One Identity Safeguard Overview

One Identity Safeguard is the #1 ranked solution in our list of top User Behavior Analytics - UEBA tools. It is most often compared to CyberArk Privileged Access Manager: One Identity Safeguard vs CyberArk Privileged Access Manager

What is One Identity Safeguard?

One Identity Safeguard securely stores, manages, records and analyzes privileged accounts and access. It is an integrated solution that combines a secure hardened password safe and a session management and monitoring solution with threat detection and analytics.

One Identity Safeguard Buyer's Guide

Download the One Identity Safeguard Buyer's Guide including reviews and more. Updated: May 2021

One Identity Safeguard Customers

Cavium

One Identity Safeguard Video

Pricing Advice

What users are saying about One Identity Safeguard pricing:
  • "It is a bit on the pricey side, but you get what you pay for. You don't want to get anything too cheap because then you get cheap stuff and cheap support. That really never helps anybody."
  • "It was definitely cheaper than the other two products that we evaluated."
  • "They offer a fair price for a robust solution."
  • "We have a yearly license. The cost depends on how much a company wants to invest in technology. In our organization, we believe in modern digitization and automation processes so we found it affordable. One Identity was not that much less than other solutions and it is not a cheap solution. There were number of cheaper solutions. However, it's the most effective, according to our evaluation."
  • "The pricing is about $80,000 per 100 servers. There are few elective costs."
  • "Our licensing costs are on a yearly basis."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Expert Systems Architect at Tempur Sealy International, Inc.
Real User
Improved our security posture by making password changes easy and allowing us to make regular password changes to service accounts

What is our primary use case?

There are two parts to Safeguard: the sessions recording part and the password management appliance. With the password management appliance, we have been using version 2.10. For the sessions recording, we started off with version 6.2. It has new additions and updates which have come out, thus we've upgraded. Currently, we are up to version 6.5. We are doing a sessions recording for all of our UAT and production servers. Therefore, if something breaks/happens or there's a change during the day without the proper change control mechanisms, we can determine the session by pulling the last session… more »

Pros and Cons

  • "It has greatly helped improve our security posture. Safeguard has an option where it will reset passwords on service accounts, then go out to those servers where that service account is running as a service and update the password on it. That makes password changes very easy. We can regularly change passwords now and are planning on making it an annual activity, where all the people who own service accounts will go in and make sure all their passwords get changed, updated, and reset."
  • "Transparent mode was too cumbersome, so I don't foresee us being able to use it. On paper when we were initially talking about it, it was definitely going to be the preferred method until we realized the burden it would be on our network guys. Then, we had to step back and reevaluate what we wanted to do. That's when we changed our approach to use the RD Gateway feature."

What other advice do I have?

Take your time. Talk to as many different aspects of the business in the company as you can. Get a lot of input from many people. Know how to sift through good and bad input. Use Professional Services, if you can. The tech on-demand services was much cheaper than their full-blown professional services. For the tech on demand services, we never had to wait more than a few days for some type of response. The training was pretty easy. There was a one-day training class for the admin. Then, for the users, there were a couple of Word docs that we circulated around which were good enough. We have…
RI
VP Risk Management at a financial services firm with 1,001-5,000 employees
Real User
We can record everything third-party vendors do to ensure that they're only doing the needed changes

What is our primary use case?

The three main use cases that we have are: * Ensure our human and non-human privilege accounts are locked up in a password vault. * Have workflows to handle the major types of usage, such as break glass and business as usual. * Changes in usage of the credentials are tied into approved change requests. These drive our first goal to take all our privileged users on the help desk, our local accounts on our desktops, our servers (web servers, app servers, or database servers), and individuals in our network group who do our firewalls, then migrate all these human accounts into Safeguard Password… more »

Pros and Cons

  • "We are able to log and get reporting on all privileged activity that is being performed. We like the fact that we can leverage the session recording feature, which is especially valuable when we're dealing with third-party vendors that have to remote into our our boxes and servers to do any work on behalf of the bank. Now, we can record everything they are doing to ensure that they're only doing the changes that were needed. In addition, we use it to leverage knowledge transfer with our internal staff."
  • "Some of the out-of-the-box reporting isn't that rich. We spoke to our Safeguard reps who have acknowledged that some of the reporting features can certainly be improved and that we're not the only customer who has cited this. There are very little out-of-the-box reporting capabilities. You have to build the queries and the report. I believe in the next release they're going to be addressing this."

What other advice do I have?

The solution is part of our identity and access management product. We use Saviynt as our identity, governance and administrative tool. We certify all privilege accounts on a schedule basis. There is some integration with our identity and access management platform/program at the bank. It allows us to be in a position where we can identify and detect as well as prevent any type of privilege act that's being used as a threat at the bank. The integration was easy. It didn't pose any problems. We have had a mixed bag regarding the solution’s usability and functionality. We have had some people…
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
510,534 professionals have used our research since 2012.
DT
Information Security | Cybersecurity | VP, Cybersecurity Manager at a financial services firm with 1,001-5,000 employees
Real User
Top 20
Functionality is straightforward with a simple checkout process and integration of checkout proxy ID

What is our primary use case?

We started with administrative use cases and we were able to take control of all the local administrator accounts for endpoints and servers. We then started controlling privileged accounts for our domain administrators as well as for any kind of privileged account that had access to our switches, routers, and the like. This year we're looking at taking control of all of the servers and application accounts. But that's going to be a longer journey for us because there are a lot more of those accounts, and there is a lot more testing that needs to be done because of the nature of the accounts… more »

Pros and Cons

  • "It's one of the best products we've seen. When you start looking at the functionality and use cases and usability of the product, it's straightforward. They designed this product with the end-user in mind, and they also had the sysadmin who is supporting the product in mind. They really did a nice job. Overall, it's a nice product to work with."
  • "From a usability perspective, what we are finding out is that our privileged domain admin users, in particular, want functionality for extending a checkout session. So we are working with One Identity support to see if there's an enhancement that can be made to the product."

What other advice do I have?

Start with your current state. That's what we did. Then, create a roadmap of where you are, where you need to be over the next five years. Once you're able to assess the current state and you have a plan in place, you can pick the product that's going to help you get to that future state. The biggest lesson I have learned from using this product is to be open-minded in trying to figure out where we could use some enhancements. Just because you choose a product you don't have to be 100 percent, all-in on the product. There is always room for opportunities. Whenever there is feedback or…
PJ
Director of Information Security at a healthcare company with 1,001-5,000 employees
Real User
Approval Anywhere feature enables review and approval of a request with one click

What is our primary use case?

We use it primarily for our IT team, so they can access our production and pre-production environments, to have better accountability. They have to create a ticket, check it out, and then they have to get approval from our approvers group. So there's accountability from beginning to end, and we also record the sessions.

Pros and Cons

  • "There are a lot of features, so it's going to sound funny, but one of the most simplistic features, the Favorites feature, is the one we like the best. You do a full run-through of configuration to check out a server and then you can save that whole configuration as a favorite. So the next time you go in, you click on the favorite that you configured and it automatically takes you to the end so you can check the server out that much faster. It saves a lot of time..."
  • "There is room for improvement in the launch module. They built in a launch button but they don't have effective instructions for configuring it to allow it to launch an RDP session. They're working on that, but the button is in the live product. If they were going to install something that wasn't useful, they should have just disabled it and not rolled it out with the product."

What other advice do I have?

If you're looking for something that is easy to use with a very intuitive interface — even the administrator interface is very intuitive — I would highly recommend safeguard. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with. The biggest lesson I have learned from using Safeguard is to make sure you have enough accounts available for individuals' sessions so that they can check out. The way Safeguard works, an account is created just for Safeguard. Individuals go in as themselves and then they have…
FI
Chief Information Security Officer at a financial services firm with 51-200 employees
Real User
Reduces operational costs and eliminates password sharing

What is our primary use case?

Our company is regulated by the central bank in our country. There are about 4,000 employees in our organization. Our main need was to reduce the operational cost of our department by increasing the window of operations to 24-hour rather than have office unemployment. We are now digitizing the access control function through One Identity. Whoever forgets their password can reset it on their own rather than reaching out to the security desk. Whenever we have a new employee, we found that it was taking at least two days to get them a username or access to the system. Now, once they are logged… more »

Pros and Cons

  • "We use the solution’s Approval Anywhere feature which enables us to add an extra layer of security for critical passwords without adding time-consuming approval processes. By using this platform, if someone goes on a vacation, out of office, or needs urgent/planned leave, then our setup will select the functions tied to that person and automatically delegate them to the next person. That person can start performing that duty based on their access. No sharing of passwords is required."
  • "The multilanguage functionality does not support the Arabic language, even though this solution is deployed in an Arabic region."

What other advice do I have?

Make sure to always get the support. This solution could not be successfully implemented with no support of the HR and procurement system. You will need to mature all of your HR and procurement processes to do the deployment in a secure manner. This is a security solution, not an IT solution. If you want to deploy it as a security requirement, you need to ensure that the HR and procurement processes are correctly in place. You can use it as a technology solution, because not all the technology requires security, but all security requires technology. We haven't activated the session recordings…
Senior Vice President (Infrastructure Systems/Information Security) at MAXUT
Real User
Top 5
This product is an excellent for controlling role-based access without administrative overhead

What is our primary use case?

With Safeguard, there are two virtual appliances. There is one that helps you manage passwords and then there is another one that helps you record the sessions. You can configure it to record whatever you do when you make the remote calls. We use this solution for a bank. My current project is to onboard all the bank's security assets onto Safeguard. It will be used for admins to have secure access to the server.

Pros and Cons

  • "The Transparent Mode is the number one advantage of the product."
  • "It is generally easy-to-use and install."
  • "Being able to use a proxy server is an advantage."
  • "The product uses a lot of resources in current sessions."
  • "The Transparent Mode could be somewhat easier to use."

What other advice do I have?

The advice I would give to organizations considering this solution would be that before they make a commitment they need to try to find a local support resource. They will want to be able to get local support because that can be critical. But otherwise, I think it is a good product and a good buy. I would buy it again. As a partner, I would also sell it again because I am confident in it as a product and a solution. On a scale from one to ten, where one is the worst and ten is the best, I would rate the One Identity Safeguard solution as a nine-point-five out of ten. I'm very happy. If I have…
Chief Information Security Officer at Outscale
Real User
Provides all the information that we need for an investigation, but the interface needs more organization

What is our primary use case?

We are using the virtual appliance. We are a cloud company working widely with virtualization. We provide virtual machine to our customers. When we deploy a new solution, we try to use our system to show our customers that it works for them. That is why we are using a virtual appliance which validates the usage. For now, we are using it for traceability of access inside the platform because we are a certified company: ISO 27001, SecNumCloud, HDS... We use this solution to monitor the session of our administrator and also to capitalize on incidents. When you have an incident in the night and… more »

Pros and Cons

  • "We use the solution’s “transparent mode” feature for privileged sessions. It is very easy because it is only a simple configuration for our users. We don't have to modify our network. We install it, configure it, and it works. So, it is super easy. The rollout for our users is seamless."
  • "The interface is better now, but it still could be improved a lot. It needs more organization, menus, automatic refresh of information, and Web 2.0."

What other advice do I have?

When you use Safeguard in production, it provides traceability and protection around your platform. I would rate the solution as a seven (out of 10) because of the interface. I have seen the future of analytics, and it's very interesting. I hope to have the time to try and learn something about that.
Head of Department of Technical Means of Protection at BrokerCreditService
Real User
Top 5
Visualizes RDP sessions and logs SSH sessions

What is our primary use case?

We use this solution to control the access of privileged users, such as application administrators, to the internal network. This solution allows us to record and log user sessions. We use virtual appliances on the VMware platform. The virtualization of such services allows us to flexibly scale our hardware configuration and gives significantly more opportunities for building a stable structure.

Pros and Cons

  • "The solution transparently integrates into the infrastructure and users do not notice it. I would give this feature the highest rating."
  • "I would like to see support for RDP over HTTPS so this product can be used in conjunction with the Microsoft terminal."

What other advice do I have?

Clearly assess your needs and formulate the necessary requirements, then proceed from there with the selection of an appropriate solution. In our case, One Identity Safeguard became this solution. However, this solution is not a panacea for all ills. It is possibly you’ll find that a different solution is more suitable. I would rate the solution as a nine (out of 10). In order to rate it as a 10, it should have what I would like to see in its coming new releases. Foreign Language: (Russian) Как и для чего вы используете этот продукт? Мы используем это решение для контроля доступа…
See 3 more One Identity Safeguard Reviews
Buyer's Guide
Download our free One Identity Safeguard Report and get advice and tips from experienced pros sharing their opinions.