Safeguard for Privileged Sessions

Positive

My main use case for One Identity Safeguard  is session management and password vault.

A specific example of how we use session management and the password vault in my day-to-day work is that whenever any admin of our company wants to join an RDP or any session with root access, they receive a password that is automatically rotated by One Identity Safeguard , so the password does not get leaked, and most of our sessions are more private and safer this way.

The main feature that we appreciate about One Identity Safeguard is the password rotation system, which helps our team obtain the password immediately, and it always rotates automatically, so it saves our passwords.

The best feature One Identity Safeguard offers is their integration system with their other platforms like OneLogin .

The integration with other platforms, such as OneLogin , helps me and my team because whenever any admin of our company has to log in, they authenticate through the OneLogin auth system and can authenticate themselves easily.

I believe the auditing system is also effective when it comes to One Identity Safeguard. It keeps a record of everything that has been done in that particular session.

One Identity Safeguard has positively impacted my organization by ensuring that most of our passwords are secured and no one receives extra authorization for any more detailed work. If anyone has to do some particular job, they receive access for that particular job or particular thing only, not the whole admin access.

This has led to fewer security incidents and has helped with compliance in many ways, especially in the session management aspect and RDP management. Whenever someone receives a session, we have the entire recorded documentation of that whole session so that we can maintain compliance and keep our policy strict.

One Identity Safeguard can be improved in their pricing because they are somewhat more expensive.

I have been using One Identity Safeguard for about nine to ten months.

One Identity Safeguard is stable.

The scalability is quite easy to manage with One Identity Safeguard.

I believe their support system is good, and most of the features of One Identity Safeguard are better than other platforms.

Their customer support is good and available 24/7, so there is no problem in that area.

Apart from its customer support being good, I do not have any additional thoughts about One Identity Safeguard. It is quite expensive, and that is the downside. That is the only downside that I have in mind, and most of the things are good.

Positive

We did not use any solutions related to this previously.

The deployment of the solution took about one or two weeks.

The deployment affected our privileged users with a learning curve, so they had a hard time learning all of those features, but eventually, we got through it.

For those who manage the solution and for end users, not much training was required to start using One Identity Safeguard. End users needed about two to three days, and they understood the fundamentals. The developer had to go through more extensive training, about one week or more.

We have seen a return on investment mainly in security, and we have improved substantially, saving a lot of time as well. When something gets leaked, we have to arrange a meeting and handle other matters, and that was a waste of time. That has been reduced considerably.

My experience with One Identity Safeguard's pricing, setup cost, and licensing is that it is quite expensive. The setup cost was high, but eventually in the long run, it is good.

Before choosing One Identity Safeguard, we evaluated other options, such as Microsoft's Entra PIM  and BeyondTrust Password Safe , and there were others as well. One Identity Safeguard is better than those because it comes with the whole package, including session management, password management, and everything else.

We have mostly integrated One Identity Safeguard with the auth system and the RDP system when we receive the VMs from AWS . We have not integrated it with any other parts of our business, such as DevOps or RPA .

I believe if you need the whole package, the whole session, password, password management vaults, and the auditing system, you should go with One Identity Safeguard because other platforms do not have all the things in one package.

On a scale of one to ten, I rate One Identity Safeguard a nine because it is way better than other platforms and is a whole package of everything we needed for our purposes. I give this product a rating of nine out of ten.

One Identity Safeguard  is used to secure privileged access management, credential vaulting, and session monitoring because we are an IT-based company that handles the IT infrastructure of our clients, making it very important to keep everything secure.

One Identity Safeguard  vaults privileged service accounts and provides time-bound access, ensuring that all administrative actions are tracked, reviewed, and easily monitored. We also use One Identity Safeguard to securely check admin credentials for customer servers. All access is automatically recorded and monitored through session auditing, which helps us comply with our customers' requirements.

We centrally manage privileged credentials, enforce secure access workflows, and record privileged sessions to maintain compliance and strengthen the IT security we deliver to our customers.

The best feature for us is the secure password vaulting, session recording, and automated approval workflows, because this gives us strong control over privileged access and helps us stay compliant both within our organization and with respect to customer compliance. The second feature that stands out is the real-time session monitoring and automatic credential rotation.

Automatic credential rotation helps our team by removing the need for manual changes to privileged passwords, reducing the risk of stale or shared credentials and ensuring that every access is controlled and compliant. It saves time and reduces risk since passwords are rotated after every use, so no one keeps passwords for long-term access. This prevents misuse and limits the impact of credential leaks.

We have found that we are able to comply with all security standards through the password rotation, which has helped us improve our security posture by centrally managing all privileged action accounts and enforcing strict access control to these accounts. Since the session monitoring feature and audit trail are available, we can see what changes were made by the user, who used this, how many times, and what was done in this session. We have also seen a reduction in IT operations because of password credential rotation and password management, which has reduced our manual work and increased our efficiency and security.

Our manual intervention has decreased because of the time we were taking for password management, and we have increased security with roughly a twenty to thirty percent decrease in IT calls, allowing the IT team to do other jobs because the load of password management has decreased. We have increased accountability since every privileged action is now traceable, which significantly strengthens our internal security control, and we have been able to get the compliance checks done much faster.

We have saved time since we do not have to manually manage passwords because One Identity Safeguard has automated that process. We have saved approximately thirty to forty percent of our time, and our team is spending more time on critical issues rather than managing passwords. This has reduced repetitive IT tasks and allowed our team to focus on more significant projects, and it has also reduced the risk of breaches and costly security penalties.

We have always received positive feedback from our team. The password rotation feature of this product is appreciated by all users, and they like this because they have saved time using this product, since they were previously wasting time on password management and manual interventions.

One Identity Safeguard should provide more documentation and training to the team. They can also provide better integration flexibility with more built-in connectors, and easy API workflows would help integrate more with our custom tools. They should provide a faster user interface, as we have noticed that the user interface acts slow when there are a large number of accounts or concurrent sessions going on.

Not every product can be perfect. For example, some parts of the user interface can feel a bit slow when there is a large number of concurrent sessions going on, and the integration with certain third-party tools requires more extensive implementation and configuration. These reasons made me give it an eight instead of a ten, but these are not major issues and just keep it from being completely flawless.

We have been using One Identity Safeguard for two years.

One Identity Safeguard is currently stable, and we have not found any issues. Since its implementation, we have not faced any major issues, and there has been no downtime.

One Identity Safeguard is scalable. We are implementing it globally, starting from one line of business, and now we are expanding, so it is scalable without any issues.

I cannot speak much about the pricing because I am from the technical team and pricing is looked at by the sales team in our organization. However, I can speak about the support, which is very good with faster response times, and the team helps us every time with minimal downtime if we face any issues.

We are satisfied with customer support. The support team is technically very strong and responsive.

Positive

We were using CyberArk, but we switched to One Identity Safeguard because it was costly. Everything was good with CyberArk, but we needed to scale, and the licensing costs were high.

We have deployed One Identity Safeguard in a phased manner. We deployed it for one line of business first, then for the second line, and we are planning to deploy it for other lines of business as well. The deployment for one line of business took approximately one month.

The privileged users adapted easily, and the deployment was done without disturbing our existing environment and setup, so there was no disruption, and the work went smoothly alongside the deployment.

We did not face any significant challenges because the vendor team helped us with the integration, so the ease of integration was quite simple. We only had basic use cases like creating tickets for access requests, which are relatively straightforward, and there were not many complex integrations done. It was easy to integrate and the vendor team helped us with a step-by-step checklist for the integration with our existing SIEM  and ITSM  tools.

The pricing, costing, and licensing type is quite low compared to other products, so One Identity Safeguard is cheaper than other products, and the functions it has are worth the cost.

I was not part of the evaluation team, but the evaluation team must have evaluated other products. One example of an option that I personally evaluated was BeyondTrust Privileged Access Management .

One thing other organizations should know about One Identity Safeguard is that it integrates well with the existing identity system, which is a very great point for other organizations to know before purchasing it because it makes it easier to deploy in their environment without changing the current workflow or existing network.

One Identity Safeguard provides heterogeneous integration with our existing products or legacy products, and the API integration is very helpful because it allows us to automate the onboarding of privileged accounts and integrate it with our existing ITSM  tools, which is a really good thing about this product.

I would advise others looking into using One Identity Safeguard to choose this product because it is cheaper but provides great outcomes, and the security features are robust. I have given this product an overall rating of nine out of ten.

My main use case for One Identity Safeguard  is streamlining the employee offboarding and making sure that when someone leaves the firm, all their access across the Active Directory and the Microsoft 365 and a couple of SaaS apps gets revoked automatically within minutes instead of chasing tickets for days. That has been the biggest day-to-day win for me. We also use the privileged access piece for a handful of admins, but offboarding is where it saves the most headaches.

One feature that I genuinely love about One Identity Safeguard  that nobody talks about is the access certification campaigns. Every quarter, I have to run a manager review for all M365 and Salesforce  entitlements. Earlier, it was me exporting spreadsheets and chasing people for weeks. Now I just launch a 10-second campaign in One Identity Safeguard and managers get a clean list in their inbox with keep, revoke, and reassign buttons. Almost all of them finish it in just two days. Anything untouched after 10 days gets auto-revoked. In the last campaign, we reclaimed about 20 to 30 unused enterprise licenses which are worth real money. That one feature alone pays for the tool every year.

A quick specific example of how the offboarding works in practice with One Identity Safeguard is that last month, we had a sales rep, Sarah, resign on a Friday afternoon. HR marked her termination date and last working day in our HRIS. The moment HRIS automatically published the termination event to One Identity Safeguard, the offboarding workflow triggered in One Identity Safeguard within about 90 minutes. It instantly disabled her AD account and converted her mailbox to shared and removed all from the Microsoft 365 Teams and revoked her licenses and also pulled her accounts from the Salesforce  and Slack using the pre-built API integration. For the two apps that do not have connectors, it auto-created revocation tickets in ServiceNow  and assigned them to the app owners with exact instructions. By Monday morning, when she would have normally handed in her laptop, literally everything was already locked down. There was no manual checklist and no forgotten access moments.

Two things that I actually use a lot with One Identity Safeguard are that we have contractors that come and go every few months and I just drop their start and end dates into a Google Sheet. One Identity Safeguard picks it up nightly and auto-provisions on day one, and it fully de-provisions on day nine. There are no more situations where contractors still have access three months later. The self-service break-glass feature is invaluable.

The self-service break-glass privileged elevation in One Identity Safeguard helps me greatly with my workflow. When our sysadmin is on vacation and I need to jump into a server really quick, I request temporary elevation right from the portal. I get it for four hours with full MFA plus manager approval too, and it auto-revokes and logs everything. There is no more sharing the domain admin password in a vault note. That is what I live in on a day-to-day basis besides offboarding.

When we switched to these access certification campaigns in One Identity Safeguard, my team responded with zero pushback and everybody loved it. During the first campaign, I was really nervous, so I sent a 30-second Loom video showing how to click the three buttons, and managers knocked it out in under five minutes each. I got Slack messages saying this was the easiest cert they had ever done and asking to never go back to Excel. Now they actually remind me when the next one is due. It flipped from another audit to done before coffee, and I am very happy with that.

I wish more people knew about the Identity Analytics dashboard in One Identity Safeguard, which actually flags shadow admin accounts and risky entitlements automatically. Twice it caught old service accounts that still had global admin in Azure  because someone forgot to clean up after a migration, which saved us from audit findings. The UI for building custom workflows is a bit clunky. Drag-and-drop would be a nicer thing to have. It works, but I always have to open documentation for syntax. Everything else is solid.

Fixing the UI for building custom workflows would make my experience 10 out of 10.

I have been working in my current field for the past 1.5 years.

For training to start using One Identity Safeguard, for me as the admin, it requires literally two half-day remote sessions with their onboarding engineer, plus I played around in the sandbox for a couple of hours. After that, I was live. For managers and end-users, there was zero formal training. The managers just get the certification emails with three big buttons, and employees only see the self-service elevation portal if they need it. It is one-click plus MFA. The full company was comfortable in under a week.

The deployment of One Identity Safeguard took exactly three weeks for my organization. Most of that was just testing and tweaking the approval rules. The actual technical deployment was done in under five business days.

The integration with ServiceNow  and Azure  using One Identity Safeguard was super easy. ServiceNow was literally just plug and play, and their certified app took about 20 to 30 minutes, and it just worked. On Azure, I just had to allow list IPs and drop the lightweight connectors on one jump box. The only tiny hiccup was Azure needed a PAT with extra scopes for the first time, but their support guys fixed it in just a 10-minute call. Overall, it was super easy and I faced no real roadblocks.

I have seen a return on investment with One Identity Safeguard. We have definitely seen a massive return. In terms of time savings, offboarding used to take me, on average, four hours per employee between all the manual ticket chasing and verification. With around two employees leaving per month, that is eight hours a month I get back from that one process. Access reviews used to take me a full week of my time every quarter to prepare spreadsheets, chase managers, and manually revoke access. Now, it is about two hours total to set up the campaign and review the results. That is a saving of 38 hours per quarter or about 152 hours a year. At my blended rate, that is nearly $10,000 in saved productivity costs. On direct cost savings, those access reviews helped us reclaim about 25 unused enterprise licenses last quarter. At an average of $50 a month, that is $1,250 a month or $15,000 a year saved right there, which is almost double what we pay for the tool. Risk reduction is harder to quantify, but avoiding one breach or one failed audit because of a lingering privileged account is worth way more than the $8,000 a year we pay. The ROI is massive. It basically pays for itself in the first month from the time savings alone.

My experience with pricing, setup cost, and licensing for One Identity Safeguard is that we are a 350-seat company and pay roughly $22 per user per year on a three-year deal. This came out to about $7,800 a year total. There were no surprise overages, no workflow or poor connector fees. Everything we use is included in a flat rate, and I am really very satisfied with the pricing. The cost is really low and I am able to get my ROI.

The deployment of One Identity Safeguard did not disrupt my privileged users at all. It was actually smooth. We rolled it out in phases. In week one, we ran everything in silent monitor-only mode with no changes, just watching what could have been done. In week two, we turned on offboarding for a pilot group of 20 people with no privileged impact yet. In week three, we enabled just-in-time elevation for the five admins. The admin's day-to-day did not change until they needed privileged access. Then instead of using their permanent high-privileged accounts or the shared DA password, they just click "elevate" in the portal and got temporary rights for four to eight hours, and everything auto-dropped when time was up. The only complaint was that the first two times, they forgot to request elevation and got access denied. They laughed it off, but after that, there were no outages, no angry calls, and no productivity dip. They actually preferred it now because everything is audited and they are not permanently over-privileged.

I have integrated One Identity Safeguard with ServiceNow where any access request or revocation outside the automatic stuff goes through ServiceNow workflows. I also push joiner, mover, leaver events into Slack via webhook, so the #it-announcements channels get a one-liner whenever someone's access changes. There is nothing with RPA  yet, but the ServiceNow plus Azure pieces are in production and rock solid.

I would rate my overall experience with One Identity Safeguard as an 8 out of 10.

Positive