One Identity Safeguard Initial Setup

Tor Nordhagen - PeerSpot reviewer
Executive Director at Semaphore

Setting it up is not complex. The complex bit is migrating from the various wallet types into Safeguard because users have to be trained in a new methodology of how to use Safeguard. We need to shut down the old access as Safeguard becomes the only way in. That is the tricky part. It's not Safeguard in and of itself which is tricky. On the contrary, Safeguard is simple to use.

We haven't finished the deployment yet, but the plan is to do it over two months. We have six people on our team who are involved with the client.

We have created the training material, and each user gets online training, documentation, and a facilitated meeting. Each user gets a full eight hours of training. The training is distributed over a couple of weeks.

We've been able to manage disruption so far. That is because we provide the users with a semi-automatic tool that makes them responsible for transferring their own accounts from the wallet to Safeguard instead of us doing it for them. And that gives the end user the control they need to not mess up their own secrets. They have access and all the means to make it as non-disruptive for them as possible. I wouldn't call it a custom build, but we've created a process that they have to follow. It partly gives them something that extracts all the secrets from the current wallet and populates them into a Safeguard. But they have to do it themselves and validate that they have done it.

Letting the users have control over their own migration is a key part of the strategy because big bangs usually end up with a big bang. What I mean is that you can end with a big disaster if the users don't feel that they are able to use Safeguard on time, or if they don't know whether their accounts are still in the old process or the new one. The key strategy is to not rearrange privileged groups before the migration. Even though most admin users have too much access, we're not fixing that right now. We will do that after the migration. We want the migration process to be as smooth as possible.

It's not difficult to maintain. Compared to the One Identity software, there is less maintenance. That's why one chooses appliances, to have less maintenance. Just give it power and it works.

View full review »
Daniel Pettersson - PeerSpot reviewer
System Manager at a retailer with 10,001+ employees

The initial setup wasn't really complex. We are using the virtual client, so it was fairly easy. We didn't really have to do any setup. We just had to start a virtual machine and run the appliance, following their documentation, which is very good. It was quite easy. 

We are utilizing a partner for getting started so I didn't find it hard to start. 

Among the things that you need to look out for, and this applies to every product, is how it fits into the network that you are going to put it in. There are a lot of specific ports that it needs to be accessed through, and you should probably keep it as locked down as possible because this system shouldn't be exposed to any other environment. That is a hard task to complete. That is not a fault of the product itself, but it comes with that can of worms. 

And, of course, you have the certificate questions, the different certificates that it needs to validate sessions and keep them secure. That's quite tricky as well. Again, it's not really a Safeguard issue, but your organization needs to know that these are considerations when you start.

Our technical go-live with the solution took three or four months. That was mostly related to our network issues and finding all the different ports that needed to be opened and closed. But starting the application and using it, running the GUI itself, is a matter of days. It depends on your organization and how well-equipped it is for this type of change.

We didn't force any big changes. We were debating if we should onboard our current privileged users and then force them, from day one, to use the system. Instead, we did a side-by-side solution where we started alternative users on it and then told our previous users to use it instead. And if that, somehow, was not satisfactory, they could still use their old account to complete the work. That way, we didn't jeopardize production. Every time we received feedback such as, "I need to use my old account because I cannot use this new Safeguard version," we needed to adapt and improve. 

Once there were no more complaints, we started shutting down the old users who had not been onboarded to Safeguard. We didn't want to bring major change in an instant. We led them to the Safeguard solution and let them try it out, give us feedback. Generally, they found it easier to use Safeguard compared to their old ways and they started preferring it. When we saw we had no risks left, we disabled the accounts that they were using before.

In terms of training, for the admins we had a five-day course, which covered the basics. I did not receive that course, but I didn't really need it. The right partner can explain enough to you, in small sessions, about what you need to accomplish. And the user experience itself is so intuitive that you understand what you're doing. And their documentation is very easy to search and use. You don't really need much training. Of course, you need to understand how you affect different systems if you connect them to Safeguard but that depends more on your own organization than on what Safeguard is.

End-users just need a basic introduction to tell them, "Please go here, use this." They log in with known credentials and the same password as everything is under MFA. It's nothing new to them. And the user experience is very simple for them to check out the privileges that they need for the moment that they need them. That's quite self-explanatory.

View full review »
CE
Expert Systems Architect at Tempur Sealy International, Inc.

The initial setup was very straightforward and only got complex as we added use cases. We added the complexity on ourselves, but the product itself is very straightforward. The deployment took five months.

The implementation strategy was:

  1. Setting up the sessions box. 
  2. Ensuring it was set up once we received the Gateway configurations. 
  3. Setting up policies and notifying people on how to change their Remote Desktop Client configurations. 
  4. Shifting gears and switching over to trying to input all the service accounts and getting all the passwords loaded up into Safeguard. 

After that, it was a done deal.

Our privileged users did complain and grip a bit due to the deployment. At first, they made it seem like the solution was disruptive to them. However, as time went on, complaints went down. Therefore, I think they're used to it by now. They just needed to understand the new technology and get comfortable with it.

We really did have old passwords. People hung onto their processes and certain ways of things. When you asked them to change, they got grumpy. I knew that they were going to get a little grumpy, but I didn't know they were going to be that grumpy. They are over themselves now, especially since the director stepped in, and said, "This is how it's going to be. Get used to it."

View full review »
Buyer's Guide
One Identity Safeguard
March 2024
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
RR
Independent Consultant

The initial setup is straightforward. Based on the experience of some of my customers, they didn't involve me during the initial deployment phase, but later on, during some kind of policy setup phase, and so on. I can say that even inexperienced users, customers who saw Safeguard for the first time, were able to fully deploy Safeguard by following the official documentation, which is detailed and helpful. They were able to deploy all the necessary components, at least four SAP and one SPS. So, it's a basic deployment process that my customers were able to complete within a couple of days without any issues.

To deploy virtual appliances, in my case, it will take a couple of hours, or perhaps several hours for complex deployments involving geographical distribution between different customer sites, among other factors. However, when considering the entire project, it includes not only the initial deployment phase but also connecting to the active directory, creating necessary policies within the products, and setting up integrations with third-party solutions such as SIM. I've heard that the longest projects with Safeguard lasted around four and a half months.

The number of people required for deployment varies based on the size of the deployment, but typically, between one and two people are needed.

View full review »
Darius Radford. - PeerSpot reviewer
Managing Partner at Knightswatch Cyber

The whole effort, in terms of initial setup, took a couple of weeks. There is a learning curve associated with the process. My end-user took an hours-long course and my administrators went to training for about two to three days.

View full review »
EK
Professional Service Manager at a financial services firm with 501-1,000 employees

There were no real problems with the setup. Regarding the ease of installation, if you have a professional team, then it is easy. But, for example, if it's your first time setting it up as a junior administrator, then it can be quite difficult. I would Safeguard a 3.5 out of 5 in terms of how complex the initial setup is.

View full review »
Yehuda Fabian - PeerSpot reviewer
System Administrator at Shaare Zedek Medical Centre

The initial setup was complex, and we had to put it behind a firewall for security. This made it difficult to open the ports needed to set up the connections. It was a time-consuming process, and we had to work with the integrator to complete it. It took several days of work, but the tool is powerful and worth the effort to set up.

Three people were required for the deployment.

View full review »
DN
Security Architect at a media company with 51-200 employees

The time to deploy varies from a few minutes to several hours depending on the scenario.

We integrate security tests into our CI/CD pipeline for privileged users to ensure that these users are not affected.

View full review »
SS
Manager Engineering at a comms service provider with 1,001-5,000 employees

It was straightforward. Of course, when you are introducing a new product, you need to do a little bit of research, but the steps were very simple. You don't need much technical knowledge, and you don't need to go so deep to do the configuration. You can just have a look at the setup start guide. Anyone should be able to do it easily.

Our deployment took around six months because we did a few PoC. We also tested it in different system environments before bringing it to the production environment. Out of these six months, we spent almost two months doing the PoC with other products, and then for two months, we put it in the UAT environment or the test environment, and then we brought it into the production environment. So, overall, it took six months for the rollout.

The deployment wasn't disruptive for our privileged users because they were working with the old method while we were implementing it. So, there was no pause during the implementation. Once we completely rolled out One Identity, they started using it.

To start using the solution, you at least need knowledge of the policies and configurations available. You require a little bit of training because one change is going to impact thousands of users.

View full review »
FI
Chief Information Security Officer at a financial services firm with 51-200 employees

We integrated One Identity with our ERP system (Oracle) and also with our security operations center (Splunk). The integration went perfectly. It was an easy connection. We built the connectivity directly through the API. What we found time consuming: the setup and connecting One Identity. E.g., Oracle takes more time than Splunk to connect because Splunk's system is ready to send the security logs to the security operations centers. With Oracle, the integration depends on the business needs and there are a number of different requirements based on those business needs. The enhancement One Identity made is the historical part related to system access control goes through our SOC to this tool.

View full review »
DT
VP & Head of Cybersecurity Manager at a financial services firm with 1,001-5,000 employees

The initial setup was very straightforward because my team had the expertise in deploying a PAM solution, which was TPAM, in the past. This wasn't really that much different. We were able to deploy the full infrastructure, including DR redundancy, without Professional Services.

Because of scheduling conflicts, it took a few weeks to deploy. The main boxes were up within a week, but the full circle of deployment of the product was about a month or so because of those scheduling issues.

Standing up the appliance, plugging it in, and getting started was very straightforward. So kudos to One Identity for really listening to what the user population had to say about TPAM, because it is definitely reflected in the Safeguard product.

In terms of the effect on our privileged users, it's always going to be disruptive when you change something. People don't like change. We introduced this slowly but surely. We took a real "crawl, walk, run" type of methodology. We took the most basic use cases, and then we would update our support documentation to support the product. As we deployed it, we kept finding areas that we needed to document. It wasn't so easy to deploy something that was going to change somebody's workday process flow. But a year later, we're in a different state. It's been adopted and people are drinking from the same water hose.

We had in mind that we needed to handle the local administrator accounts and the privileged accounts, and we moved on from there. We knew that doing the local administrator account, which is really a non-human account, was going to give us the biggest bang for the buck. We knew that was something that we would achieve fairly quickly, and we did.

The training for end-users wasn't that bad. The product is straightforward. When you start working on a product with a lot of the features that you had suggested, in a previous version, be implemented, it's really nice to see that the company is listening to clients and the user population. That helped us in training our employees who use the product. The training was extremely straightforward, and people really caught onto it fairly quickly.

View full review »
UO
Cyber Security Engineer at a financial services firm with 5,001-10,000 employees

Deploying Safeguard was straightforward.

View full review »
MA
Senior Vice President (Infrastructure Systems/Information Security) at MAXUT

I think that the initial setup was very straight forward. Pretty much a piece of cake, actually. With our implementation strategy, the deployment actually took only about two hours. That is including the discovery of the assets. It is a relatively large enterprise network, so discovery can potentially take some time. This was very reasonable.  

View full review »
AA
Cybersecurity Director at a sports company with 501-1,000 employees

The initial setup is straightforward. The installation takes a couple of hours. One person is required for the deployment.

View full review »
SP
Senior Consultant at a tech vendor with 5,001-10,000 employees

My company deploys One Identity Safeguard for customers, and I found the process easy.

View full review »
SR
Consultant at a manufacturing company with 11-50 employees

The initial setup for Safeguard is straightforward. Because it was deployed a long time ago in our organization, before my tenure, my expertise is based on adding to clusters. If we are going to add clients within a cluster, it depends on the speed, meaning how the network connectivity is between the cluster and the target device.

In terms of the effect of deployment on users, they are provisioned, with the help of group membership, into Safeguard. Once they are assigned to a particular group, they can follow the previous sites. Based on the previous site, they can log in and check out the password of their privileged account.

As for the amount of training needed, it depends on the solution. If the solution is only for privileged passwords, about three weeks' training is required to understand the solution. And if the server for privileges is also integrated with the solution, it will take a month or as much as 45 days.

We have an implementation team and an operations team. Between them, there are a total of five or six people required for this solution to deploy and maintain it.

View full review »
MW
Solution Consultant at Quest Egypt Software

The initial setup is straightforward. We have two installation types. We have Safeguard for Privileged Passwords and Safeguard for Privileged Sessions. For Safeguard for Privileged Passwords, we just need to import and the whole organization will be done. The process for Safeguard for Privileged Sessions is also simple. There are no problems.

The deployment duration depends on the number of systems, the number of users, and the number of applications. In a small company, it might take about two weeks or three weeks.

The deployment did not affect our privileged users. We just needed some time to get used to it. We were not using any PAM product before, so it took some time to get used to using it. It is more restrictive than the Active Directory system, but it is for the best.

For managing and deploying the solution, I took technical training. It was about five-day training with One Identity. After that, I started its deployment. In case of any problem, we could check several resources. We could check the administration guide or forums. We could also open a support ticket with One Identity. For the end-users, I gave the training, and it took one or two days at the most.

View full review »
EC
Chief Information Security Officer at Outscale

In the beginning six years ago, we started with a small instance. We used it very simply and learned how to manage it. 

With the newest version that we massively deployed, we had one week to know how to install it and how it works. Now, we know how it works very well.

Install is fairly simple, with basic options.

Configuration requires a little explanation on the way it works but is straightforward too.

View full review »
AP
Head of Department of Technical Means of Protection at BrokerCreditService

The virtual appliance is deployed from the delivered image without any problems. The setup takes about 15 to 20 minutes, including initial setup and configuration. It also is available to any admin user with Unix competencies.

We use the “transparent mode” function to connect administrative users via SSH to the Unix servers. We did not encounter any problems when setting up this feature, as everything was easy. The solution is well-documented and quite understandable when setting up.

It took about one or two working days to administer the solution, read the documentation and settings, and test various configuration options. It was not very difficult. For our users, there were no special nuances since the connection is transparent. They do not understand nor see that they are connecting through the One Identity Safeguard space.

Our implementation strategy was to use this solution to control remote sessions of privileged users, first with our IT support staff. Now, we use the product for this purpose. In general, the strategy was a success.

View full review »
FF
Security Business Consultant at a tech services company with 201-500 employees

We try to understand what the customer needs in order to fit the solution for what they want, then we plan all the activities based on that.

View full review »
SS
Head of Information Security at a financial services firm

The initial setup was very easy. We followed the given instruction protocol. We also used white papers when necessary for clarification and better understanding. It only took us one month to implement.

View full review »
MM
IDM Architect at a tech company with 10,001+ employees

It took us about three or four weeks for the initial setup and deploy. Part of that was developing a plug-in for the multi-factor authentication. We were able to do it in a way that wasn't disruptive, with our current infrastructure. At their discretion, the end-users were allowed to move over, one-by-one. After we deployed it, it took about two months for all of the users to actually migrate over to using it.

View full review »
RI
VP Risk Management at a financial services firm with 1,001-5,000 employees

The team shared with us that the initial setup was pretty straightforward.

The deployment took no more time from when we got the servers brought in to when got the software installed. This took a few weeks to get it up, configured, and customized for our needs. Then, there was some sandbox testing which was done, then we started the pilots within the first three months of having the solution stood up.

Anytime you are putting in a deployment change that affects privilege users, it's going to create some problems. That's why we took a very slow approach of taking one user from all of our various groups. We had one person from each of our teams: desktop, network, and IT engineering. We worked with them for about a month. We tried to shake out any bugs and issues that they would have before we gradually rolled it out to others. 

People are very adverse to change. When you have this type of a solution, the technical capabilities of the product along with all the process change creates some issues. However, we expected that.

View full review »
SA
IT Specialist at a tech services company with 201-500 employees

It is fast to implement. 

While the process is not technically complex, there was a lack of documentation and we had to figure out how to do it ourselves. The deployment took three weeks. We had two people working on the process.

View full review »
PJ
Director of Information Security at a healthcare company with 1,001-5,000 employees

The initial setup was a little complex.

View full review »
RC
Software Solutions Architect at a computer software company with 11-50 employees

The initial setup of One Identity Safeguard was simple. In one week we can be ready to fully operate.

View full review »
reviewer1161345 - PeerSpot reviewer
Works with 10,001+ employees

Setup is straightforward as long as you plan correctly.

View full review »
SF
Security Consultant at Controlware GmbH

The install and deployment are quite rapid. For a smaller project, sometimes it only takes us about two to three days to implement and get the policies inline. For larger projects, it's actually also not that long for the appliance itself. The product requires a lot of changes on the management side, how vendors work, and how you need to counsel people how to use it, especially in Germany. Then, they are monitored, which is the quite larger portion of it.

For our implementations in Germany, we implement an explicit model most of the time. Therefore, the transparent mode for privileged sessions has not been used that much in my projects.

View full review »
Mahfoudh Bousaidi - PeerSpot reviewer
Network & Security Engineer at Onetechpro dz

We set up a VM appliance and configured it then deployed the solution. The typical time for deployment and configuration is about three to five days.

View full review »
MohamedEladawy - PeerSpot reviewer
Service Security Lead at Salam Technology

The initial installation was simple.

The full deployment took approximately a couple of months. Not because of the One Identity Safeguard, but because of us, we were busy doing other projects in parallel.

View full review »
CJ
Identity & Access Manager at Reist Telecom

The initial setup is quite simple, not complex. The installation documentation is good, so the installation is okay. You just need to read the documentation, understand how it works, and how it has to be integrated. Once you do your homework, it's quite easy.

View full review »
it_user598935 - PeerSpot reviewer
Chief Technology Officer & Solution Architect at a tech services company with 51-200 employees

It was super easy to deploy, not complicated, and did not have the hidden Capex that competitors do!

View full review »
OH
Head of Department at a financial services firm with 10,001+ employees

Deployment of the solution took two to three months. Our engineers installed it.

View full review »
Walid Semrani - PeerSpot reviewer
Networking and Security Engineer at a tech services company with 1-10 employees

It was easy. There were no problems. It is easy to navigate through the web interface.

View full review »
PS
IT Security Consultant at a tech services company with 51-200 employees

The initial setup is quite straightforward. However, to figure out how to use it, a consultant or an integrator for new users is highly advised.

View full review »
it_user841344 - PeerSpot reviewer
System Consultant at a tech services company with 1,001-5,000 employees

The initial setup is very easy.

View full review »
it_user437646 - PeerSpot reviewer
PreSales Engineer at a tech vendor with 201-500 employees

The initial setup is straightforward, but you need to have a pre-defined plan, know how to implement authentication or the authentication store if used, and also how to do network integration.

View full review »
it_user589470 - PeerSpot reviewer
IT Security Engineer

Initial setup was easy. There was step-by-step preinstalled software, which took two minutes.

View full review »
Buyer's Guide
One Identity Safeguard
March 2024
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.