One Identity Safeguard Room for Improvement

Cody Engelman
Expert Systems Architect at Tempur Sealy International, Inc.
We tried the solution's “transparent mode” feature for privileged sessions. It ended up making a lot of Cisco Layer 2 configurations hard and was using a lot of ACLs to control the traffic, which we identified as type of a risk. In order for it to do production that would put an unnecessary burden on our network guys to configure it because that's thousands and thousands of lines of code that they'd have to update and change. We did use this feature for the PoC and that worked out well. However, for production, we are using the Remote Desktop Gateway feature. Transparent mode was too cumbersome, so I don't foresee us being able to use it. On paper when we were initially talking about it, it was definitely going to be the preferred method until we realized the burden it would be on our network guys. Then, we had to step back and reevaluate what we wanted to do. That's when we changed our approach to use the RD Gateway feature. I would like their transparent mode to have an easier implementation. If there was a way that we could do transparent mode without having to use ACLs that would be incredibly beneficial. They could do a better discovery to find out where service accounts are being used on non-Windows Boxes, such as Linux. That would be a good benefit. View full review »
reviewer1300329
VP Risk Management at a financial services firm with 1,001-5,000 employees
Some of the out-of-the-box reporting isn't that rich. We spoke to our Safeguard reps who have acknowledged that some of the reporting features can certainly be improved and that we're not the only customer who has cited this. There are very little out-of-the-box reporting capabilities. You have to build the queries and the report. I believe in the next release they're going to be addressing this. View full review »
reviewer1308201
Information Security | Cybersecurity | VP, Cybersecurity Manager at a financial services firm with 1,001-5,000 employees
From a usability perspective, what we are finding out is that our privileged domain admin users, in particular, want functionality for extending a checkout session. So we are working with One Identity support to see if there's an enhancement that can be made to the product. There is another area for improvement that I have sent over to One Identity. I said, "Whenever you check out a password, there should be a radio code associated with the password." That's something that we're trying to work on with them. It was submitted as a request for enhancement. Sometimes, you can't tell if an "O" is an "O" or a zero is a zero. If we had a radio code, the person could correctly read that password and make sure that they're not fat-fingering it. View full review »
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,986 professionals have used our research since 2012.
reviewer1334721
Director of Information Security at a healthcare company with 1,001-5,000 employees
There is room for improvement in the launch module. They built in a launch button but they don't have effective instructions for configuring it to allow it to launch an RDP session. They're working on that, but the button is in the live product. If they were going to install something that wasn't useful, they should have just disabled it and not rolled it out with the product. Because we don't tie it to an RDP session, you actually have to click the download button and then open the RDP session from there, versus just clicking the launch button and it automatically opening RDP. View full review »
Reviewer56857
Chief Information Security Officer at a financial services firm with 51-200 employees
The multilanguage functionality does not support the Arabic language, even though this solution is deployed in an Arabic region. However, it matches our criteria and requirements overall. One Identity is using a third-party to create one-time passwords. Due to our security restrictions, we needed to build our own. When we discussed this with One Identity, "Why they don't provide a technology that can be hosted on our data center and be built by One Identity," they said they are using a third-party. This was their justification, so I think it's based on their strategy and there's no harm using a third party. However, we were having an issue using a third-party. View full review »
Martin Ajayiobe
Senior Vice President (Infrastructure Systems/Information Security) at MAXUT
The only part of the Safeguard solution that I think could be a problem over time is the amount of storage it takes in the sessions. For example, because it records in real-time video it takes a lot of resources. So, it has not been a problem yet, but we are looking at a solution where we allocate the cost of that additional capacity differently. Then there will be enough resources to compensate for whatever the storage needs are. It just takes a large amount of storage for each current session. Another thing that I would like to see them improve is that I would like them to make the transparent board a little bit more transparent. The transparent mode is something I use often and it is the best feature of the product but that is also why I see how it can be improved. It might just be a little bit easier to use. View full review »
Edouard Camoin
Chief Information Security Officer at Outscale
The interface is better now, but it still could be improved a lot. It needs more organization, menus, automatic refresh of information, and Web 2.0. An official HashiCorp Vault connector would be very helpful inside the platform. SSH implementation is not 100% compatible with standard SSH (openssh). For example : JumpHost. As a result, some options require manual tunning, and complicated user-side configs, where it could be much simpler View full review »
Alexander Pirogov
Head of Department of Technical Means of Protection at BrokerCreditService
I would like to see support for RDP over HTTPS so this product can be used in conjunction with the Microsoft terminal. I would like to visualize SSH sessions. I would like built-in traffic balancing mechanisms with the built-in load balancing mechanism when using several instances. View full review »
Cedric Jolivet
Identity & Access Manager at Reist Telecom Gmbh
* We have not yet found the solution to be extensible through cloud-delivered services. * Our external indexers are able to integrate with a hardware security module (HSM), which is good. What we have now requested is the integration of HSM with the SPS solution to be able to not have to manage certificates and the private key outside of any tamperproof system. * We would like to be able to generate certificate signing requests (CSRs) from the interface for certificates. * We would like to be able to manage the lifecycle of the archived audit traits. If they are on the box, the cleanup and archiving policies are applied, as soon as they are archived on the external share, this does not apply. We need our customers to not have to manually delete these archives. * From a web interface perspective, we would like to be able to duplicate connections, so we can reorder them. View full review »
reviewer1161345
User with 10,001+ employees
Management of the farm of appliances. When you have more than one server to handle the traffic, you need to configure everything on each console and maintain seperately. The cluster feature is coming in the next versions, until then you can handle with some scripts but its not straight forward. In case you want to use a farm of appliances instead of one you should consider this. Monitoring of the platform should be easier and more functional so that you can have a clear picture of the running service. Again when you have a farm of appliances you need to have all the monitoring data centrally so you know what is happening with the overall service. This feature is missing. You have to go on each server to see what is the status there. View full review »
Stephen Fleming-Unger
Security Consultant at Controlware GmbH
There are some features which are still missing compared to other competitors. For example, some customers need legacy VPN authentication capabilities. The automated change of the passwords, which is now integrated, could be improved to be more flexible regarding different systems. View full review »
Sergey Smirkin
Head of Information Security at a financial services firm
The technical support for this solution needs to be immediate, intuitive, and responsive especially as it refers to supporting ticket submissions and processing. Furthermore, we've had trouble understanding how certain policy framework applies. I would like to see clearly laid out policies or better support and explanations around policy dynamics. The stability and downtime of the solution could also be upgraded to include a messaging function which would give users a clear understanding of what's happening without having to navigate to a particular section of the page. Lastly, I would also like to see the price reduced. View full review »
reviewer1081059
IT Security Consultant at a tech services company with 11-50 employees
I would like to see an adjustment with more enterprise architecture. Currently for SPS (SafeGuard for Privileged Sessions) there is only a single appliance option (both virtual and physical). It can be scaled using a load balancer to handle huge amount of sessions (although the device is quite efficient), but it also means you will need to purchase multiple boxes. It would be beneficial to have segregated modules as an option and you could buy and implement them separately. For example: trap module (proxy), audit module (search interface), storage module (store and encrypt recordings), etc. View full review »
IdmArchi90fa
IDM Architect at a tech company with 10,001+ employees
Feature-wise, right now, it has most of the features that we're looking for. It could improve a bit on the management side of things. One example would be when doing an upgrade. We have a highly-available appliance spare, and even though we have two nodes, there's no way to do an upgrade without taking everything completely offline. It would be nice if they could improve that. View full review »
reviewer1216335
Security Engineer at a tech services company with 201-500 employees
I've only been using the solution for a limited time, so in terms of speaking to improvements, I'm not sure I can say. I need more time with the solution to use it in order to properly evaluate it. View full review »
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,986 professionals have used our research since 2012.