Risk reducer Make better security decisions by combining security information and policies from multiple sources to reduce exposure and eliminate information silos Governance 360 Provide auditors with detailed, real-time governance reports that includes information about what resources are in your environment, who has access to them and when, and why that access was granted and terminated. Experience a stress-free audit with our customizable reporting engine that gives you and the auditors what you need. Provisioning done right Eliminate manual mistakes by automating provisioning to any system, platform or application. Access done right Enhance security by providing employees, contractors, partners, customers, students, alumni, constituents and patients with only the access they absolutely need - nothing more and nothing less. Self-service access portal Saves time and reduces IT effort via a customizable online intuitive “shopping cart”. This enables users to request access to network resources, physical assets, groups and distribution lists, and control access rights and permissions for their entire identity lifecycle while leveraging predefined approval processes and workflows.

Password Manager supports a wide range of data security standards, which allows you to implement data-access policies that extend beyond the native control capabilities of Active Directory.

• Strengthen data-access policies beyond AD’s native controls
• Streamline help desk duties
• Serve users from multiple domains — with or without trusts
• Empower users to self-service basic password tasks
• Extend to enterprise-wide password management

Features Secure data access policies Adopt more secure data access policies beyond AD’s native controls. Security is enhanced as Password Manager helps eliminate help desk errors and the need for users to write down their passwords. Implement the entire range of security policies and ensure that passwords conform to requirements — per group or organizational unit — for password formatting and composition, history and lockout. Streamlined help desk duties Give administrators powerful logging and reporting features to make it easier to monitor password management activity and correct abnormalities. Customizable workflows and activities allow you to customize password policy and reset workflows to match your organization’s business needs. Multiple domain support Serve users from multiple domains — with or without trusts. Seamless integration with Windows, strong data encryption and secure communication are provided through support for leading technologies, such as 3DES, MD5, SSL and Microsoft’s CryptoAPI. User self-service Empower users with self-service capabilities to handle basic password tasks. Plus, Password Manager helps control IT costs by eliminating the need for users to make expensive calls to the help desk. Users now can enroll in and use self-service to reset their passwords or unlock accounts — and even reset passwords when their system is offline — all of which increases user productivity and reduces downtime. Enterprise-wide password management Extend AD-based password management to non-Microsoft operating systems — such as Unix and Linux — through integration with a set of robust tools. You can even support larger IAM initiatives and enterprise-wide password management needs. Expand password management functionality to Active Directory Lightweight Directory Services (AD LDS). Enable self-service unlocking of BitLocker-enabled computers.

With One Identity Safeguard for Privileged Sessions, you can control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users. Content of the recorded sessions is indexed to simplify searching for events and reporting so you can more easily meet your auditing and compliance requirements. In addition, Safeguard for Privileged Sessions serves as a proxy, and inspects the protocol traffic on the application level and can reject any traffic violating the protocol – thus making it an effective shield against attacks. In transparent mode, only minimal network changes are required and users do not have to change their workflow or client applications, which makes implementation a breeze. However, a workflow can be configured so you can authenticate users, limit access to specific resources, authorize and view active connections, and receive an alert if connections exceed preset time limits. Safeguard can also monitor sessions in real time and execute various actions: if a risky command or application appears, it can send you an alert or immediately terminate the session. Features: Full session audit, recording and replay All session activity – down to the keystroke, mouse movement, and windows viewed – is captured, indexed and stored in tamper-proof audit trails that can be viewed like a video and searched like a database. Security teams can search for specific events across sessions and play the recording starting from the exact location the search criteria occurred. Audit trails are encrypted, time-stamped and cryptographically signed for forensics and compliance purposes. Real-time alerting and blocking Monitors traffic in real time, and executes various actions if a certain pattern appears in the command line or on screen. Predefined patterns could be a risky command or text in a text-oriented protocol or a suspicious window title in a graphical connection. In the case of detecting a suspicious user action, Safeguard can log the event, send an alert or immediately terminate the session. Two modes of operations Choose which mode suits your needs.

• Workflow Engine – A workflow engine that supports time restrictions, multiple approvers, reviewers, emergency access, and the expiration of the policy. It also includes the ability to input reason codes and/or integrate directly with ticketing systems. A password request can be automatically approved or require any level of approvals.
• Instant On - Deploy in transparent mode so that no changes to user workflows are necessary. It can act as a proxy gateway operating like a router in the network – invisible to the user and to the server. Admins can continue to use familiar client applications and can access target servers and systems without any disruption to their daily routine.

Proxy access Since users have no direct access to resources, the enterprise is protected against unauthorized and unfettered access to sensitive data and systems. Safeguard for Privileged Sessions can proxy and record to many target resources, including UNIX/Linux, Windows, network devices, firewalls, routers and more. Full-text Search With it's Optical Character Recognition (OCR) engine, auditors can do full-text searches for both commands and any text seen by the user in the content of the sessions. It can even list file operations and extract transferred files for review. The ability to search session content and metadata accelerates and simplifies forensics and IT troubleshooting.