My main use case for One Identity Safeguard is to specifically secure, control, and monitor the privileged accounts across our critical systems. We use this to secure password vaulting for privileged and service accounts, control the privileged access to servers, databases, and network devices, session monitoring and recording for audits and compliance purposes, and meet compliance requirements. We often use it to reduce the risk of potential misuse while maintaining visibility and governance over the privileged access.

We use One Identity Safeguard to manage the privileged access to our production Linux and Windows servers. All admin credentials are stored in Safeguard's password vault and users authenticate through Safeguard instead of knowing their actual passwords. When an admin needs access, they request the privileged access through Safeguard, and then Safeguard grants them time-bounded access, with the session proxied and recorded for auditing. Once the session ends, the password is automatically rotated.

One Identity Safeguard has impacted our organization in a positive way. Since implementing One Identity Safeguard, we have seen several noticeable improvements across security, compliance, and operations.

It has reduced the security risks, as privileged credentials are no longer shared or exposed with others, and automated password rotation has significantly lowered the risk of credential misuse. It also improves visibility and accountability. Session recordings and detailed audit logs make it easy to trace who accessed what, when, and why. This has been especially valuable during our audits and investigations. The operational efficiency of automating password management and access workflow has reduced the manual efforts for the IT and security teams.

We have noticed positive metrics after using Safeguard. The automated password rotation replaced our manual password changes for admins and service accounts, saving us three to four hours per day. We no longer need to save this time manually, resulting in a significant amount of time saved for system and security teams and eliminating the coordination emails and spreadsheets. It provides faster onboarding and offboarding for admins. Once roles and policies were defined, granting or revoking privileged access became a policy change rather than multiple manual updates across systems. It has also reduced the audit preparation efforts. Session recordings, access logs, and reports are readily available. Audit evidence that previously took days to compile can now be generated in hours or minutes.

We use One Identity Safeguard as a central control point for all our privileged access, which helps standardize the access policies across teams and platforms. We also use it for the approval workflows, which are enforced for high-risk systems and add an extra security layer for production access.

I have been using it for one and a half years. The best feature I appreciate is the session proxying and recording. It provides transparent session access for admins without exposing the real passwords. Another valuable feature is automated password rotation, which changes the credentials automatically after each use or on a schedule. It reduces the risk of leakage and reuse of passwords. Additionally, the approval workflow and the access request feature add governance with multi-level approvals for sensitive systems. These are the features that I appreciate the most.

When we started using the session proxying and recording features, overall, it was a manageable and fairly smooth process for us. However, like most security platform deployments, it had a few learning curves. Session proxying and recording worked with our major systems including Windows, Linux, and network devices with minimal configuration.

Some devices and services required slight changes to firewall rules and configuration to ensure the proxy could connect cleanly. Additionally, our admins needed orientation so they understood they were joining a recorded session, particularly for remote or support use. We spent considerable time adjusting the session filtering, retention settings, and naming conventions so recordings were useful and not overwhelming. These are some areas where we encountered challenges.

The user interface and navigation can be improved. Some workflows, particularly the reporting, session review, and policy configuration could be more intuitive. New users often need time to get comfortable with where things are located.

The initial setup can also be better. Deploying One Identity Safeguard in large or hybrid environments can require careful planning and tuning, so more guided setup or templates would speed up the onboarding.

In very high-volume environments, session indexing and retrieval can sometimes feel slow, particularly when searching historical recordings.

I have been using One Identity Safeguard for one and a half years.

One Identity Safeguard is quite stable. We have seen minimum downtime since deployment, and routine maintenance has been straightforward. The session proxying, password vaulting, and automated workflow run consistently even under high load. Applying the updates has been predictable with no major disruption in ongoing operations. The integration stability, connections to Active Directory, cloud targets, and DevOps pipelines have remained solid and dependable.

One Identity Safeguard is quite scalable and stable in performance. Safeguard handles a growing number of users, systems, and sessions without significant degradation in performance. The virtual appliance and on-demand cloud version allow the environment to expand easily as infrastructure grows. Access policies, approvals, workflows, and session recording rules can be extended to additional systems and users without major configurations. It works well across hybrid and multi-cloud environments, making it suitable for organizations with geographically distributed infrastructure.

The customer support is very good. Whenever we encountered any problem or issue, they are ready to help us.

Before using Safeguard, we evaluated accounts from CyberArk and Thycotic Secret Server, as well as a previous PAM solution. We switched because of the complexity and usability of those solutions. The previous solution required significant manual efforts to manage the privileged credentials and lacked intuitive session monitoring. There were limited integrations and it did not easily integrate with our cloud environment, DevOps pipelines, or RPA workflows, which was increasingly important for our operations. That is why we chose One Identity Safeguard.

One Identity Safeguard is a mature, reliable, and secure PAM solution that has significantly improved our privileged access management, compliance, and operational efficiency. While there is a learning curve for admins and users, continuous improvement in usability, reporting, and integration would make it even stronger. As it stands, it provides excellent security, visibility, and peace of mind.

We have seen return on investment after using Safeguard. We have saved approximately seven hours per week by automating the password rotation and access approvals, which has freed the IT security teams to focus on higher-value tasks. It has also reduced the manual efforts. Preparing audit evidence now takes only hours instead of days, reducing both internal labor cost and external audit time.

One Identity Safeguard is positioned as an enterprise-grade solution, so the license is not the cheapest in the market, but it reflects the value and security capabilities provided. Initial deployment costs were moderate, mostly tied to planning, virtual appliance resources, and some consulting support for policy configuration. There were no hidden costs beyond the standard licensing and support.

We evaluated CyberArk and Thycotic Secret Server before selecting One Identity Safeguard.

My team and I have been using Safeguard for a considerable time, and the positive feedback I received from them is that they appreciated the automated access workflow. The session proxying and recording gives them the confidence that actions are secure while still letting them work efficiently. Admins appreciate the centralized password vault because it removes the hassle of remembering or sharing passwords.

One Identity Safeguard is a robust, enterprise-grade PAM solution with excellent security and governance capability. The reason it deserves a rating of eight out of ten is because of its robust features and capabilities. However, it does not receive a higher rating due to user interface complexity, reporting limitations, setup and scaling efforts, and integration could be deeper.

I would strongly recommend One Identity Safeguard for enterprises managing privileged access. If an organization needs strong control over admin accounts, session monitoring, and compliance, Safeguard is a robust choice. For deployment and onboarding, the solution is reliable and feature-enriched, so organizations need to take time to plan the initial setup, policy configuration, and user onboarding to get the most out of it. Organizations can expect a learning curve as admins and users may need training to adapt to approval workflows, session recording, and just-in-time access.

I provide One Identity Safeguard a rating of eight out of ten.

My main use case for One Identity Safeguard is using only one module for privileged session, which we use for admins and contractors.

A quick specific example of how my team uses One Identity Safeguard day-to-day is that we use only the second part for our contractors, not for admins in our company, but for companies that help us perform admin work and support our system.

The best features One Identity Safeguard offers include video recordings to help us control our support risks.

Accessing and reviewing those recordings when needed is easy, and there are no problems with recording or reviewing.

One Identity Safeguard has positively impacted my organization by helping us manage risk. We have this product as Balabit, which is a good product that is very light and helps us check or assist with our needs.

One Identity Safeguard could be improved with a password manager and an identity manager as one big access management system.

I believe improvements could be made around integrating with other tools.

I have been using One Identity Safeguard for eight years.

I rated One Identity Safeguard nine out of 10 because the stability and control could be better, as there are some problems with stability and errors when we use it.

As my organization grows or my needs increase, it is easy to add more users or expand the use of One Identity Safeguard, and that experience has been good.

I would rate the customer support for One Identity Safeguard as eight on a scale of one to ten.

I did not previously use a different solution before One Identity Safeguard.

The deployment of One Identity Safeguard solution took one or two days.

The deployment affected my privileged users in a way that was pretty smooth.

Before choosing One Identity Safeguard, I evaluated other options based on simplicity, price, and functionality.

Feedback from users regarding One Identity Safeguard's usability and functionality is that it is a good product and very simple to use.

My advice for others looking into using One Identity Safeguard is that it is a great solution for simple tasks, with a good price and good functionality.

My company does not have a business relationship with One Identity Safeguard vendor other than being a customer.

I rated this review nine out of ten.

Our main use case for One Identity Safeguard is to integrate it to clients that need the SPP functionality, which stands for Safeguard for Privileged Passwords. They do say that we could utilize One Identity Safeguard to its full extent for now, but we're getting there.

A quick specific example of how we use One Identity Safeguard with a client is that our latest client needed a password vault, so at first, we integrated One Identity Safeguard for Privileged Passwords, and then they asked for a personal vault so they could store their passwords and secrets, much like KeePass, so we integrated One Identity Safeguard Personal Vault as well. Lastly, they figured at some point down the line that they needed SPS as well, but only the primitive version of it, so we just decided to integrate SPS as well and form it into a cluster with SPP, but they don't use any third-party plugins as of now.

The best feature One Identity Safeguard offers is that it is a pretty new, modern tool that makes extensive use of its API. In general, it's easier than other tools to just perform maintenance work or perform work using the API of One Identity Safeguard. Also, the way that the access requests are structured—with entitlements and access request policies—makes it easier to govern data and identities. CyberArk, which is essentially the industry standard right now, is doing a very primitive job of helping the administrator with the task, and One Identity Safeguard is a lot better at this.

These features help my team day-to-day by making onboarding new users easier, and they also make it easier to create existing teams that are complete with their own password management, their own password profiles and rotations, password requirements, and who gets access to what, so it all makes it easier and faster.

One Identity Safeguard has positively impacted my organization by being another tool that we have in our arsenal to be able to get other clients as well, because we also sell One Identity IAM, and we can just bundle One Identity Safeguard with it. It also has a nice feature called remote access, which a lot of people want to use for externals in their organization, coupled with its just-in-time requisition, so it makes selling it much easier because One Identity is a company that's been in the field for ages.

One Identity Safeguard can be improved by fixing the documentation, which is very convoluted as of now, and addressing versioning, as some major bugs and issues are not documented well enough in the documentation, along with some patches and fixes. Custom plugins need to be introduced as soon as possible.

I give it an eight because it's a nice tool and it's a modern tool, but there are still some issues, not necessarily pertaining to the tool itself, but to the whole philosophy of One Identity and how they have structured their workflows and their knowledge base, which essentially has no knowledge base, just like CyberArk. There are some issues that need to be fixed, plus it does not have a custom option, and a lot of clients are using in-house made applications that also need to be onboarded to One Identity Safeguard to be able to launch a browser session to that application, which One Identity Safeguard has not had any capabilities that could assist with that.

I have been using One Identity Safeguard for two and a half years, ever since we pivoted from CyberArk, as we wanted to be more tool-agnostic, and we decided that One Identity Safeguard was our best option because we had a past with One Identity, with us being in an IAM team.

One Identity Safeguard is stable.

So far, we haven't had any issues with One Identity Safeguard's scalability; it's been fine, but we generally target smaller to mid-sized implementations.

The customer support for One Identity Safeguard is fine for what it is, even though everything needs to be run through them and there are no knowledge bases, so we have to wait for a response from the One Identity Safeguard company, and they also keep a lot of information, requiring us to make a request and then they would need to reply, but it's acceptable overall. It's not the worst I've seen.

I previously used CyberArk before switching to One Identity Safeguard.

The deployment of the solution takes about two to four weeks, give or take, but that's not counting waiting for the client to respond and all that.

About a month of training is required for end-users, and for us, it was four months to understand One Identity Safeguard, but that was because we already had experience in other PAM tools like CyberArk.

We are partners, executive partners, and resellers with this vendor.

My experience with pricing, setup cost, and licensing has been a good experience overall, as the back and forth with One Identity is something that is acceptable; other tools have options to do this automatically, and they have it, but pricing, presales, and sales is acceptable overall.

Before choosing One Identity Safeguard, I evaluated Zero Trust and Delinea, but they were for smaller organizations, so we decided to adopt One Identity Safeguard.

My advice to others looking into using One Identity Safeguard is to get familiar with the concepts of entitlements and access request policies, the keywords One Identity Safeguard uses, and also get familiar with the way that it handles session management and recording because it's a tool that needs a lot of time to get accustomed to. I give One Identity Safeguard an overall rating of eight out of ten.

Our main use case for One Identity Safeguard is access management and session management for our privileged users.

A specific example of how we use One Identity Safeguard for privileged users involves our integration with OneLogin, which is another product by One Identity. When our privileged users sign up with OneLogin, we provide them with all the necessary details about their session, and we monitor their activities to control any mistakes they might make. This process is fully automated by One Identity Safeguard.

In addition to access and session management, we also use One Identity Safeguard for password vault safety, ensuring that most of our privileged users receive a different password each time they log in so that the admin doesn't know the password, thereby protecting the entire system.

The automation of session management with One Identity Safeguard helps us significantly, as it saves us a lot of time and reduces errors. Since many of our developers and privileged users are still learning, they tend to make mistakes, and One Identity Safeguard points those out, helping us avoid major issues.

Feedback from users regarding One Identity Safeguard's usability and functionality is mostly positive.

We mostly rely on the session management and vault system features of One Identity Safeguard. In my experience, the best features One Identity Safeguard offers are mostly related to session management, which is highly automated and makes a lot of sense.

One Identity Safeguard could be improved by reducing pricing a little bit, and while the support team is mostly good, better pricing would also be advantageous.

Regarding needed improvements, the integration process has a learning curve for most of our developers. The deployment of One Identity Safeguard took about a few weeks, and I can say it was a painful process.

The deployment of One Identity Safeguard was not disruptive to our privileged users, but they had to learn a lot about the product because its user interface is complicated, and there is definitely a learning curve.

I have been using One Identity Safeguard for about six months.

In my experience, One Identity Safeguard is stable, with most of their updates being reliable.

One Identity Safeguard's scalability for our growing organization is straightforward; it is mainly automated, so we don't have to do much.

One Identity Safeguard's customer support is good, and I would say it's better than CyberArk's.

The integration with OneLogin was easy for our team since both products are owned by the same company, and the API integration process is straightforward, with the support team being very helpful.

On a scale of one to ten, I would rate One Identity Safeguard's customer support a nine.

Previously, we were using CyberArk's PAM for privileged access management, but we switched to One Identity Safeguard because CyberArk was too expensive over time, especially as the number of privileged users increased.

We have seen a 12% return on investment with One Identity Safeguard, and we have saved a significant amount of money. When we were using CyberArk, it was very costly, and One Identity Safeguard is much cheaper in the long run.

My experience with the pricing, setup cost, and licensing of One Identity Safeguard is that pricing is good, especially in the long term, as it's way better than CyberArk's, and the other costs are relatively similar.

Before choosing One Identity Safeguard, we evaluated other options, mainly CyberArk's products, and I don't remember much about the other solution we considered.

Since starting to use One Identity Safeguard, there has not been much improvement, but I can say it's affordable, and that's primarily why we are using it.

The affordability of One Identity Safeguard has allowed us to allocate budget elsewhere, particularly towards integrating it with OneLogin, which helps us manage our increasing user base's needs and costs.

My advice for others considering One Identity Safeguard is that if you have more employees and privileged users and are looking for a long-term solution, then it is a good option—it's actually the better option. One Identity Safeguard is inexpensive in the long term, and it offers a better solution than CyberArk's, and mostly the pricing is what I value about it.

I rated this review nine out of ten.

The purpose is to ensure that privileged users do not know their own passwords.

Our organization is more secure, and we are confident that the privileged users who are using the systems are actually the users they claim to be due to two-factor authentication because we are using two-factor authentication in One Identity Safeguard.

It is easy for us to revoke access as well. Previously, we did not know who had access to a system, but now, we can see what access is currently open to systems directly from one single pane of glass, allowing us to revoke that access if necessary. We have limited the possibilities for malicious actions and have made it safer for our users when they are using privileged accounts. They only have privileged access when using that account, but they do not know the password. While nothing is 100% secure, it is more difficult to misuse that privileged account. In the past, IT administrators could log in with domain administrator access on their normal PCs, which made everything work without needing to elevate their rights. Now they cannot do that because they no longer know the password. They are required to go through One Identity Safeguard to elevate their rights.

In the beginning, we had some pushback from the administrators because they could not log in directly to a server or a system. They have to go through the web interface and log in. We had to educate them and put in a little bit of effort. We made them aware that we were also taking risks away from them so that nobody could misuse their credentials. People become administrators only when they want to use the system. When they are done using it, the account is disabled, and administrative privileges are revoked.

Previously, we had external consultants who had accounts, but we did not necessarily know when they were using the account. We now know because we have put up an approval flow. The external company needs to request access for a user, they need to call us and provide a ticket number. We then can approve it. We can also approve them for a specific duration, such as two hours. After that, the user needs to request access again and he needs to be approved. We now know when external people are using our systems. All the external privileged users are now disabled, which were not disabled before because we did not know when they needed to use the system. They did not have a normal user and a privileged account. They just had one user who could log in to the systems. Now, they need to have a normal user that can log in to One Identity Safeguard, and then the privileged account will only be enabled when we have approved the access to the system. The normal user does not have any access besides logging in to One Identity Safeguard. So, there was some pushback because administrators had to raise a ticket. We also tightened up our ticket system to ensure that IT does not do any work unless there is a ticket.

Our management can see that our security posture has greatly improved because, on a normal day, we do not have any privileged users who are enabled, so it is very difficult to elevate access to various systems. If they are not active, privileged access is revoked, and there is no access without a ticket.

We use the transparent mode feature for privileged sessions. It is very easy because it just goes through the Safeguard session. That session is used as a proxy now, so we can limit our end-user's access to server assets. Only the session has access to the servers, so we can do micro-segmentation in a different way now on our network.

The transparent mode is rather seamless because the user does not see this Safeguard session. They only see the Safeguard for privileged passwords because that is the interface that is there, a single pane of glass. When they request access to an IDP session or server, they see a different background because it goes through the process that does the recording but the users do not see that.

The transparent mode helps to monitor privileged accounts which we could not do before.

We have integrated it with test and development. They do not know the password either. Previously, they were the kings of their kingdom, whereas now, they are just users of their kingdom. They also now have to go through One Identity Safeguard.

If a privileged user does something malicious or suspicious, with session recordings, we can see what happened. We can see this person authenticated with two factors when he logged into One Identity Safeguard. If it was not something malicious, we can use this information to become better so that the issue will not happen again.

The implementation time was quick. It was basically up and running within a week.

I like the features that allow you to rotate your password, give you access to an RDP session without knowing your password, and record sessions. This is helpful for external people coming in, as we can review what they have been doing and use the recordings for training purposes. For example, if I want to upgrade a system that an external consultant did, these recordings can help identify issues. We can set different keywords to cut off a session if something malicious is detected. We can prevent a malicious action.

We use it to log in to various systems such as Linux and Windows, which is very convenient. There is also a personal vault for browser use, allowing us to save credentials for business-related websites securely. If a user leaves the company, I can assign that vault to another user. I can share credentials, save files within One Identity Safeguard, and ensure that certificates and license numbers are securely stored. I can see who has access to the files. I can save license numbers and license files in One Identity Safeguard, so I know where they are saved. I can also give access only to those who need it, as opposed to them residing on a file share or OneDrive, where access is not as transparent.

From a management point of view, it would be beneficial if One Identity Safeguard Privilege Password and One Identity Safeguard Privilege Session had a more similar interface. Also, if Privilege Session pushed more data to Safeguard Privilege Password, an admin would only need to log in to one place. They could then see the sessions and everything happening, even if it is running on a separate appliance. Why should I log into Safeguard for Privilege Session separately when it has been requested through the Privilege Password appliance? It would be advantageous if it was seen as one unified box, even though they are different. This is the improvement I would like to see.

I have used the solution for less than a year.

It is stable. I would rate it a nine out of ten for stability.

It is very scalable. I would rate it a nine out of ten for scalability.

Our clients are medium to large enterprises.

Most clients use regular support, but some clients use premium support.

In previous work, I have used CyberArk and Secret Server. One Identity Safeguard is way cheaper, intuitive, and easier to use. Its implementation costs are much lower than CyberArk.

It is on par with Secret Server, but you do not have session recordings. You just have the privileged passwords and rotation features. You need to harden the Windows because it was installed on Windows, whereas One Identity Safeguard is already a hardened appliance. One Identity Safeguard is more secure than Secret Server. However, I used Secret Server a couple of years ago. It has probably matured now.

We are using the virtual appliance because we already have a virtual environment. The only on-prem setup we have are the physical servers that run a hypervisor. We like to have everything virtual. We can also secure a virtual appliance in a different way compared to the physical appliance. With a physical appliance, if something happens, we have to get hold of the vendor and sort out how fast they can ship a replacement, whereas we can deploy a virtual appliance instantly and get it up and running if there is a problem.

One Identity Safeguard Privilege Password is rather straightforward, rating it as an eight out of ten. Privilege Session is more like a six out of ten, being a bit more complex if I want to use all the features. However, if I just want to use it in Transparent mode, it is easier.

In total, it takes less than two weeks, depending on the landscape. Some preparation, like obtaining certificates and securing a backup share, is required first. I do require input from others to implement it within two weeks. If I can gather all the necessary data and access, the implementation becomes more straightforward.

The deployment was disruptive in a way for the privileged users because they now needed to log in through the web interface, whereas previously, they could log in directly. There are more or different steps. Instead of clicking directly on an asset they want to log in to, they need to log in to a different web page and request access. There are a few more mouse clicks than before, but we now have a better security posture of our environment.

To manage and do the implementation, you need to know certain things. You can also use a trusted partner for implementation. If you do not change anything in the system or do not want to do other connection types, you do not need that much training. You need to be aware of what you should look for. A three-day workshop with a partner would be sufficient. For end-users who need to use the system, a two-hour training would be enough.

We have two One Identity Safeguard specialists in our organization.

It is more expensive than Secret Server but way less expensive than CyberArk. As a customer, I would like the pricing to be lower, but it has a good price point.

There is no reason not to recommend it. Everyone should have a PAM solution to prevent privileged user damage and mitigate risks like stolen passwords or insecure storage. If you want to ensure recordings of activities, be it from external people or highly privileged users, then this is essential. This reduces the risk of malicious insiders. You cannot always prevent it, but having recordings allows you to pinpoint activities before a system failure. You can consider having SPA analytics for additional security. We do not have that yet because of the price, but we might add it later.

I would rate One Identity Safeguard a nine out of ten.

We are using it internally because I work in a consultancy company. I use it both for our internal privileged accounts. We have different systems like Google Cloud, some internal servers, data centers, etc. To secure those privileged accounts, like the administrator accounts and root accounts, I use One Identity Safeguard to rotate passwords, authorize sessions, and more. The second use case is that we also implement One Identity Safeguard for different customers.

The most significant benefit is that in the past, we saved passwords in Notepad files or Excel files. Now, we do not, and we have more security. We do not have saved passwords or plain text passwords in different places within the organization. That is probably the most significant benefit regarding security.

In terms of integrations, we have basic integrations for our Windows and Unix servers. We do the transparent connection for LDP and SSH, and that is all. The integration is simple overall for this kind of connection. However, if we want to integrate different consoles or different systems, it is a bit more complex because it is not so much out of the box, but for our current systems, it was very easy.

End-users require just a couple of training sessions and some documentation, and they are ready to go. They can start using the tool as an end user in a week or less. Managers or administrators require a technical specialist training workshop, which is a full-week course. After that, they need one to three months of training with laboratories and documentation. They would need at least three months to work well with the platform.

There is ease of implementation. Compared to other PAM solutions, it is easy to implement and use from an administrator's point of view. That is the most important benefit. It is very simple to implement and use.

We should be able to create customized connectors in a better way. For ad hoc or special use cases, I sometimes find we have limitations. Improving the way we develop new connectors for non-typical systems would be beneficial.

Another area for improvement could be the threat detection capabilities, like those seen in other PAM vendors. The ability to detect strange behaviors during a transparent connection or detect risky sessions and respond immediately would also be a good improvement.

We have had good feedback about One Identity Safeguard, but for LDP and SSH sessions, when we have to connect to a different console, such as a web console, the customers sometimes complain about the efficiency of the sessions. It takes extra time, and the user experience is not so good when you are using different connectors than normal ones.

I have been using it since 2020, so about five years now.

I would rate it a nine out of ten for stability. It is like a black box. It is an appliance. It is difficult for things to go wrong.

It is scalable. I would rate it a nine out of ten for scalability. It is easy if you need to implement resources.

In our organization, we have 15-20 people working with this solution. Our clients are medium enterprises.

We use their partner support. It is usually okay. When I have day-to-day incidents and problems, the response is good enough in terms of time and quality. However, with complex problems, the response is not as fast.

I have experience with CyberArk. I would say CyberArk is a more complex solution in terms of implementation, day-to-day administration, and maintenance. It is more complex and difficult in some ways, but for advanced or difficult connectors, CyberArk has more capabilities to develop customized connectors. It can cover more special or ad hoc use cases, but at the price of more complexity overall.

One Identity Safeguard is at the top level because it covers almost all the general PAM use cases. It covers password rotation, transparent connections, threat detection, isolation, etc. It can cover the needs of most organizations. We have also been able to better cover more complex use cases with One Identity Safeguard than with other PAM solutions.

We have a virtual appliance. We chose the virtual appliance because we were already using a virtual machine infrastructure, so it was easy for us. Our implementation is not complex. We do not have a lot of regulations. It does not matter if we lose connectivity. It is not the end of the world, so for us, a virtual appliance was good enough. It was easier to implement. We do not need to rely on physical devices.

To implement and be functional, it takes days, probably one week, but when I go to a customer and need to do all the configuration and integrate systems, it can take a couple of months overall. It takes days to implement, but configuring and integrating everything can take some months.

In terms of maintenance, it requires less maintenance compared to other PAM solutions. There is not much maintenance regarding the infrastructure. They are, black boxes or appliances, but they do require maintenance in terms of day-to-day configuration, permissions, and connectors.

We did not cover many use cases regarding efficiency and cost reduction, so we did not see ROI directly. However, being more secure makes it less probable that we will suffer an attack or data loss, which is a cost reduction, but I did not see much time reduction. There is about 10% savings.

It is cheaper than CyberArk. Its price is fair.

We use the solution’s transparent mode feature for privileged sessions. There was an impact on the users with the roll-out of this feature because we changed the way people were connecting to systems and faced some problems like communication and networking problems. People did not have the correct permissions at the time. That was a bit of a problem, but we now have a seamless integration. It took us a couple of months to have everything working.

I will recommend it to some customers because it is easy to deploy, administer, and configure. The price is fair. The scalability is also good.

Overall, I would rate it an eight out of ten. It covers pretty much all use cases, but sometimes there is a lack of customization.