One Identity Safeguard Valuable Features

Cody Engelman
Expert Systems Architect at Tempur Sealy International, Inc.
The password part is the most valuable because we were going to start vaulting certain accounts to get a lot of passwords changed. Historically, we have had really stale passwords on non-human and service accounts. E.g., on one of our service accounts, the password hasn't changed for 17 years. It was not even that complicated or good of a password in the first place. This solution has definitely helped us consolidate. It replicates to other appliances, so we're replicating to our DR site. Thus, if anything were to happen to our data center or personnel, whomever was trying to pick up the pieces and try to put the business back together would at least have all the passwords available to them. The physical appliance form factors are pretty nice. They are definitely Dell inspired and easy to set up with accurate instructions. We have had no problems. Regarding usability and functionality: * It has a nice, clean interface. * It's pretty direct and easy to personalize. * Users can set up favorites on certain things that they request. Very often, they shortcut it. So, it reduces the clicks down to three clicks. * You can have a password for any account. * It's auditable, which makes the security guys' happy. View full review »
VP Risk Management at a financial services firm with 1,001-5,000 employees
It is working as it's supposed to work. We had a lot of good support from the One Identity team who helped us build it and do a test. We are able to log and get reporting on all privileged activity that is being performed. We like the fact that we can leverage the session recording feature, which is especially valuable when we're dealing with third-party vendors that have to remote into our our boxes and servers to do any work on behalf of the bank. Now, we can record everything they are doing to ensure that they're only doing the changes that were needed. In addition, we use it to leverage knowledge transfer with our internal staff. We use the solution’s Approval Anywhere feature. We do have the Starling 2FA app on our mobile devices. We haven't rolled out the request and approval yet. We want to get people to use it in their daily functions, whether it's business as usual work, break glass, or any changes that they need to make tied into an approved formal change request. Starting in April, we will be rolling out the request and approval phase. Based on the type of change being requested, break glass will need to be approved, especially if they're doing it during the daytime or off-hours. Then, we will have change requests tied into our change-advisory board. Once there's a change that's approved via our CAB process, then that person will be allowed to check out the credentials they need and tie it back into the ServiceNow ticket that was created. This gives us the audibility between when that change was being made and ensuring that it's being performed for its intended purposes. We are taking a crawl-walk-run approach. View full review »
Information Security | Cybersecurity | VP, Cybersecurity Manager at a financial services firm with 1,001-5,000 employees
We have physical appliances for this solution. We went with that version of it because it was easier for us to deploy it and not have the IT engineers involved with our deployment. We wanted to control everything, from the deployment to the supportability to the usability of the product. I really enjoy the form factor of the appliance because it's definitely a change from the previous version, which was a bigger box. This one is a lot easier. It doesn't take up room on the rack, and it's very efficient as far as resources go. The ease of use of the GUI is a really nice feature. It has a nice look and feel to it. The actual checkout process is simple. You log into the portal and you're presented with accounts. That makes that so much easier because you don't have to go searching for stuff. It identifies what accounts you have, you click on it, and you go through the checkout process. It's one of the best products we've seen. When you start looking at the functionality and use cases and usability of the product, it's straightforward. They designed this product with the end-user in mind, and they also had the sysadmin who is supporting the product in mind. They really did a nice job. Overall, it's a nice product to work with. We use the Approval Anywhere feature and, through an app, it allows us to approve or deny requests. We don't have that turned on across the board, but we are turning it on slowly but surely. It adds an extra layer of security for critical passwords without adding time-consuming approval processes. That extra layer of security is our "belt and suspender" approach. It's making sure that you are approved to make a change, especially during production hours; it's approved by the person's manager. View full review »
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,986 professionals have used our research since 2012.
Director of Information Security at a healthcare company with 1,001-5,000 employees
There are a lot of features, so it's going to sound funny, but one of the most simplistic features, the Favorites feature, is the one we like the best. You do a full run-through of configuration to check out a server and then you can save that whole configuration as a favorite. So the next time you go in, you click on the favorite that you configured and it automatically takes you to the end so you can check the server out that much faster. It saves a lot of time, resulting in an increase in productivity and a decrease in issues and errors and interface problems. It increases redundancy and gives us a much easier interface to use. We're using virtual appliances for Safeguard because of the flexibility of virtual appliances. We can snapshot them, we can restore them quickly. There's a lot more flexibility with virtual. We use the solution’s Approval Anywhere feature, and it allows a group of five individuals to receive notifications on their phones, through Starling, and review a request and approve it with one click. We also use the solution’s “transparent mode” feature for privileged sessions. We record them and we also review them. That way, if there are problems with any configurations they did, we can go back and review them. Also, for mentoring, teams utilize it to help individuals deploy code better or to make changes to configurations. There are a lot of positives with that feature. It was very easy to start using this feature. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with. The rollout of "transparent mode" was seamless for our users. We sent out picture instructions on how to do it and offered to get on a call with people to discuss it with us, but nobody had any questions. In terms of the monitoring itself, it doesn't affect things any differently than the previous solution. It's pretty much the same. Obviously, using the tools is easier, but we were monitoring the same type of information as before. View full review »
Chief Information Security Officer at a financial services firm with 51-200 employees
We use the solution’s Approval Anywhere feature which enables us to add an extra layer of security for critical passwords without adding time-consuming approval processes. In the past, we were having problems when a user went on vacation. There were many recalled cases of password sharing. When we received this type of incidence and started to investigate, we found out the past setup had no solution. For example, if someone with a daily duty went on vacation, they still had to do it within the office. That is why sometimes people tried to justify the sharing of passwords by the importance of their duties. Now, by using this platform, if someone goes on a vacation, out of office, or needs urgent/planned leave, then our setup will select the functions tied to that person and automatically delegate them to the next person. That person can start performing that duty based on their access. No sharing of passwords is required. View full review »
Martin Ajayiobe
Senior Vice President (Infrastructure Systems/Information Security) at MAXUT
The part of this product that I like the most is the transparent mode. That is the number one advantage of the product. I also like the ease-of-use. That is what Quest is known for. The interface is interactive, relatively easy-to-use. I like the fact that we are using a proxy server. Also, I like the fact that it is integrated in such a way that I can connect to my Linux and Unix resources using my AD credentials. They map the AD credentials to Linux accounts. So, when I am connected to my AD accounts, it acts as a sort of proxy to convert it to the Unix account that it is configured for. That is quite useful. View full review »
Edouard Camoin
Chief Information Security Officer at Outscale
The transparent proxy is the most valuable feature. When you are connecting to a server inside the platform, the user doesn't need to change their habit. They just have to make small configurations to their workstation, then it is transparent for them. Our users like the solution because it's transparent. Users doesn't need to have interaction with 3DS OUTSCALE IT or security team to work as usual. It's interesting for the users because they don't have to think, "I have to note all that I've done during the incident to remember it". We use the solution’s “transparent mode” feature for privileged sessions. It is very easy because it is only a simple configuration for our users. We don't have to modify our network. We install it, configure it, and it works. So, it is super easy. The rollout for our users is seamless. The "transparent mode" allows for better visibility. With its monitoring, we can do investigations which are good for us and improve our system. View full review »
Alexander Pirogov
Head of Department of Technical Means of Protection at BrokerCreditService
The most valuable feature is the logging sessions with their visualization, which is video recording. This functionality allows us to restore the actions of a user in the event of any incidents. The solution transparently integrates into the infrastructure and users do not notice it. I would give this feature the highest rating. While the "transparent mode" feature did not affect the monitoring in any way, it led to an increase in the convenience of connecting users. This solution visualizes RDP sessions and logs SSH sessions. View full review »
Cedric Jolivet
Identity & Access Manager at Reist Telecom Gmbh
* Acting as a proxy * Session encryption * Flexibility of usage The transparent mode for privileged sessions is one of the best things for customers, because they don't see the system in-between. Thus, it is transparent for them. The system is easy to manage, as it is not a system that you will change everything all of a sudden. It evolves most of the time with customer requests. View full review »
User with 10,001+ employees
The most valuable feature is auditing the sessions. All of the sessions (RDP, SSH, Citrix) can be audited and replayed on demand. Complete indexing on SSH sessions means that all commands are searchable after indexing. View full review »
Stephen Fleming-Unger
Security Consultant at Controlware GmbH
There are a variety of protocols that it supports. The video-like stream and audit capabilities, in combination with its indexing capabilities to search for critical events quickly, are valuable features. The transparent mode for privileged sessions is really nice because it keeps the integration quite smooth. Also, users don't have to change the way that they currently are used to working. It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage. View full review »
Sergey Smirkin
Head of Information Security at a financial services firm
The majority of the features offered with this solution are the same as with other similar systems. The most unique and valuable features are the upstream and downstream throughput capacities; the Safeguard platform provides agile integration. In actuality, all the features are valuable. They're good and user-friendly. View full review »
IT Security Consultant at a tech services company with 11-50 employees
The solution's most valuable features are the efficiency and the quality of the recording. View full review »
IDM Architect at a tech company with 10,001+ employees
The extensible framework for authentication is one of the most valuable features. We use an MFA plug-in and a lot of different factors, depending on what the business use-cases are. And of course, the auditing functionality is also valuable. We have also found the solution to be extensible through cloud-delivered services. It's worked out well. The SPS instances we use are located on-premise, but we can still utilize them to access resources in the cloud. That's not a problem. We haven't deployed any SPS itself in the cloud, but it works fine for our cloud environments. View full review »
Security Engineer at a tech services company with 201-500 employees
The way the solution is installed and deployed is very valuable. They make it very easy. The two-factor identification is very good. For the web portal, you need to implement a jump sever. It's not a native HTML protocol. This is probably one of the most important features in the solution. View full review »
Head of Department at a financial services firm with 10,001+ employees
One of the most valuable features is that it supports the Linux operating system. Also, the transparent mode for privileged sessions is a very good solution. View full review »
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,986 professionals have used our research since 2012.