What advice do you have for others considering One Identity Safeguard?

Overall, my experience with One Identity Safeguard has been very positive. It is a reliable and secure privilege access management solution that effectively protects sensitive accounts and provides full visibility into administrator activity, with minor improvements needed in terms of UI and reporting enhancements. Before implementing One Identity Safeguard, I advise clearly defining your privilege access management strategy and identifying all critical systems and accounts. Plan integrations in advance, especially with Active Directory and other security tools, to ensure a smooth deployment. Focus on designing proper access policies and approval workflows, as these play a key role in effective implementation. Provide adequate training to administrators so they can fully utilize features like session monitoring, password vaulting, and reporting. Starting with a phased deployment approach, onboarding critical systems first and then gradually expanding across the environment is beneficial. Overall, proper planning and user training are key to maximizing the benefits of the solution. One Identity Safeguard is a mature and enterprise-ready privilege access management solution that provides a strong balance between security and usability. The key value of the solution lies in its ability to centralize privilege access control while maintaining full visibility and auditability for user activities, making it a mature and reliable PAM solution that balances security and usability with strong long-term value for enterprise environments. I would rate this solution a nine out of ten.

I chose eight out of 10 for One Identity Safeguard because the pricing is very competitive. It is a nice tool that helps to identify anomalous behavior, a deal breaker feature for some customers. It also helps with access request simplification plus threat detection, where it streamlines requests and quickly detects threats.My advice for others looking into using One Identity Safeguard is that it is a serious, enterprise-grade identity safeguard. It excels at security, monitoring, and compliance, but trades off simplicity and ease of use. One Identity Safeguard has been a cost-effective tool that has prevented major security breaches, avoided insider threats and misuse of admin privileges, and reduced audit and compliance costs. However, the initial cost plus setup effort is a bit high. I gave this review a rating of 8 out of 10.

My advice to others considering One Identity Safeguard would be to start with a clear understanding of privileged access requirements and define strong governance policies upfront. One Identity Safeguard is a powerful tool, but its effectiveness depends on how well it aligns with your organization's PAM strategy. Another key point is to invest time in proper policy configuration, such as session recording rules, approval workflows, and access controls to avoid unnecessary friction for end-users while still maintaining strong security. Training and onboarding are equally important; administrators and the security team should be comfortable with reviewing session logs and responding to alerts. Otherwise, the value of monitoring and auditing can be diminished. Finally, continuous review is essential. Regularly analyze reports, refine policies, and ensure integration with your broader security stack to get maximum value from the platform. One Identity Safeguard, in my experience, has had a significant positive impact on our organization, especially in terms of security, efficiency, and compliance. From a security standpoint, it has greatly reduced the risks associated with privileged accounts. By eliminating shared credentials and enforcing password rotation, we have minimized the chances of unauthorized access and insider threats. Operationally, it has improved efficiency by automating tasks such as password management and access approval. This has reduced the manual workload on the team and streamlined how privileged access is granted and monitored. It has also strengthened our compliance posture. Since all privileged activities are logged and recorded, audits have become much smoother and faster, with all the required data readily available in one place. Additionally, the real-time monitoring and session control capability have given us better visibility and faster response to potential risks, which has improved our overall incident management process. I would rate this review as a nine out of ten.

My advice for others considering One Identity Safeguard would be to plan and execute the deployment properly during the implementation phase. I have given this review a rating of 8.

One Identity Safeguard is a solid and reliable PAM solution in my experience. My advice would be to start with a clear access model before you deploy One Identity Safeguard. I would rate this review an 8 out of 10.

My advice to others considering One Identity Safeguard would be to plan the deployment properly and start with a clear understanding of your privileged access requirements.

Integrating One Identity Safeguard with systems such as Active Directory, Microsoft Azure, and SIEM tools was fairly straightforward with some learning curve in the initial phase. Active Directory integration is the easiest. It was the most seamless part. One Identity Safeguard has native support for AD, so user import, authentication, and role mapping were quick to configure. We were able to set it up with minimal effort, and it works reliably from day one. Azure integration required moderate effort. Integration with Azure was smooth but required proper configuration of roles, permissions, and connectors. Once configured, it works well for managing privileged access to cloud workloads. From a SIEM perspective, sending logs to SIEM tools such as Splunk and other tools required more fine-tuning. We had to configure log forwarding, normalize data formats, and set up correlation rules on the SIEM side. The initial setup took some time, but once done, it provided strong visibility and alerting capabilities. Integrating One Identity Safeguard with systems such as Active Directory, Microsoft Azure, and SIEM tools has had a significant positive impact on our operations. It has enabled centralized access control where all privileged users are managed through a single platform, reducing manual efforts and improving governance with Active Directory integration. User provisioning and role-based access became seamless. From a security standpoint, SIEM integration has given us real-time visibility and faster incident response, while session monitoring ensures full accountability of user actions. For cloud workloads such as Azure, it helps us maintain consistent security policies across a hybrid infrastructure, which was a big challenge earlier. Overall, it has improved operational efficiency, reduced security risks, and strengthened compliance, while also saving time in audits and incident investigations. We have integrated One Identity Safeguard with multiple parts of our environment to ensure centralized and secure privileged access management. Regarding identity and directory services, we integrated with Active Directory for authentication and role-based access. This helps us enforce least privilege access and centralize user governance. Regarding cloud platforms, we connected with Microsoft Azure for managing privileged access to cloud-hosted VMs and workloads, ensuring consistent security policies across a hybrid environment. Regarding SIEM and security monitoring, we integrated with SIEM tools such as Splunk or similar tools to forward logs and session events. This allows real-time alerting, correlation, and advanced threat detection. Regarding DevOps and automation, we use it in controlled scenarios with scripts and automation tools to manage secure credential injection. While not deeply embedded into CI or CD pipelines yet, it supports secure secrets usage for automation tasks. In our organization, One Identity Safeguard is deployed in a hybrid model. The core One Identity Safeguard application is hosted in our on-premises data center, which allows us to maintain strict control over privileged credentials and sensitive systems, especially for critical infrastructure. At the same time, we have extended its capability to the cloud environment, such as AWS and Azure workloads, through secure connectors and integration. The hybrid approach gives us the best of both worlds: security and control, and scalability and flexibility. It also helps in managing privileged access across both legacy systems and modern cloud workloads, ensuring consistent policies and centralized governance across environments. For our cloud workloads, we primarily use Microsoft Azure. Since a large part of our infrastructure is integrated with Microsoft services such as Active Directory and Office 365, Azure fits naturally into our ecosystem. It allows seamless integration with One Identity Safeguard, especially for managing privileged access across cloud-hosted virtual machines and servers. Additionally, Azure's native security controls complement our PAM strategy. It helps us maintain a centralized identity and access governance. Integration with a hybrid environment (on-premises plus cloud) is a smooth and efficient way. In our setup, we use virtual appliances for One Identity Safeguard. We chose virtual appliances mainly because of the flexibility and scalability they offer compared to physical hardware. Key reasons for this choice include the ease of deployment. Virtual appliances can be deployed quickly within our existing virtual infrastructure without waiting for hardware procurement. Regarding scalability and performance, it is much easier to scale resources (CPU, memory, storage) based on demand, especially as privileged access usage grows. Regarding cost, it avoids the upfront cost and maintenance overhead of physical appliances. My advice for organizations looking to implement One Identity Safeguard would be to focus on planning, a phased implementation, and user adoption. Start with a clear strategy before implementing. Clearly identify critical systems and privileged accounts, compliance requirements, and access policies. This ensures the solution is aligned with business and security goals. Follow a phased approach. Do not try to onboard everything at once. Start with high-risk systems and then gradually expand. This reduces complexity and helps teams adapt smoothly. Overall, my experience with One Identity Safeguard has been very positive. It is a well-rounded PAM solution that effectively covers all the core areas such as password vaulting, session monitoring, auditing, and compliance. What stands out is that it brings multiple capabilities into a single platform, from credential management to session analytics, rather than relying on multiple tools. This has not only improved security but also simplified operations. I would rate this product a 9.5 out of 10.

In the context of increasing cyber threats across organizations, I would advise others that using One Identity Safeguard is crucial for protection. I would rate this review a 9 out of 10.

The feedback from users regarding One Identity Safeguard's usability and functionality has been very good. All users have provided positive feedback, and we encourage them to reach out with any issues, but so far, we have had no problems reported. My advice for those looking into using One Identity Safeguard is to study the integrations between the client and One Identity Safeguard, ensuring the compatibility matrix is visible to all administrators before upgrading the product. I rated this product a ten out of ten.

My team and I have been using Safeguard for a considerable time, and the positive feedback I received from them is that they appreciated the automated access workflow. The session proxying and recording gives them the confidence that actions are secure while still letting them work efficiently. Admins appreciate the centralized password vault because it removes the hassle of remembering or sharing passwords. One Identity Safeguard is a robust, enterprise-grade PAM solution with excellent security and governance capability. The reason it deserves a rating of eight out of ten is because of its robust features and capabilities. However, it does not receive a higher rating due to user interface complexity, reporting limitations, setup and scaling efforts, and integration could be deeper. I would strongly recommend One Identity Safeguard for enterprises managing privileged access. If an organization needs strong control over admin accounts, session monitoring, and compliance, Safeguard is a robust choice. For deployment and onboarding, the solution is reliable and feature-enriched, so organizations need to take time to plan the initial setup, policy configuration, and user onboarding to get the most out of it. Organizations can expect a learning curve as admins and users may need training to adapt to approval workflows, session recording, and just-in-time access. I provide One Identity Safeguard a rating of eight out of ten.

Feedback from users regarding One Identity Safeguard's usability and functionality is that it is a good product and very simple to use. My advice for others looking into using One Identity Safeguard is that it is a great solution for simple tasks, with a good price and good functionality. My company does not have a business relationship with One Identity Safeguard vendor other than being a customer. I rated this review nine out of ten.

My advice to others looking into using One Identity Safeguard is to get familiar with the concepts of entitlements and access request policies, the keywords One Identity Safeguard uses, and also get familiar with the way that it handles session management and recording because it's a tool that needs a lot of time to get accustomed to. I give One Identity Safeguard an overall rating of eight out of ten.

Plan your deployment carefully and ensure you have skilled resources and partner support for initial setup. We have integrated One Identity Safeguard with our RPA workflows. It allows secure, automated privileged access for script bots and deployment processes, while ensuring session logging, password vaulting, and audit compliance across cloud-based operations. The integration was relatively straightforward but required more planning, mapping RPA bots to just-in-time privileged access, and configuring credential vaulting took initial time. Once the setup was complete, it was fully automated and secure. Our team has given positive feedback. They appreciate the user interface and the streamlined access request and automated credential management has reduced manual work and error. I would rate this review nine out of ten.

Overall, I have found One Identity Safeguard to be a very good solution. I would rate it an eight out of ten due to its strong security capabilities, excellent automated privileged password management, and effective real-time session monitoring. User feedback within our organization has been positive so far, and we are continuing to gather more input. My advice to others considering One Identity Safeguard is to evaluate it through a trial or demo, as pricing can be an important factor depending on organizational needs. Our company’s relationship with One Identity is strictly as a customer; we are not a partner or reseller.

Since starting to use One Identity Safeguard, there has not been much improvement, but I can say it's affordable, and that's primarily why we are using it. The affordability of One Identity Safeguard has allowed us to allocate budget elsewhere, particularly towards integrating it with OneLogin, which helps us manage our increasing user base's needs and costs. My advice for others considering One Identity Safeguard is that if you have more employees and privileged users and are looking for a long-term solution, then it is a good option—it's actually the better option. One Identity Safeguard is inexpensive in the long term, and it offers a better solution than CyberArk's, and mostly the pricing is what I value about it. I rated this review nine out of ten.

I recommend One Identity Safeguard because it is valuable in terms of cost-benefit. It is simple to implement, and its infrastructure costs are lower than other solutions. It provides a flexible approach, offering both on-premises and cloud solutions. Overall, I rate One Identity Safeguard eight out of ten.

There is no reason not to recommend it. Everyone should have a PAM solution to prevent privileged user damage and mitigate risks like stolen passwords or insecure storage. If you want to ensure recordings of activities, be it from external people or highly privileged users, then this is essential. This reduces the risk of malicious insiders. You cannot always prevent it, but having recordings allows you to pinpoint activities before a system failure. You can consider having SPA analytics for additional security. We do not have that yet because of the price, but we might add it later. I would rate One Identity Safeguard a nine out of ten.

We use the solution’s transparent mode feature for privileged sessions. There was an impact on the users with the roll-out of this feature because we changed the way people were connecting to systems and faced some problems like communication and networking problems. People did not have the correct permissions at the time. That was a bit of a problem, but we now have a seamless integration. It took us a couple of months to have everything working. I will recommend it to some customers because it is easy to deploy, administer, and configure. The price is fair. The scalability is also good. Overall, I would rate it an eight out of ten. It covers pretty much all use cases, but sometimes there is a lack of customization.

I would rate One Identity Safeguard an eight out of ten.

It's about controlling what people are doing in their infrastructure. Overall, I would rate the product six out of ten.

I would rate One Identity Safeguard five out of ten. Do not deploy One Identity Safeguard unless you have extensive training, classroom training, and infrastructure experience. We have around 100 administrators; our clients are medium and enterprise businesses. Minimal maintenance is required because it is a virtual appliance, and everything is preconfigured. One Identity Safeguard is a good solution, and I recommend it.

Based on my personal experience with the PSM features, it is a good product. I know that there are some competitors, but I have not worked with them. My colleagues worked on its integration with another tool. It seems to integrate fine, but I do not know for sure if he faced any issues. My experience is with the PSM features, and for that, I would rate the product a six out of ten. There are some specific features that can be improved, but in general, I have had a good experience with the product.

I would absolutely recommend One Identity. Very large organizations with complex technologies and a very large number of devices can consider other options. But One Identity has a very good suite of technologies.

I would rate One Identity Safeguard three out of ten. I only recommend One Identity Safeguard for small businesses. When using One Identity Safeguard, we need to be patient.

My customers use the One Identity Safeguard virtual appliances. I have not used the Cloud Assistant feature of the solution. I have not used the Remote Access feature for privileged users in One Identity Safeguard. My company does not integrate the solution with any other parts of the business, such as development, operations, and RPA. It was just tested but not rolled out in production. In terms of how the deployment of One Identity Safeguard affects privileged users may be a complex question because the customer didn't have a previous infrastructure. The customer is now building the infrastructure, so it's a dynamic environment. The customer doesn't have an old environment. I'm a One Identity Safeguard integrator, and my company also resells it. Regarding maintenance, usually, it's not required. Still, sometimes a user could complain about not being able to access passwords in One Identity Safeguard or that there is some misconfiguration I need to analyze, and in the end, the issue is with the target appliance and not One Identity Safeguard. My rating for One Identity Safeguard is eight out of ten overall.

I would rate One Identity Safeguard eight out of ten. A moderate amount of training was required for our people to start using One Identity Safeguard. We have up to five people using the solution. The only maintenance required is for patching. One Identity Safeguard is a great product once we become familiar with it. The GUI takes some getting used to.

I rate One Identity Safeguard eight out of 10.

I'm a product partner. We are using the latest version of the solution. I have yet to use the cloud assistant feature, so I can't say much about that aspect of the solution. We also do not use the solution's secure remote access feature for privileged users. We don't have it integrated with DevOps or RPA. While basic knowledge is important, there isn't much training required to start using the solution. I'd rate the solution six out of ten.

We're partners. We've resold the solution in the past, although we aren't doing so now. We're not active resellers. It's more opportunity-based. We are using the most up-to-date version of the solution. While we have yet to integrate the solution with other parts of our business, we are looking to integrate it in the future with DevOps. We're in the planning phase of that. The flexibility and integration process is seamless. I've definitely had worse experiences. The resources we had weren't very experienced and we got through everything with very few headaches. From a security and productivity standpoint, it's good. I'd rate the product eight out of ten.

To prepare for Safeguard you need to know your network, and if you think you do, you don't. You need to have network personnel available during the deployment to maintain tempo in the deployment. If you don't have access to people who are able to change things in the firewalls and the like, you will stall. The documentation, what you need to do, is very clear, but every network is different, and you really need to know where you put your Safeguard solution and that you have access to people that can help you fit it into your existing network. That's a very important step. You also need to know what "high privilege" means to you because it's not defined in Wikipedia. You cannot go there and see what applies to your systems. You need to know that yourself. Be sure about what you want to protect and what levels of protection you want, beforehand. And, as I mentioned, there is the issue with certificates, which is an issue for every company. It's quite a hard thing to know. Not everyone is a professional when it comes to certificates. You may need to know the certificate chain, and you might have to update it with new information and roll that out to your organization. That might not be your first thought when implementing it in your system. But the main focus is the network, especially if you're also going to deploy Safeguard in your own cloud. That creates a little bit more of a challenge. We use their product called Active Roles as well. We haven't really done any integration with other parts of our business. We have just given administrators and people with high privilege a secure way to access their systems through RDP and SSH. But we have not integrated any robots or development flow as of now. We are too young in this journey.

I would recommend it if you are looking for a privilege management or identity management solution. If you are having challenges with reporting and compliance, it will certainly be helpful because you will get a lot of details for auditing and monitoring purposes. I would rate it a nine out of ten. It is an amazing product, but its cost needs improvement.

I would rate One Identity Safeguard a nine out of ten.

I rate One Identity Safeguard eight out of 10. It's an excellent solution and a perfect fit for our use case.

I haven't used other products, but I would highly recommend One Identity SPS. I would rate it an eight out of 10.

My advice to others wanting to implement this solution is to do the implementation slowly and concentrate. I rate One Identity Safeguard a nine out of ten.

It is a good solution. There is no limit to its usage in a company, e.g., IT or financial. Check the basic rules in the documentation because the solution is easy to use. I would rate the solution as 10 out of 10.

The advice I would give to organizations considering this solution would be that before they make a commitment they need to try to find a local support resource. They will want to be able to get local support because that can be critical. But otherwise, I think it is a good product and a good buy. I would buy it again. As a partner, I would also sell it again because I am confident in it as a product and a solution. On a scale from one to ten, where one is the worst and ten is the best, I would rate the One Identity Safeguard solution as a nine-point-five out of ten. I'm very happy. If I have to choose an integer, it would have to be a nine. Ten would mean it is perfect and there are things I think can be improved.

Clearly assess your needs and formulate the necessary requirements, then proceed from there with the selection of an appropriate solution. In our case, One Identity Safeguard became this solution. However, this solution is not a panacea for all ills. It is possibly you’ll find that a different solution is more suitable. I would rate the solution as a nine (out of 10). In order to rate it as a 10, it should have what I would like to see in its coming new releases. Foreign Language: (Russian) Как и для чего вы используете этот продукт? Мы используем это решение для контроля доступа привилегированных пользователей, таких как администраторы приложений, к внутренней сети. Это решение позволяет нам записывать и регистрировать пользовательские сессии. Мы используем виртуальные устройства на платформе VMware. Виртуализация таких сервисов позволяет нам гибко масштабировать конфигурацию нашего оборудования и предоставляет значительно больше возможностей для построения стабильной структуры. Как это помогло моей организации? Это решение позволило нам обеспечить удаленный доступ к внутренней инфраструктуре компании в контексте пандемии COVID-19. Это сделало этот доступ более прозрачным и контролируемым для отделов информационной безопасности. Мы легко интегрировали этот продукт с нашей системой SIEM для сбора событий. Благодаря этой интеграции мы смогли создавать подходящие регулярные отчеты о привилегированных пользовательских соединениях. Поэтому наши подразделения информационной безопасности могут лучше видеть, кто подключается к удаленной инфраструктуре. Какие функции вы нашли наиболее ценными? Наиболее ценной функцией является регистрация сеансов с их визуализацией, то есть запись видео. Эта функциональность позволяет нам восстанавливать действия пользователя в случае каких-либо инцидентов. Решение прозрачно интегрируется в инфраструктуру, и пользователи этого не замечают. Я бы дал этой функции самый высокий рейтинг. Хотя функция «прозрачного режима» никак не повлияла на мониторинг, она привела к увеличению удобства подключения пользователей. Это решение визуализирует сеансы RDP и регистрирует сеансы SSH. Что нуждается в улучшении? Я хотел бы видеть поддержку RDP через HTTPS, чтобы этот продукт можно было использовать вместе с терминалом Microsoft. Я хотел бы визуализировать сессии SSH. Я хотел бы использовать встроенные механизмы балансировки трафика со встроенным механизмом балансировки нагрузки при использовании нескольких экземпляров. Как долго я использую этот продукт/решение? Около четырех лет. Что я думаю о стабильности этого продукта/решения? За четыре года использования мы не встретили ни одного сбоя или сбоя системы. Продукт стабилен. Что я думаю о масштабируемости решения? Увеличивая количество пользователей, мы можем довольно легко добавить к виртуальным устройствам процессоры и память или диски для хранения записей, что труднее сделать на аппаратном (физическом) устройстве. У нас есть два администратора, участвующих в развертывании, настройке и обслуживании этого решения. В разгар пандемии у нас было до 3000 пользователей, подключенных через решение и способных работать из дома. Как бы вы оценили техническую поддержку этого продукта/решения? Мы использовали техническую поддержку One Identity. Я бы оценил это как превосходное. Они отвечают на все заданные вопросы быстро и качественно. Какое решение я использовал ранее и почему я переключился? Ранее мы не использовали другое решение. Как прошла начальная настройка? Виртуальное устройство развертывается из доставленного образа без каких-либо проблем. Настройка занимает от 15 до 20 минут, включая первоначальную установку и настройку. Он также доступен для любого администратора с компетенцией Unix. Мы используем функцию «прозрачного режима» для подключения административных пользователей через SSH к серверам Unix. При настройке этой функции проблем не возникало, так как все было просто. Решение хорошо документировано и вполне понятно при настройке. Потребовалось около одного или двух рабочих дней для администрирования решения, ознакомления с документацией и настройками, а также для тестирования различных вариантов конфигурации. Это было не очень сложно. Для наших пользователей особых нюансов не было, так как подключение прозрачно. Они не понимают и не видят, что они соединяются через пространство One Identity Safeguard. Наша стратегия внедрения заключалась в том, чтобы использовать это решение для управления удаленными сеансами привилегированных пользователей, в первую очередь с нашей службой поддержки Информационных Технологий. Теперь мы используем продукт для этой цели. В целом стратегия имела успех. Какой была была ваша прибыль на инвестиции в One Identity Safeguard? Мы не испытали никаких потерь, поскольку контроль действий привилегированных пользователей в первую очередь сводит к минимуму риска и создает отсутствие потерь. Какой у меня опыт работы с ценами, стоимостью установки и лицензированием? Лицензирование и ценообразование довольно просты. Количество каналов регистрации лицензий зависит от потребностей заказчика. Я бы посоветовал оценить количество одновременных сеансов за единицу времени и перейти оттуда к покупке лицензии. Прежде чем выбрать этот продукт, вы оценивали другие варианты? Мы оценили Safeguard и другой продукт. В конечном итоге мы выбрали Safeguard. Safeguard - это внешнее (по отношению к управляемым системам) решение, которое позволяет вам записывать сессии. Его конкурентом было агентское решение, которое было размещено на целевых серверах. С решением конкурента был риск отключения записи привилегированного пользователя. Какой еще у меня совет? Четко оцените свои потребности и сформулируйте необходимые требования, а затем приступайте к выбору подходящего решения. В нашем случае One Identity Safeguard стал таким решением. Однако это решение не является панацеей от всех болезней. Возможно, вы обнаружите, что другое решение более подходит. Я бы оценил решение как девять (из 10). Чтобы оценить его как 10, у него должно быть то, что я хотел бы видеть в его будущих новых выпусках.

If you're looking for something that is easy to use with a very intuitive interface — even the administrator interface is very intuitive — I would highly recommend safeguard. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with. The biggest lesson I have learned from using Safeguard is to make sure you have enough accounts available for individuals' sessions so that they can check out. The way Safeguard works, an account is created just for Safeguard. Individuals go in as themselves and then they have to check out this account in order for that account to be able to remote to the server. That account would be the only one allowed to remote to the server. But if multiple people have the account checked out for multiple hours, that presents an issue. So keep your session times as minimal as possible. Even for timeout, allow them to change it if they think they're going to use it longer. But the important thing is to make sure that you either have enough accounts or have your session timeouts limited. We do use the solution's behavior analytics feature, but I wouldn't say that it's too useful at this point for us because we know what their usage is because it has to be done through tickets. For how long they're using it, what kind of configurations they're doing, and what they're doing, the analytics piece of it is more expected for us, as a result. It does help us to identify risky actions without having to create a set of rules or policies, and without any effort on our part. But in our environment, if users don't put in a ticket and provide effective comments, then our approvals group doesn't approve it. There's no automatic approval set up. An individual reviews every request, so malicious use would not be possible.

Start with your current state. That's what we did. Then, create a roadmap of where you are, where you need to be over the next five years. Once you're able to assess the current state and you have a plan in place, you can pick the product that's going to help you get to that future state. The biggest lesson I have learned from using this product is to be open-minded in trying to figure out where we could use some enhancements. Just because you choose a product you don't have to be 100 percent, all-in on the product. There is always room for opportunities. Whenever there is feedback or challenges, take them and then see what you can do better. My focus is the end-user who is using the product. We have to make sure that using this product doesn't affect users' day-to-day operations. We started using the solution's behavior analytics feature but it never really took off because we got overwhelmed with other areas that we needed to address. It's something that is on the roadmap for us to eventually take a look at, or at least refresh the project plan and commit some time and some resources to it. We are looking to integrate Safeguard with RSA. RSA has a component and we're looking to streamline the metrics around that component. When a product is brought online, there's a way for us to go in and do a scan of that machine or that endpoint. Ideally what should happen is that we'll go to Safeguard, check out a password, push that password to the vulnerability management scanner, and scan it. When that scan is done, it actually checks in the password and rotates it. It's our vulnerability management solution that we're looking to integrate. We're doing a PoC on that right now. Safeguard is a next-generation tool when it comes to privileged access management. They have done a nice job figuring out all the features that need to be available out-of-the-box. I do have high expectations for Safeguard. I continue to look forward to future releases because I know it's going to get even better.

Make sure to always get the support. This solution could not be successfully implemented with no support of the HR and procurement system. You will need to mature all of your HR and procurement processes to do the deployment in a secure manner. This is a security solution, not an IT solution. If you want to deploy it as a security requirement, you need to ensure that the HR and procurement processes are correctly in place. You can use it as a technology solution, because not all the technology requires security, but all security requires technology. We haven't activated the session recordings yet. We have tested it, and while it worked successfully, we didn't apply it fully because of internal technical issues. All the logs in the system are recorded and sent to our security operations center (SOC) for analysis. In our SOC, we have end user behavior analysis, but do not depend directly on One Identity to provide this. However, I might ask to have a report for the user behavioral analysis going forward. I can rate the solution as an eight (out of 10).

The solution is part of our identity and access management product. We use Saviynt as our identity, governance and administrative tool. We certify all privilege accounts on a schedule basis. There is some integration with our identity and access management platform/program at the bank. It allows us to be in a position where we can identify and detect as well as prevent any type of privilege act that's being used as a threat at the bank. The integration was easy. It didn't pose any problems. We have had a mixed bag regarding the solution’s usability and functionality. We have had some people who said that the tools worked nicely. They checked out their credentials every morning, use them for the better part of the day. We set the duration for eight hours. Once somebody checks out something in the morning, they pretty much use that password for the entire day. For some groups, this created a problem because of the type of work that they do, such as long running processes. We've had some issues where their password expired while a process was still running. We had to work with our IT engineering group to come up with a different type of the duration for their needs. One Identity has been very good at working with us to help us through these use cases. Understand each use case very carefully and thoroughly. This changes the way someone conducts their business. We had to be cognizant of the impact to our day-to-day operations. If I could do it all over again, I would spend more time understanding the impact of a security tool, such as a privileged access management solution. I think we could have done somethings better than we did. We haven't started to use the solution’s behavior analytics feature, but as we start building up some data, then that puts us in a position to be able to identify any type of exception or anomalous behavior. We haven't built up enough trending data to leverage that functionality at this time. We are very happy with the tool. I would rate the solution as an eight (out of 10).

When you use Safeguard in production, it provides traceability and protection around your platform. I would rate the solution as a seven (out of 10) because of the interface. I have seen the future of analytics, and it's very interesting. I hope to have the time to try and learn something about that.

Take your time. Talk to as many different aspects of the business in the company as you can. Get a lot of input from many people. Know how to sift through good and bad input. Use Professional Services, if you can. The tech on-demand services was much cheaper than their full-blown professional services. For the tech on demand services, we never had to wait more than a few days for some type of response. The training was pretty easy. There was a one-day training class for the admin. Then, for the users, there were a couple of Word docs that we circulated around which were good enough. We have not integrated it with other parts of our business. It is standalone and independent. More time is being spent because there are more steps to check out a password or if you get a password. We have just starting to really use the product. There is a lot of design, building, and configuring involved, so we have just started to truly take advantage of some of the features it has. We haven't set up any type of approvals. We're pretty tight on who can see and request passwords in the first place. I would imagine at some point in time we'll probably end up utilizing the Approval Anywhere feature, just not right now. As far as privilege access management goes, I'd rate it a nine (out of 10). So far, the product has been really easy to use and set up. I'd just make the rollout and implementation of the transparent mode better.

We use the on-premises deployment model. We're an integrator company for this solution. In terms of advice, I'd say new users should involve the integrator architecture team from the beginning. From a technical perspective, you need to have discussions with the network team from the beginning. I'd rate the solution nine out of ten.

We use the on-premises deployment model. It's easier to use than its competitors. I'd rate it eight out of ten.

Before you decide, do a full analysis of your requirements and see if the product fulfills them. Performing such an analysis after the fact is going to be difficult.

We are very pleased with the Safeguard platform feature. You can't find this technology anywhere else. On a scale from one to ten, one being the worst and ten being the best, I would give this product a nine rating. If the technical support was better I'd give it a 10 out of 10.

Test it and its competitors. You will probably choose SPS. Both the search functionality and speed have been greatly improved. We are not using privileged passwords.

Look at the entire portfolio, since it has changed so rapidly. The capabilities have improved quite a bit. You need to make sure not to miss out on any features. The Approval Anywhere for Privileged Passwords is a really good concept, because it enables admins to do other work, be more flexible, and work from home. However, we don't have any real experience with it yet, as we are looking into it at the moment.

It's a great product for our industry, which is banking.

It is a good solution, but it needs more marketing. Most important criteria when selecting a vendor: * The support * How long the product has been in the market.