One Identity Safeguard

Features

Policy-based release control

Using a secure web browser with support for mobile devices, you can request access and provide approval for privileged passwords and sessions. Requests can be approved automatically or require dual/multiple approvals based on your organization’s policy. So whether your policies consider the requestor’s identity and level of access, the time and day of the request attempt, and the specific resource requested – or all of these — you can configure One Identity Safeguard to meet your customized needs. Plus, you can input reason codes and/or integrate with ticketing systems.

Full-session audit, recording and replay

All session activity – down to the keystroke, mouse movement, and windows viewed – is captured, indexed, and stored in tamper-proof audit trails that can be viewed like a video and searched like a database. Security teams can search for specific events across sessions and play the recording starting from the exact location the search criteria occurred. Audit trails are encrypted, time-stamped and cryptographically signed for forensics and compliance purposes.

Change control

Supports configurable, granular change control of shared credentials, including time-and last-use-based, and manual or forced change.

User behavioral biometrics

Each user has its own idiosyncratic pattern of behavior, even when performing identical actions, such as typing or moving a mouse. The algorithms built into Safeguard for Privileged Analytics inspect these behavioral characteristics captured by Safeguard for Privileged Sessions. Keystroke dynamics and mouse movement analysis not only help you identify breaches, but also serve as a continuous, biometric authentication.

Discovery

Quickly discover privileged accounts or systems on your network with host-, directory- and network-discovery options.

Approval anywhere

Leveraging One Identity Starling Two-Factor Authentication, you can approve or deny requests from anywhere – and with nearly any device -- without being on the VPN.

Command and application control

Safeguard for Privileged Sessions supports both black listing and white listing of commands and windows titles.

Instant on

Safeguard for Privileged Sessions can be deployed in transparent mode requiring no changes to user workflows. Acting as a proxy gateway, Safeguard can operate like a router in the network – invisible to the user and to the server. Admins can keep using the client applications they are familiar with, and can access target servers and systems without any disruption to their daily routine.

RESTful API

Safeguard uses a modernized API based on REST to connect with other applications and systems. Every function is exposed through the API to enable quick and easy integration regardless of what want to do or which language your applications are written.

One Identity Hybrid Subscription

Expand the capabilities of Safeguard with the One Identity Hybrid Subscription, which offers immediate access to cloud-delivered features and services. These include all-you-can-eat Starling Two-Factor Authentication to protect Safeguard access and Starling Identity Analytics & Risk Intelligence for Safeguard to pre-emptively detect risky users and entitlements. A single subscription enables all One Identity solution deployments.