One Identity Safeguard Reviews

My main use cases include LDAP, SSH, and some utilization of HTTPS. My primary uses are LDAP and SSH.

From my experience, the features are best for monitoring and the usage of LDAP and SSH. I think One Identity should improve its documentation because it is vast and not clear, and clear documentation on implementing the solution would be advantageous for consultants. I find clear documentation helpful for clients and customers to achieve what they want.

I find it complicated to implement HTTPS monitoring because the documentation is unclear. The disaster recovery process is complicated for me. For some configurations on the SPS side, if I need to make changes, such as for DNS servers, I must redeploy the machine. Transparent Mode can be improved in newer versions, and the failover process is the most complicated for me.

I have been working with this solution for the last two years.

The stability is consistent for me until a problem arises; then it becomes difficult. I encounter problems primarily with the failover procedure.

Scalability is acceptable for me. If customer usage increases, I can add new appliances, but this incurs costs.

I find the support good, but not excellent. When I open a ticket, resolutions can take a long time, and I sometimes need escalations to reach expertise.

Negative

I always compare this solution with CyberArk. I feel CyberArk is not like a black box; it allows a lot of customization.

The initial setup is not complex for me; it's straightforward. I would rate it a seven, as it takes me thirty to forty minutes per machine for deployment.

I install the solution and offer the services to the end-users.

Any PAM solution, when I deploy it well and customers use it, leads to a return on investment. This is applicable not just to One Identity or CyberArk, but to any PAM solution that provides what customers need to achieve.

It's about controlling what people are doing in their infrastructure. Overall, I would rate the product six out of ten.

The first time I used One Identity Safeguard was when I was the manager of the infrastructure of Ayendeh Bank, and we are currently using it now at my present company.

Our main use case is in security reviews for all of the change management and incident management services, and we also use it for the VPN connection for PAM. It allows us to review everything that goes on over the working day.

For example, our third-parties who support all of our services, including network services (e.g. Cisco) and our Linux servers, are eligible to connect via the VPN, and through One Identity Safeguard, they are able to make contact with and use the various services.

Our company works alongside various PSPs (Payment Service Providers),
and our work here is mainly to prepare the software switch for them, and
to handle the SLA for infrastructure maintenance services. Due to the nature of our work, we also use One Identity Safeguard for on-call and direct administrators whether they are in-house or external to our company. It is, in fact, the main tool for managing access for all the services. And because of that, I'm available for these companies 24/7 all year long.

At present, we have around 17 direct users of One Identity who use it on a daily basis, which includes 10 people from my own department.

The first feature I like about One Identity Safeguard is the live contact point for the VPNs. This has been working very well for us, as it's both highly available and reliable.

The second thing I like is the services that let us review all the contacts and take all the passwords from another administrator. These services are very reasonable. For instance, some of the third-parties will leave our company and support, but then fail to relinquish the usernames and passwords. With the security orchestra that One Identity Safeguard provides, this is no longer a problem.

We currently have a problem with the Active Directory integrations on Windows. Some of our users need to be logged with Active Directory, but we are having communication issues between One Identity and Active Directory. It seems that Active Directory is not well-integrated.

Apart from that, when we are using the interactive login, such as when logging in and going inside the site for support, we find that we need to repeat the username and password, sometimes even two or three times.

When it comes to suggestions for new features, I would like to see something along the lines of an automated command prevention system. To elaborate, sometimes we will have users who input unsafe commands, and we would like to prevent those commands from being processed, and to be able to identify those users who sent the commands.

I believe some kind of automation, possibly based on AI, would be appropriate for this, and it would help the administrators and managers to more easily prevent these kinds of incidents. Part of my role is to reduce the number of total incidents, and if we had an automated mechanism to prevent unsafe commands from being entered in the first place, it would help a great deal.

I have been using One Identity Safeguard for about six years.

I can say that it is 100% stable because during the past two years we have not had a single problem with stability.

In our company, the scalability is good enough for us at present. In my department, there are ten direct users, and outside my department there are another seven direct users. Perhaps when we increase our customers, we will scale up further.

At present, because of the sanction department for technology in Iran, we cannot use the direct customer support. Instead, we use third-party support. For example, we have a contact point with a company who has branches in Turkey, and they are taking the tickets for Safeguard. Before that, with Balabit, we got responses in less than 24 hours.

Positive

Before Safeguard, we were using Balabit. However, Balabit has now been acquired by One Identity.

Another solution that was being used by some of the other companies I consulted for was WALLIX Bastion. Using WALLIX was a really different experience. With One Identity, we have no problems with connections or slow communications in the network, but with WALLIX there were many problems to do with the networking. Sometimes the servers would even crash or hang, but none of these issues have been found in Safeguard. By comparison, Safeguard is much better in terms of performance, networking, and server stability.

There were no real problems with the setup. Regarding the ease of installation, if you have a professional team, then it is easy. But, for example, if it's your first time setting it up as a junior administrator, then it can be quite difficult. I would Safeguard a 3.5 out of 5 in terms of how complex the initial setup is.

We used an in-house team for the implementation, because myself and the other companies we work with have a lot of experience in it. Thus, for us, it was no problem to implement.

The license is very expensive for us, partly due to inflation and partly because of the exchange rate between the Dollar and the Iranian Rial. We purchased a perpetual license that we've been using up until now, but I believe that we are not going to update it in the future. Instead, we plan to find another third-party  to support us with the license, in the sense that we would have access to their license as a shared agreement.

I would rate One Identity Safeguard a nine out of ten.

We use it primarily for our IT team, so they can access our production and pre-production environments, to have better accountability. They have to create a ticket, check it out, and then they have to get approval from our approvers group. So there's accountability from beginning to end, and we also record the sessions.

The time frame to get sessions rolling has been cut to a third. From a productivity standpoint that's tremendous.

In addition to that, the ease of use is fantastic because our IT team is able to check out sessions very quickly because it's so intuitive and easy to work with. They're pleased with it and it allows them to do their jobs much faster. That's probably the largest way it has improved things for us.

Finally, because of the intuitiveness and ease of use for end-users it has been really simple to train on. This product has worked flawlessly for us.

There are a lot of features, so it's going to sound funny, but one of the most simplistic features, the Favorites feature, is the one we like the best. You do a full run-through of configuration to check out a server and then you can save that whole configuration as a favorite. So the next time you go in, you click on the favorite that you configured and it automatically takes you to the end so you can check the server out that much faster. It saves a lot of time, resulting in an increase in productivity and a decrease in issues and errors and interface problems. It increases redundancy and gives us a much easier interface to use.

We're using virtual appliances for Safeguard because of the flexibility of virtual appliances. We can snapshot them, we can restore them quickly. There's a lot more flexibility with virtual.

We use the solution’s Approval Anywhere feature, and it allows a group of five individuals to receive notifications on their phones, through Starling, and review a request and approve it with one click.

We also use the solution’s “transparent mode” feature for privileged sessions. We record them and we also review them. That way, if there are problems with any configurations they did, we can go back and review them. Also, for mentoring, teams utilize it to help individuals deploy code better or to make changes to configurations. There are a lot of positives with that feature. It was very easy to start using this feature. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with. The rollout of "transparent mode" was seamless for our users. We sent out picture instructions on how to do it and offered to get on a call with people to discuss it with us, but nobody had any questions. In terms of the monitoring itself, it doesn't affect things any differently than the previous solution. It's pretty much the same. Obviously, using the tools is easier, but we were monitoring the same type of information as before.

There is room for improvement in the launch module. They built in a launch button but they don't have effective instructions for configuring it to allow it to launch an RDP session. They're working on that, but the button is in the live product. If they were going to install something that wasn't useful, they should have just disabled it and not rolled it out with the product. Because we don't tie it to an RDP session, you actually have to click the download button and then open the RDP session from there, versus just clicking the launch button and it automatically opening RDP.

Before Safeguard we used TPAM, which is one identity's product as well. We upgraded but we've been using the overall product since 2016.

Overall the solution is very stable. We have not had any major issues on it. It's a nice system.

The only issue I have run into was with our failover two our redundant. There was a pointer to the One Identity platform, it's called an SPP, and it wasn't pointing correctly. But we were able to resolve it. There have really been no issues besides that. Otherwise, everything is very seamless when doing failover and full redundancy.

We can continue to add more VMs to support thresholds. We can certainly scale up with it. It's being used on about 300 servers right now and we have plans to expand to about 200 more.

We have 50-plus people using safeguard right now and they're all in IT. For deployment and maintenance we have one to two people.

We haven't had to use technical support. It's been a solid platform so far.

Previous to this, we were using TPAM and, while it worked, it was horrible to work with. When we saw and got a demo of Safeguard and saw that we would be able to approve things from our phones, saw the user interface which was so much nicer — more intuitive, a lot easier to configure — we went from our teams complaining about the old product every day to not hearing one complaint at all. As a matter of fact, I hear compliments about how much they love Safeguard.

The feedback I have had from users has been a lot of compliments about how much they enjoy working in the interface. It's so much easier to use. It's quick. They can get to the point of checking out a server and of being compliant with security requirements, while at the same time being able to troubleshoot an issue much faster than they used to be able to.

The initial setup was a little complex.

We worked with an integrator, Rallypoint Solutions, to accomplish it because we hadn't accomplished it before with Safeguard specifically. The integrator was tremendous. I have nothing but good things to say about Rallypoint. They helped integrate the whole thing. They really had a great understanding of it. We worked with them throughout the entire setup. We were the hands and they were guiding us. Overall, it was very easy to get up and running.

It did take about a week, eight hours a day — so 40 hours — to get fully up and running and everything imported from the old system into the new one, and to make sure all testing and redundancy were done.

The deployment was not disruptive to our privileged users at all. We ran both the old system and the new system in parallel and allowed them to migrate over after a period of two weeks. However, we had most people on it the first week and they loved it. They were eager to get off the old system.

It required no training. I provided step-by-step picture instructions that we had written out and that was it. They were good to go. We did have a strategy in place, if we needed to work with our teams from a training standpoint. We had sessions set up and ready to go where a live person could walk them through it. But none of our IT users seemed to need that. It was very intuitive.

We have seen ROI using Safeguard. For example, configuring a session in the old version used to take them 10 or 15 minutes, or more. Not only that, but the live person who was the approver had to be logged into the system. So the requester could actually wait a couple of hours before somebody would be able to log in and approve the session. With Safeguard, it's approved within less than a minute because approvers get the notifications on their phones and are able to review the tickets effectively. They understand what's being accomplished and know that it has a ticket number with more detailed information that they can verify, and they can approve the session right there. The individual gets that approval immediately. We went from an average of from anywhere between 15 minutes and two hours down to less than a minute or two. That's tremendous.

They offer a fair price for a robust solution.

In addition to the standard licensing fees there are costs for Starling, but they're very minimal annually. You need Starling to use the mobile Approval Anywhere feature that is so convenient. So it's worth every dime. That extra cost is so small that it's not really even noticeable.

There are integration costs if you aren't looking to do it yourself. I highly recommend their integrators. They are a little expensive but certainly worth the money.

We did evaluate other solutions, but this is the best choice. We went with Safeguard because of the flexibility, the interface, and a more seamless migration from the old system to the new system. And costs were a consideration, obviously.

If you're looking for something that is easy to use with a very intuitive interface — even the administrator interface is very intuitive — I would highly recommend Safeguard. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with.

The biggest lesson I have learned from using Safeguard is to make sure you have enough accounts available for individuals' sessions so that they can check out. The way Safeguard works, an account is created just for Safeguard. Individuals go in as themselves and then they have to check out this account in order for that account to be able to remote to the server. That account would be the only one allowed to remote to the server. But if multiple people have the account checked out for multiple hours, that presents an issue. So keep your session times as minimal as possible. Even for timeout, allow them to change it if they think they're going to use it longer. But the important thing is to make sure that you either have enough accounts or have your session timeouts limited.

We do use the solution's behavior analytics feature, but I wouldn't say that it's too useful at this point for us because we know what their usage is because it has to be done through tickets. For how long they're using it, what kind of configurations they're doing, and what they're doing, the analytics piece of it is more expected for us, as a result. It does help us to identify risky actions without having to create a set of rules or policies, and without any effort on our part. But in our environment, if users don't put in a ticket and provide effective comments, then our approvals group doesn't approve it. There's no automatic approval set up. An individual reviews every request, so malicious use would not be possible.

We have more than 1,000 servers or application servers, and we have several layers of teams. We have super admins, system admins, and operations staff, and we also have application vendors using the system. In such a large environment, it was really difficult for us to do identity management on a daily basis. We had new people joining the team, and we also had people leaving. We had to put in additional manpower to monitor these activities and comply with the regulations. That was the main reason we moved to automation with the One Identity solution. We are using their Privileged Account Management solution.

We have virtual appliances. We don't have physical ones.

We have several data centers located all over the globe. Previously, if someone needed access or certain permissions, we had to manually go to our Active Directory, identify the user, and give permission. We had to do that one by one. When we had hundreds of new joiners, it was a time-consuming activity. Sometimes, this activity would take more than two days. One Identity has made all this easier. Monitoring has become much easier, and I can invest the energy in other things instead of monitoring which user is doing what. It has become a one-console management for us.

For my team, it has reduced the task of monitoring who did what and using which ID by 80%. They only have to do 20% of the work than before.

We are using all of the access features. It is much easier for a new user to adopt this solution. It also works perfectly fine with a VPN.

All the features are promising, but we love the reporting feature because we can get each and every report. That's a major compliance requirement. Its reporting is really amazing, and it has made life a lot easier.

Its setup is quick. It is easy to set up and operate. It doesn't matter whether you have a deep IT background or not.

Cost-wise, it is a little bit expensive, which makes it difficult to get management approval. Its price should be reduced.

In terms of features, I'm completely satisfied with it. I am not expecting any more features. Its cost is the only issue. Everything else is okay.

We introduced this product in our organization in 2014.

It is pretty stable.

It is very scalable. We recently increased the number of licenses. Previously, we had a thousand servers, but now, the number has increased. The number of users has also increased. So, we upgraded our system. 

We are using it mostly for privileged users, developers, and system administrators. In total, we have around 300 users. We have plans to increase its usage. We have some upcoming projects where we want to use it on a larger basis. We have plans to use it for DevOps users and third-party vendors, but it will take a little bit of time.

We have not integrated the solution with any other parts of the business, such as DevOps, RPA, or cloud targets. We are evolving day by day. We are upgrading our technology, and we have plans to do that in the future.

We had premium support initially, but we don't require that now. We didn't encounter any critical issues. We are using their regular support. I would rate their support a nine out of ten.

Positive

We were not using another solution previously. Privilege management was a really tough task before the One Identity solution.

It was straightforward. Of course, when you are introducing a new product, you need to do a little bit of research, but the steps were very simple. You don't need much technical knowledge, and you don't need to go so deep to do the configuration. You can just have a look at the setup start guide. Anyone should be able to do it easily.

Our deployment took around six months because we did a few PoC. We also tested it in different system environments before bringing it to the production environment. Out of these six months, we spent almost two months doing the PoC with other products, and then for two months, we put it in the UAT environment or the test environment, and then we brought it into the production environment. So, overall, it took six months for the rollout.

The deployment wasn't disruptive for our privileged users because they were working with the old method while we were implementing it. So, there was no pause during the implementation. Once we completely rolled out One Identity, they started using it.

To start using the solution, you at least need knowledge of the policies and configurations available. You require a little bit of training because one change is going to impact thousands of users.

When we did the deployment, we had a team of about 30 people. Now, we don't have a dedicated team for its maintenance. We have a team of about 15 people doing other activities and managing various technologies, including One Identity.

I have definitely seen an ROI. It is not necessarily in terms of cost. My work has reduced, and I'm able to focus the saved energy or time working on other technologies or implementing new things in other areas of my organization.

Its subscription cost is too much, and sometimes, it is very difficult to pitch the solution to the management for cost approval. If the cost is reduced a little bit, it would be easier. If its cost was less, many other organizations that currently cannot afford it would be able to use this technology. I'm sure many organizations around the globe are having issues with identity management, and it is a very difficult task for IT to manage privileged accounts.

We did PoC to identify different solutions. We tried several solutions, but it didn't work out. We did a PoC with the One Identity solution, and it was easy to manage because it helped us to meet all the compliance requirements and do other things. That's why we went with this solution.

I would recommend it if you are looking for a privilege management or identity management solution. If you are having challenges with reporting and compliance, it will certainly be helpful because you will get a lot of details for auditing and monitoring purposes.

I would rate it a nine out of ten. It is an amazing product, but its cost needs improvement.

We use the virtual appliance of One Identity Safeguard to enhance security when external support is logged into our internal network. This is because it is the riskiest situation when an external company logs into servers to provide support. We want to increase security and monitoring to minimize risk. We have better monitoring tools to help us achieve this.

Managing the remote access for privileged users feature is moderately difficult.

We currently use only one feature, which is privileged access to remote desktop servers with rotating passwords for privileged accounts. This is the main feature we use, and it typically disconnects external users from the system before giving them a different user to use for logging in. We have to use the Safeguard session in an integrated separate session or with the exact name available to record the sessions.

The GUI has room for improvement because it is confusing and cumbersome. 

I have been using One Identity Safeguard for two months. 

One Identity Safeguard is stable and provides great performance.

The technical support varies depending on who is assigned to our ticket. 

Neutral

The initial setup was complex, and we had to put it behind a firewall for security. This made it difficult to open the ports needed to set up the connections. It was a time-consuming process, and we had to work with the integrator to complete it. It took several days of work, but the tool is powerful and worth the effort to set up.

Three people were required for the deployment.

We used an integrator to help implement One Identity Safeguard. The integrator was good. He was able to train our people to deploy the solution.

I would rate One Identity Safeguard eight out of ten.

A moderate amount of training was required for our people to start using One Identity Safeguard.

We have up to five people using the solution.

The only maintenance required is for patching.

One Identity Safeguard is a great product once we become familiar with it. The GUI takes some getting used to.

We primarily use the solution to manage identities.

It's a good solution for managing identities under OneFile for authorization.

So far, the useability and functionality are very good.

We use the Approval Anywhere, or cloud assistant feature and it is great. It enables us to add an extra layer of security for critical passwords without adding time to the approval process.

The secure remote access feature for privileged users has been useful as well. We've had moderate success with it. It doesn't apply to some reference levels. We do like that it does not make us use a VPN. It gives us more flexibility. We can push out to mobile users a bit easier. 

We do have some support issues sometimes around user authorization rights and onboarding. Typically it's on the user's end where there are issues. We point them back to the instructions.

The big issue I have with the solution is the lack of timely updates. We have feature requests and would like to see the turnaround times on those features to be faster.

The pricing could always be better.

I've used the product for five or six years.

The solution has been stable. 

The scalability of the solution is good. It was one of the reasons why we chose it. We needed something to scale with our customers. So far, we've been happy with its capabilities. 

I haven't had issues with support so far. We do not use the vendor's premier support.

Positive

The whole effort, in terms of initial setup, took a couple of weeks. There is a learning curve associated with the process. My end-user took an hours-long course and my administrators went to training for about two to three days.

The pricing is okay compared to other products we looked at.

We looked at a couple of other solutions from CyberArk. The useability of this solution is better. 

We're partners. We've resold the solution in the past, although we aren't doing so now. We're not active resellers. It's more opportunity-based.

We are using the most up-to-date version of the solution. 

While we have yet to integrate the solution with other parts of our business, we are looking to integrate it in the future with DevOps. We're in the planning phase of that.

The flexibility and integration process is seamless. I've definitely had worse experiences. The resources we had weren't very experienced and we got through everything with very few headaches. From a security and productivity standpoint, it's good. 

I'd rate the product eight out of ten.

We mainly use the Privileged Session Management (PSM) features.

In terms of the user experience, it is a pretty useful product. It works in a good way. 

We sometimes face issues with configuration and things like that, but we manage to solve them. In general, it is a pretty good solution for the PSM features. 

There can be an improvement in terms of the policy that can be implemented on the SSH session.

I have been working with this product for more or less 2 years.

I have never spoken to their technical support. A colleague of mine interacts with them.

I did not work with any other solution previously. I have read about other products and their features, but I have not worked with them. One Identity Safeguard is probably one of the best solutions for PSM features.

I do not work on the installation. I work on the setup. We do face some issues with configuration, but in general, we are able to troubleshoot them.

Based on my personal experience with the PSM features, it is a good product. I know that there are some competitors, but I have not worked with them.

My colleagues worked on its integration with another tool. It seems to integrate fine, but I do not know for sure if he faced any issues.

My experience is with the PSM features, and for that, I would rate the product a six out of ten. There are some specific features that can be improved, but in general, I have had a good experience with the product.

We introduce One Identity Safeguard to customers, primarily Italian customers who need to partner with solutions that protect their target resources.

What I like about One Identity Safeguard is its interface, which is easy to understand, even for people new to the product. I also like that the solution collects data without any access to the machine, plus it has a feature that lets people explore access to machines within a network.

Regarding the usability and functionality of One Identity Safeguard, the most common feedback I receive from users is that the solution is easy to use and can easily move data.

I also like that One Identity Safeguard lets you configure the maximum number of connections to the target, a configuration I didn't find in its competitor.

My customers use the transparent mode for privileged sessions in One Identity Safeguard, and it is easy to use, though it may be more difficult to configure. I haven't received any customer complaints about that feature, so it's not that difficult to use.

To start using One Identity Safeguard in terms of training for people who manage the solution and the end-users, my colleague and I took a course from One Identity. That training was enough for the basic features, but for some other features, my colleague and I had to create some tickets, though he and I know the database and processes. For users, it is easy because my company provides them with a two-page resource manual with screenshots. Then, I spent some time with the managers to show how One Identity Safeguard works, which is very easy because I've used the solution before. 

The analytics interface of One Identity Safeguard is also easy to understand.

A feature I found in a competitor would make One Identity Safeguard better, and that is the ability to load balance the traffic in the target. For example, in two machines with some applications, I would like to balance traffic between the two machines with the help of One Identity Safeguard. It would be great if the solution allowed users to add some applications to a cluster and balance the traffic between the applications.

I've been working with One Identity Safeguard for customers for six months.

Stability-wise, One Identity Safeguard is okay. It's been running for almost one year, and there's no problem with its stability, so, in terms of stability, it's a seven out of ten for me.

The scalability, including the clustering for One Identity Safeguard, could be improved. It is fair right now, scalability-wise, and from an engineering perspective, it may not be as easy to do that because the appliance would have to be encrypted, and there's a security requirement. Still, it would be nicer if scalability could be improved in One Identity Safeguard.

Support for One Identity Safeguard could be improved because sometimes the support team doesn't have an answer or solution for some bugs. Support-wise, it's an eight out of ten for me.

Positive

I used a different solution previously, but One Identity Safeguard could limit the maximum number of connections to a target. The other solution, on the other hand, could not do that but has a load-balancing feature.

My company deploys One Identity Safeguard for customers, and I found the process easy.

My customers use the One Identity Safeguard virtual appliances.

I have not used the Cloud Assistant feature of the solution.

I have not used the Remote Access feature for privileged users in One Identity Safeguard.

My company does not integrate the solution with any other parts of the business, such as development, operations, and RPA. It was just tested but not rolled out in production.

In terms of how the deployment of One Identity Safeguard affects privileged users may be a complex question because the customer didn't have a previous infrastructure. The customer is now building the infrastructure, so it's a dynamic environment. The customer doesn't have an old environment.

I'm a One Identity Safeguard integrator, and my company also resells it.

Regarding maintenance, usually, it's not required. Still, sometimes a user could complain about not being able to access passwords in One Identity Safeguard or that there is some misconfiguration I need to analyze, and in the end, the issue is with the target appliance and not One Identity Safeguard.

My rating for One Identity Safeguard is eight out of ten overall.