We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.
"We are utilizing CyberArk to secure applications, credentials, and endpoints."
"We have accomplished our security goals. We have two-factor authenticated and vaulted our important accounts, so people can't just steal stuff from us."
"Provides improved security around having your credentials locked down and rotated regularly."
"All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information."
"It allows users to self-provision access to the accounts that they need."
"This is a complete solution that can detect cyber attacks well."
"The integrations are the most valuable aspect of CyberArk Privileged Access Manager. The software offers pre-built integrations, and our team can also create custom connectors. This flexibility allows us to integrate with systems that we previously didn't consider integrating with, making it a significant advantage for us."
"It is a robust product."
"Personally, I'm a great fan of Azure Active Directory due to the security and compliance features that are there in the classic or default Azure Active Directory."
"Let's say we decide that our users need to have MFA, multi-factor authentication. It is very easy to implement that with Azure Active Directory."
"Configuring the domain and setting it up in the Azure portal is just three clicks to be honest."
"The best thing about Active Directory is its compatibility. It works with lots of third-party vendors. We're using multiple products, and they're all integrated with our Active Directory."
"The solution's ease of use is one of its most valuable features."
"Azure Active Directory provides us with identity-based authentication, which secures access at the user level and also integrates with conditional access policies and multi-factor authentication helping to increase the identity security for that person. So, the hacking and leaking of passwords is a secondary problem because you will not authenticate a person with one factor. There is a second factor of authentication available to increase the security premise for your company."
"The solution scales well."
"The best feature is the single sign-on provision for the various type of users."
"Performance of PIM could be better and intended for usability as well as security."
"We found a lot of errors during the initial setup. They should work to improve the implementation experience and to remove errors from the process."
"They are sometimes not flexible with things. For instance, from one day to another, there might be something that had been done years ago by CyberArk, then they say, "We do not support that." You then have to initiate a complaint and start working with them. Things might become complicated and months pass while you are working with them. Usually, they are good and fast, but sometimes they seem to be blocked with problems, e.g., you will suddenly be working with another team instead of the team that you were working with the day before."
"It can be integrated with other systems, but it is not easy to integrate. It takes too long to integrate it. Its integration should be easier and simpler."
"There were a lot of manual steps in the initial setup which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5."
"The documentation is rather basic and it is missing many use cases."
"One thing that could be improved is to create of a better alternative for fixing group policy fees. We currently use Microsoft, but they have introduced new policies that may not be compatible."
"Online help needs to be looked into with live agent support."
"The support could be better. Lately, they sort of dropped off a bit in terms of quality."
"The monitoring dashboard could be a bit better."
"The downside of using a single password to access the entire system is that if those credentials are compromised, the hacker will have full access."
"When it comes to identity and access life cycle management for applications that are run on-premises, as well as access governance, if those kinds of capabilities could be built into Azure Active Directory, that would be good."
"The Cloud Provisioning Agent cannot provision a lot of the information that AD Connect does. For starters, the lightweight version cannot synchronize device information. If you have computers on-premises, the information about them will not be synchronized by the Cloud Provisioning Agent. In addition, if you have a user on the cloud and he changes his password, that information should be written back to the on-premises instance. But that workflow cannot be done with the lightweight agent. It can only be done with the more robust version."
"When it comes to Azure, creating certain things or getting different resources isn't very clear. You need a certain level of knowledge of the system. It could be a little bit more friendly so that some of the things can be done easily, but after everything is created, it's easy to use."
"From time to time it takes a little bit of time to replicate, with some of the applications—something like five to 10 minutes. I know that the design is not supposed to enable real-time replication with some of the applications. But, as an administrator, I would like to run a specific change or modification in Azure Active Directory and see it replicated almost immediately."
"The only issue with Azure AD is that it doesn't have control over the wifi network. You have to do something more to have a secure wifi network. To have it working, you need an active directory server on-premises to take care of the networks."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 144 reviews while Microsoft Entra ID is ranked 1st in Access Management with 190 reviews. CyberArk Privileged Access Manager is rated 8.8, while Microsoft Entra ID is rated 8.6. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Microsoft Entra ID writes "Saves us time and money and features Conditional Access policies, SSPR, and MFA". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and ManageEngine PAM360, whereas Microsoft Entra ID is most compared with Microsoft Intune, Google Cloud Identity, Okta Workforce Identity, Cisco Duo and Yubico YubiKey. See our CyberArk Privileged Access Manager vs. Microsoft Entra ID report.
See our list of best Access Management vendors.
We monitor all Access Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
