Case Study: T‑Mobile Austria achieves secure, auditable third‑party access with One Identity Safeguard for Privileged Sessions

T-Mobile Austria Manages Third-Party Privileged Access with Safeguard for Privileged Sessions

T‑Mobile Austria, the country’s second‑largest mobile operator serving over 4 million customers, needed a way to control and audit remote SSH access for thousands of third‑party devices and vendor engineers. Existing firewalls and VPNs required manual rule changes and granted risky firewall configuration rights to support staff, so T‑Mobile looked to One Identity and its Safeguard for Privileged Sessions to provide fine‑grained, supervised access to critical systems.

One Identity’s Safeguard for Privileged Sessions was deployed in production in 2011 to proxy and monitor shell access, enforce command white/blacklists, and record/playback privileged sessions while remaining client‑agnostic. The solution improved auditability and operational security, simplified on‑call engineer access, and scaled from a 150‑host license to 500 hosts by March 2016, giving T‑Mobile Austria measurable control over third‑party access and reducing the need for manual firewall changes.

T-Mobile

Georg Petzl

Chief Security Officer