One of my favorite classic holiday movies is Elf. It has several great rules to live by including, “gum on the street is not free candy” and “a peep show is not getting to look at your presents early.”  But one of the one of the most important things is to not be on the naughty list.

The 16 biggest data breaches of the 21st century is another type of naughty list that would make any security professional have the same reaction as Buddy the Elf’s reaction to his dad being on Santa’s naughty list.

The good news is that One Identity Safeguard 2.1 was released today and while it can’t help you stay off of Santa’s naughty list and can help stop you from appearing on the biggest data breach list like Verisign did when hackers gained access to privileged systems and information.

Safeguard 2.1 is the latest version of One Identity’s privileged access management solutions that helps you control, manage and monitor privileged accounts. One Identity Safeguard enables you leverage a unified policy engine and management tools to securely grant access to privileged passwords and sessions in way that is easy for your admins and that will satisfy your auditors. There are lot of great features in this latest release, below is just a sneak peek at a few of the notable ones.



Why an Elf would care

Zero downtime patching

Zero downtime patching – During the cluster patch operation, access request workflow is available so authorized users can request password releases and session access.

So even when “Eddie the IT Elf” is patching One Identity Safeguard, Santa can still approve password requests.

Federated login

Federated login - One Identity Safeguard supports the SAML 2.0 Web Browser SSO Profile, allowing you to configure federated authentication with many different Identity Provider STS (IdP-STS) servers and services, such as Microsoft's AD FS and Azure AD.

“Edith the AD Admin Elf” from the South Pole who contracts with the North Pole elves when they need more workers to make toys can use her same credentials she uses to log into the South Poles systems to login to Safeguard.

Lights out management

Lights out management - The Lights Out Management feature enables you to remotely manage the power state and serial console to Safeguard using the baseboard management controller (BMC). When a LAN interface is configured, this enables the Appliance Administrator to power on an appliance remotely or to interact with the recovery kiosk.

“Edward the IT Elf” can start and monitor the health of the One Identity Safeguard appliance from the beach in Borneo after Christmas is over.


Multi-request - Authorized Safeguard users can now request multiple password releases or sessions in a single request. In addition, these requests can be saved as a "favorite" access request, providing quick access to the request from the user's Home page.

“Emma the UNIX Admin Elf” can spend more time playing with her new UNIX servers and less time requesting passwords for the servers.

Suspend / resume accounts

Suspend/resume accounts - Safeguard enables you to suspend Safeguard managed accounts when they are not in use to reduce the vulnerability of password attacks on privileged accounts.

One December 26, “Emily the IT Elf” can suspend access to the AD admin accounts from the servers that contain the information on the latest toys until production restarts next fall to ensure no one can gain access to the servers until they need to.


Take it from Buddy the Elf, you really don’t want to be on any naught list. Below are some resources to help you learn more about One Identity Safeguard and how it can help ensure your name doesn’t appear on one.

Read KuppingerCole’s executive review of One Identity Safeguard

Start a virtual trial

Related Content