through a digital transformation in deploying cloud services, Safeguard is going to be right there with us and will give us that flexibility to manage those kinds of accounts.

For deployment and maintenance of the solution we have a staff of one who reports directly to me. He's a senior cybersecurity engineer.

Safeguard's technical support is one of the better ones that I have worked with. There's always room for improvement, but every time that I do pick up the phone it's been fine. 

In my previous role I used Dell Quest TPAM, which was the previous version of Safeguard.

The initial setup was very straightforward because my team had the expertise in deploying a PAM solution, which was TPAM, in the past. This wasn't really that much different. We were able to deploy the full infrastructure, including DR redundancy, without Professional Services.

Because of scheduling conflicts, it took a few weeks to deploy. The main boxes were up within a week, but the full circle of deployment of the product was about a month or so because of those scheduling issues.

Standing up the appliance, plugging it in, and getting started was very straightforward. So kudos to One Identity for really listening to what the user population had to say about TPAM, because it is definitely reflected in the Safeguard product.

In terms of the effect on our privileged users, it's always going to be disruptive when you change something. People don't like change. We introduced this slowly but surely. We took a real "crawl, walk, run" type of methodology. We took the most basic use cases, and then we would update our support documentation to support the product. As we deployed it, we kept finding areas that we needed to document. It wasn't so easy to deploy something that was going to change somebody's workday process flow. But a year later, we're in a different state. It's been adopted and people are drinking from the same water hose.

We had in mind that we needed to handle the local administrator accounts and the privileged accounts, and we moved on from there. We knew that doing the local administrator account, which is really a non-human account, was going to give us the biggest bang for the buck. We knew that was something that we would achieve fairly quickly, and we did.

The training for end-users wasn't that bad. The product is straightforward. When you start working on a product with a lot of the features that you had suggested, in a previous version, be implemented, it's really nice to see that the company is listening to clients and the user population. That helped us in training our employees who use the product. The training was extremely straightforward, and people really caught onto it fairly quickly.

We absolutely see return on our investment. We're minimizing the risk of potential insider and external threats. We're managing all the privileged accounts, and we have minimized the risks of an account being hijacked and being used to compromise domains.

We are already seeing the return because we conduct annual penetration tests to see if we're able to compromise the network.

We evaluated CyberArk and BeyondTrust in addition to Safeguard. We went through a bake-off and Safeguard had one of the best sets of functionalities. It even had simple stuff for integration of a checkout proxy ID. You could check out the password and then it would just proxy to the endpoint. An example would an SSH session you needed for an account that was checked out.

CyberArk was going to require a lot of resources, both human and infrastructure resources, that we didn't have the bandwidth to take on. BeyondTrust fell short of some of the use cases that we had. One of the use cases was relationship. We had a core team that decided on the product and when the core team did its scoring, Safeguard came out just a little bit ahead of BeyondTrust and well ahead of CyberArk.

Start with your current state. That's what we did. Then, create a roadmap of where you are, where you need to be over the next five years. Once you're able to assess the current state and you have a plan in place, you can pick the product that's going to help you get to that future state.

The biggest lesson I have learned from using this product is to be open-minded in trying to figure out where we could use some enhancements. Just because you choose a product you don't have to be 100 percent, all-in on the product. There is always room for opportunities. Whenever there is feedback or challenges, take them and then see what you can do better. My focus is the end-user who is using the product. We have to make sure that using this product doesn't affect users' day-to-day operations.

We started using the solution's behavior analytics feature but it never really took off because we got overwhelmed with other areas that we needed to address. It's something that is on the roadmap for us to eventually take a look at, or at least refresh the project plan and commit some time and some resources to it.

We are looking to integrate Safeguard with RSA. RSA has a component and we're looking to streamline the metrics around that component. When a product is brought online, there's a way for us to go in and do a scan of that machine or that endpoint. Ideally what should happen is that we'll go to Safeguard, check out a password, push that password to the vulnerability management scanner, and scan it. When that scan is done, it actually checks in the password and rotates it. It's our vulnerability management solution that we're looking to integrate. We're doing a PoC on that right now.

Safeguard is a next-generation tool when it comes to privileged access management. They have done a nice job figuring out all the features that need to be available out-of-the-box. I do have high expectations for Safeguard. I continue to look forward to future releases because I know it's going to get even better.

We are using the virtual appliance. We are a cloud company working widely with virtualization. We provide virtual machine to our customers. When we deploy a new solution, we try to use our system to show our customers that it works for them. That is why we are using a virtual appliance which validates the usage.

For now, we are using it for traceability of access inside the platform because we are a certified company: ISO 27001, SecNumCloud, HDS... We use this solution to monitor the session of our administrator and also to capitalize on incidents. When you have an incident in the night and our Level 3 people are working on it, they don't have the time to document all they do on the platform. The main goal is to have the service up as fast as possible. We are now recording the session, and the morning after the incident, we can see the session and understand what has been done to resolve the incident.

We are using the latest version of Safeguard.

When we are asked to do an investigation for a server, we have all the information that we need. We never have any problems as all the information is available to us.

The transparent proxy is the most valuable feature. When you are connecting to a server inside the platform, the user doesn't need to change their habit. They just have to make small configurations to their workstation, then it is transparent for them. Our users like the solution because it's transparent. Users doesn't need to have interaction with 3DS OUTSCALE IT or security team to work as usual. It's interesting for the users because they don't have to think, "I have to note all that I've done during the incident to remember it".

We use the solution’s “transparent mode” feature for privileged sessions. It is very easy because it is only a simple configuration for our users. We don't have to modify our network. We install it, configure it, and it works. So, it is super easy. The rollout for our users is seamless.

The "transparent mode" allows for better visibility. With its monitoring, we can do investigations which are good for us and improve our system.

The interface is better now, but it still could be improved a lot. It needs more organization, menus, automatic refresh of information, and Web 2.0.

An official HashiCorp Vault connector would be very helpful inside the platform.

SSH implementation is not 100% compatible with standard SSH (openssh). For example : JumpHost.

As a result, some options require manual tunning, and complicated user-side configs, where it could be much simpler

We have been using it for a long time: six years.

It is very stable. We have never had incidents with it. When we lost a connection with our Active Directory, the system continued to work. When we lost the storage on the virtual appliance, we restarted it, then it was fine. Thus, the product is very stable. 

One or two people are needed for deployment and maintenance. For the deployment, it's done by the security team for now. However, in the near future, it will be managed by the operations team.

We upgrade about every two months the latest version.

We don't use the scalability. When we need a new appliance, we deploy it inside another network. We don't need scalability for now, but if we grow quickly, we will need to think about it.

We have about 50 users inside the company, including the security team, operations team, infrastructure team, and Level 1 support.

We are using 75 percent of the parallel session unless there is an incident, then we can use all the slots.

I used the technical support once. It was good. I had the answer to my question quickly. I have direct access to the pre-sales team and my account manager. So, I called in and my problem was solved.

Yes but we had to quit it because they didn't have what we needed and it was very expensive. 

In the beginning six years ago, we started with a small instance. We used it very simply and learned how to manage it. 

With the newest version that we massively deployed, we had one week to know how to install it and how it works. Now, we know how it works very well.

Install is fairly simple, with basic options.

Configuration requires a little explanation on the way it works but is straightforward too.

We deployed it ourselves.

We have seen ROI in terms of time. It's easier for us to investigate incidents, which is helpful. It has improved our performance with investigations. It used to take a month to write an incident. Now, it takes us a week, cutting the time down by a fourth.

Our licensing costs are on a yearly basis.

We evaluated CyberArk, which was pretty good, but it is very expensive. CyberArk's interface was better. Also, CyberArk's login was not so transparent. We chose One Identity because it has a transparent login in interruption in the network.

When you use Safeguard in production, it provides traceability and protection around your platform.

I would rate the solution as a seven (out of 10) because of the interface.

I have seen the future of analytics, and it's very interesting. I hope to have the time to try and learn something about that.

We use Safeguard to manage users when the client wants to record all discussions on an LDAP. The solution is deployed on a VMware ESXI because all our clients don't want a physical appliance. We average about 300 to 500 connections to Safeguard.

Safeguard has the ability to record and retrieve in the full-video format.

We have issues using Safeguard to record http/https connection in a video formt. Currently, they don't have a mechanism to record this type of connection.

We've been working with One Identity Safeguard for about eight months. I work as an integrator for solutions like PAM and One Identity. We make alterations and integrate the solution. 

We run One Identity Safeguard on a VM, so we can create as many as we need. 

I had an issue about a week ago because we were migrating from an old VM to a new one. I opened a ticket, and they responded, but I didn't get a solution. 

We set up a VM appliance and configured it then deployed the solution. The typical time for deployment and configuration is about three to five days.

I rate One Identity Safeguard eight out of 10. It's an excellent solution and a perfect fit for our use case.

We use it for controlling the client sessions into our data center.

We deployed it into our company for controlling a client's behavior in our data center. It is very useful to control their connections, such as RDP. 

I requested for an evaluation license, but no one responded to me. 

We can't review or audit HTTP and HTTPS. This functionality should be added so that we can review and audit HTTP and HTTPS.

I have been using this solution for less than one year.

It is stable.

It is scalable. It scales well in our company.

I requested them for an evaluation license, but no one responded to me. They didn't give me an evaluation license.

I have some knowledge of Wallix. It is a competitor of One Identity. They have similar functionalities, but I didn't explore it too much.

It was easy. There were no problems. It is easy to navigate through the web interface.

As compared to other products, it is reasonable, but the training sessions are too expensive.

I haven't used other products, but I would highly recommend One Identity SPS.

I would rate it an eight out of 10.

I have found the most useful feature of One Identity Safeguard to be Privileged Sessions.

When we compare One Identity Safeguard with Cyberark, we know CyberArk has other tools or other features that are more complex and more useful for the customers. For example, I have one customer that wants to elevate the permission that is available in CyberArk. 

Another example is, I have one potential customer that wants to use some feature that is available only in CyberArk. The scenario is one user request a patient, however, that user doesn't have the permissions. In that request, he wants to request more permissions elevation and more rights under the live connection. This can be done in CyberArk and not in One Identity Safeguard.

We need to allow more permissions for the user who requests access for the previous account in a live connection.

CyberArk gives stronger features for safeguarding at this moment.

I have been using One Identity Safeguard for approximately one year.

One Identity Safeguard is a stable solution.

I have found One Identity Safeguard to be scalable.

I have contacted support. I can create tickets for support and in approximately one hour, I have a response from the support. They are very quick.

I have previously used Cyberark.

The initial setup of One Identity Safeguard was simple. In one week we can be ready to fully operate.

My advice to others wanting to implement this solution is to do the implementation slowly and concentrate.

I rate One Identity Safeguard a nine out of ten.