One Identity Safeguard

Secure, manage and record privileged access

One Identity Safeguard

The methods that hackers use to gain access to your systems and data are constantly evolving. Ultimately, hackers want access to your privileged accounts as they provide unlimited access to systems and data. In nearly every recent high-profile breach, lapses in privileged account management have been exploited. To limit the damage when a breach occurs, you need a secure, efficient and compliant way to provide access to privileged accounts.

One Identity Safeguard provides a single architecture for privileged access management that is delivered on a secure hardened appliance. This architecture greatly simplifies deployment and management, and accelerates the time to value. Safeguard enables you leverage a unified policy engine and management tools to securely grant access to privileged passwords and sessions. The Safeguard appliance is built specifically for use with the Safeguard software, which is preinstalled and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. This approach protects the privileged management software from attacks while also simplifying deployment and management.


Policy-based release control

Using a secure web browser with support for mobile devices, you can request access and provide approval for privileged passwords and sessions. Requests can be approved automatically or require dual/multiple approvals based on your organization’s policy. So whether your policies consider the requestor’s identity and level of access, the time and day of the request attempt, and the specific resource requested – or all of these — you can configure One Identity Safeguard to meet your customized needs. Plus, you can input reason codes and/or integrate with ticketing systems.

Full-session audit, recording and replay

All session activity — every packet sent and action taken, including mouse movements, clicks and keystrokes — is recorded and available for review. The time and content of the session are cryptographically signed for forensic and compliance purposes. Only activity is recorded and recordings are compressed to minimize offline storage requirements.

Change control

Supports configurable, granular change control of shared credentials, including time-and last-use-based, and manual or forced change.

Always online

You get true high availability as this solution was built for distributed clustering. Plus, with load balancing and the ability to make requests from any appliance you get faster throughput and shorter response times.

Multi-language support

The administrator interface supports localization through the use of language packs to provide a seamless experience for administrators around the world. One Identity Safeguard supports Arabic, Chinese (simplified and traditional), Dutch, French, German, Italian, Japanese, Korean, Spanish and Russian.


Quickly discover privileged accounts or systems on your network with host-, directory- and network-discovery options.

Approval anywhere

Leveraging One Identity Starling (a cloud-based solution), you can approve or deny requests from anywhere – and with nearly any device -- without being on the VPN.


Safeguard uses a modernized API based on REST to connect with other applications and systems. Every function is exposed through the API to enable quick and easy integration regardless of what want to do or which language your applications are written.

Activity Center

Quickly and easily view all activity with a query builder. Customize reports for intended audience, such as IT operations or non-tech executives. Plus, schedule queries, and save or export the data in a variety of formats.

Two-factor authentication support

Protecting access to passwords with another password isn’t enough. Enhance security by requiring two-factor authentication to access Safeguard. Safeguard supports any RADIUS-based 2FA solution and includes 25 licenses to Starling Two-Factor Authentication.

One Identity Safeguard for Privileged Passwords

One Identity Safeguard for Privileged Passwords

One Identity Safeguard for Privileged Passwords automates, controls and secures the process of granting privileged credentials with role-based access management and automated workflows. The user-centered design of Safeguard for Privileged Passwords means a reduced learning curve. Plus, the solution enables you to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and gives your privileged users a new level of freedom and functionality.

One Identity Safeguard for Privileged Sessions

One Identity Safeguard for Privileged Sessions

With One Identity Safeguard for Privileged Sessions, you can issue privileged access for a specific period - or session - to administrators, remote vendors and high-risk users. And with Safeguard for Privileged Sessions’ full record and replay capabilities, you can easily meet your auditing and compliance requirements. In addition, it serves as a proxy to ensure that your critical assets are protected from any malicious software that might be lurking on an admin’s machine. Safeguard provides a single point of control from which you can authorize connections, limit access to specific resources, view active connections, record activity, receive an alert if connections exceed preset time limits and terminate connections.