One Identity Safeguard Review

Extensible authentication framework enables use-case-dependent MFA

What is our primary use case?

We use Safeguard for privileged sessions. It's primarily used as a solution for accessing our production environments.

How has it helped my organization?

We were able to take an environment where we had several hosts managed by different people and consolidate that into a single, centrally managed solution.

What is most valuable?

The extensible framework for authentication is one of the most valuable features. We use an MFA plug-in and a lot of different factors, depending on what the business use-cases are. And of course, the auditing functionality is also valuable.

We have also found the solution to be extensible through cloud-delivered services. It's worked out well. The SPS instances we use are located on-premise, but we can still utilize them to access resources in the cloud. That's not a problem. We haven't deployed any SPS itself in the cloud, but it works fine for our cloud environments.

What needs improvement?

Feature-wise, right now, it has most of the features that we're looking for. It could improve a bit on the management side of things. One example would be when doing an upgrade. We have a highly-available appliance spare, and even though we have two nodes, there's no way to do an upgrade without taking everything completely offline. It would be nice if they could improve that.

What do I think about the stability of the solution?

The product has generally been stable. We have had some issues, mainly due to the types of traffic. Our end-users are doing different things through SSH tunnels that were not expected on the appliance. We've been working with support to resolve that.

What do I think about the scalability of the solution?

The product is scalable.

How are customer service and technical support?

Tech support has been great. They've been responsive and knowledgeable, so we've been happy with them.

How was the initial setup?

It took us about three or four weeks for the initial setup and deploy. Part of that was developing a plug-in for the multi-factor authentication. We were able to do it in a way that wasn't disruptive, with our current infrastructure. At their discretion, the end-users were allowed to move over, one-by-one. After we deployed it, it took about two months for all of the users to actually migrate over to using it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
See it in Action

Learn More About Safeguard

Add a Comment
Sign Up with Email