Traditional privileged access management (PAM) solutions involve complex architectures, lengthy deployment times and onerous management requirements. In nearly every recent high-profile breach, privileged accounts have been compromised to gain access to critical systems and data. But you can limit the damage from a breach by adopting a SaaS solution that provide a secure, efficient and compliant way to access to privileged accounts. One Identity Safeguard On Demand combines a secure password safe and a session management and monitoring solution with threat detection and analytics all managed and delivered from the cloud. It securely stores, manages, records and analyzes privileged access.
One Identity ISO/IEC Certifications
One Identity SaaS solutions are developed, operated, and supported within the scope of the One Identity Information Security Management System, which has achieved ISO/IEC 27001:2013 certification, and is aligned to meet the additional control implementation guidance in ISO/IEC 27017:2015 and ISO/IEC 27018:2019. For our customers, meeting the requirements of these important industrial standards can provide confidence that our cloud infrastructure has been independently verified to effectively manage information security and privacy.
Key Benefits
Safeguard On Demand is a powerful cloud-delivered privileged access management (PAM) solution that automates, controls and secures the granting of privileged credentials with role-based access management and workflows. You lose no PAM, cybersecurity or compliance functionality . The user centered design of Safeguard On Demand means a reduced learning curve. Plus, the solution enables you to manage privileged passwords and privileged sessions from anywhere and using nearly any device. The result is that you can operate with privileged access management best practices. Plus, your enterprise is secure while your privileged users enjoy a new level of freedom and functionality.
Full-strength PAM with SaaS delivery
Mitigate potential damage of a security breaches
Meet compliance requirements
Realize ROI quickly with simplified deployment
Satisfy auditors with efficient audit-report creation
Identify and stop risky behaviors and unusual events
Simplify privileged account management
Features
The One Identity Approach to Privileged Access Management
The One Identity Safeguard portfolio includes the industry’s most comprehensive set of privileged access management (PAM) solutions. You can build on the capabilities of One Identity Safeguard On Demand with solutions for granular delegation of the UNIX root account and the Active Directory administrator account; add-ons to make open-source sudo enterprise-ready; and keystroke logging for UNIX root activities – all tightly integrated with the industry’s leading Active Directory bridge solution.
Policy-based Release Control
Using a secure web browser with support for mobile devices, you can request access and provide approval for privileged passwords and sessions. Requests can be approved automatically or require dual/multiple approvals based on your organization’s policy. So, whether your policies consider the requestor’s identity and level of access, the time and day of the request attempt, and the specific resource requested—or all of these — you can configure One Identity Safeguard On Demand to meet your customized needs. Plus, you can input reason codes and/ or integrate with ticketing systems.
Full-session Audit, Recording and Replay
All privileged session monitoring – down to the keystroke, mouse movement, and windows viewed – is captured, indexed, and stored in tamper-proof audit trails that can be viewed like a video and searched like a database. Security teams can search for specific events across sessions and play the recording starting from the exact location the search criteria occurred. Audit trails are encrypted, time-stamped and cryptographically signed for forensics and compliance purposes.
Instant On
Safeguard On Demand operates in transparent mode, requiring no changes to user workflows. Acting as a proxy gateway, Safeguard On Demand can operate like a router in the network—invisible to the user and to the server. Admins can keep using the client applications they are familiar with, and can access target servers and systems without any disruption to their daily routine.
User Behavioral Biometrics
Each user has an idiosyncratic pattern of behavior, even when performing identical actions, such as typing or moving a mouse. The algorithms built into Safeguard On Demand inspect these behavioral characteristics. Keystroke dynamics and mouse movement analysis help identify breaches and also serve as a continuous, biometric authentication, thus strengthening the cybersecurity of privileged access.
Approval Anywhere
Leveraging One Identity Cloud Assistant, you can approve or deny requests from anywhere — and with nearly any device.
Personal Password Vault
All your organizations employees can store and generate random passwords for non-federated business accounts in a free personal password vault. This enables your organization to use a sanctioned tool with the ability to securely share and recover passwords providing much needed security and visibility into business accounts.
Favorites
Quickly access the passwords that you use most often right from the login screen. You can group several password requests into a single favorite so you can get access to all the accounts you need with a single click.
Discovery
Quickly discover privileged accounts or systems on your network with host-, directory- and network-discovery options.
Real-time Alerting and Blocking
Safeguard On Demand monitors traffic in real time, and executes various actions if a certain pattern appears in the command line or on screen. Predefined patterns could be a risky command or text in a text-oriented protocol, or a suspicious window title in a graphical connection. In the case of detecting a suspicious user action, Safeguard On Demand can log the event, send an alert or immediately terminate the session.
Command and Application Control
Safeguard On Demand supports both black listing and white listing of commands and windows titles.
Wide Protocol Support
Full support for SSH, Telnet, RDP, HTTP(s), ICA and VNC protocols. In addition, security teams can decide which network services (e.g. file transfer, shell access, etc.) within the protocols they want to enable/disable for administrators.
Full-text Search
With its Optical Character Recognition (OCR) engine, auditors can do full-text searches for both commands and any text seen by the user in the content of the sessions. It can even list file operations and extract transferred files for review. The ability to search session content and metadata accelerates and simplifies forensics and IT troubleshooting.
RESTful API
Safeguard On Demand uses a modernized API based on REST to connect with other applications and systems. Every function is exposed through the API to enable quick and easy integration regardless of what want to do or which language your applications are written.
Change Control
Supports configurable, granular change control of shared credentials, including time-and last-use-based, and manual or forced change.
Resources
One Identity Safeguard On Demand
SaaS delivery to securely store, manage, record and analyze privileged access
Read DatasheetYour Secure Path to the Cloud
Watch this video to learn how One Identity’s progressive cloud strategy futureproofs your Identity Governance and Administration (IGA) infrastructure, no matter how complex or the mix of on-prem to cloud resources. See how our approach enables your organization to preserve your investment in on-premise systems while developing new SaaS and cloud-based uses cases.
Watch VideoPeer Paper: 10 Ways to Manage and Secure Microsoft Active Directory in an Evolving IT World
Thousands of innovative IT leaders worldwide are optimizing their Identity and Access Management programs with improve Active Directory and Azure AD management and security. Read real testimonials on how they improve their environments with Active Roles.
Read White PaperOne Identity Makes Zero Trust Security a Reality
One Identity platform makes Zero Trust security a reality.
Read White PaperNext-Gen Privileged Access Management is here!
Read how seven unique organizations are boosting security, gaining efficiency and experiencing agility. That's next-gen PAM!
Read E-bookWhy Privileged Access Management Should Matter to You
Why Privileged Access Management Should Matter to You
View InfographicOne Identity Manager On Demand Security Guide
One Identity Manager On Demand Security Guide
Read Technical BriefOne Identity Safeguard On Demand Security Guide
One Identity Safeguard On Demand Security Guide
Read Technical BriefGet Started Now
Related Products
Support and services
Product Support
Self-service tools will help you to install, configure and troubleshoot your product.
Support Offerings
Find the right level of support to accommodate the unique needs of your organization.