No more typing reviews! Try our Samantha, our new voice AI agent.

ACF2 vs Idira Privileged Access Manager comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 2, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ACF2
Ranking in Mainframe Security
4th
Average Rating
9.0
Reviews Sentiment
7.8
Number of Reviews
6
Ranking in other categories
Database Security (12th)
Idira Privileged Access Man...
Ranking in Mainframe Security
1st
Average Rating
8.6
Reviews Sentiment
6.8
Number of Reviews
230
Ranking in other categories
User Activity Monitoring (1st), Enterprise Password Managers (2nd), Privileged Access Management (PAM) (1st), Operational Technology (OT) Security (3rd)
 

Mindshare comparison

As of July 2026, in the Mainframe Security category, the mindshare of ACF2 is 12.4%, up from 11.4% compared to the previous year. The mindshare of Idira Privileged Access Manager is 5.8%, up from 2.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Mainframe Security Mindshare Distribution
ProductMindshare (%)
Idira Privileged Access Manager5.8%
ACF212.4%
Other81.8%
Mainframe Security
 

Featured Reviews

reviewer1077621 - PeerSpot reviewer
IT Examiner at a financial services firm with 10,001+ employees
A reliable, scalable product for security and auditing of our mainframe environment
It is a good product. It has been used for years. As long as it is configured correctly, it is a very stable product. It depends on how an institution or a company configures it. It depends on an institution's risk appetite. You need to make sure it is configured as per the concept of least privilege, and the logging features, detection and control mechanism, and other things like that are enabled. If you configure it to give access to the public, then there could be compromises. You should also have someone who independently checks it to make sure that it is configured keeping security in mind. If it has been configured for a while, when there are enhancements to the product or when you enhance it, you need to make sure that security is also looked at, and it is configured according to an institution's security policies. I would rate it a nine out of 10.
Atul-Gujar - PeerSpot reviewer
CyberArk manager at a comms service provider with 10,001+ employees
Secures critical infrastructures with essential user session audit records
A potential area for improvement is enhancing support for cluster environments and distributed Vaults. Clients in multiple countries that need central access have different challenges that require better solutions from CyberArk. For financial services, CyberArk can improve incident response by ensuring fast support for critical priority tickets to meet compliance requirements. Providing more documentation on CyberArk is recommended for new team members to enhance their troubleshooting capabilities. I understand it's up to the client, but 99% fail to change the demo key, so it's crucial for CyberArk to emphasize changing the key and documenting it as part of the installation process.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Without the product, extracting this information may take us as much as several days; instead, we can get it in real time."
"I love their support. The support is great. They are number one."
"The most valuable feature is strict and reliable access control to CICS Resources."
"It is a good product."
"The NOACCESS by default is another very good feature. Also, access rules are straightforward, and easy to understand."
"I am deeply impressed with the quality and depth and breadth of security and functionality in CA’s ACF2 and Top Secret products."
"Know that this tool is a great tool, a good tool to use, because you can quickly automate, quickly provision, and deprovision new users, which is essential when you are bringing new people onboard."
"Logging and monitoring are most valuable. It is for the mainframe environment, and it is at the forefront for security and resilience."
"The biggest return on investment would be the security itself."
"The most valuable features of CyberArk Privileged Access Manager are its robust functionality and reliability."
"We chose CyberArk because of its great functionalities, the ability to be deployed granularly at a different scale for each function, and the ability to be deployed in a distributed infrastructure."
"CyberArk Privileged Access Manager has positively impacted my organization, showing significant improvement since all sessions are monitored and isolated using isolated RDP sessions, which are created temporarily and expire if not used."
"The session recording and monitoring capabilities are valuable. We have real-time session management ability to record, audit, and monitor any privileged user activities. That is a big deal."
"Overall, I would rate it a ten out of ten."
"We found the initial setup to be easy."
"I see the Auto IT integration as the most valuable feature."
 

Cons

"It needs longer rules. The max rule is 32K."
"They can work on its ability to work in a distributed environment."
"Initial setup could be complex if you rely on contractors to help with implementation."
"I would like my team and me to be able to use simple browsers, like Chrome, to be able to access mainframe data and provision users using the browser.​"
"Reporting can sometimes include false positives."
"The user access review could also be improved. It produces a lot of false positives."
"They can work on its ability to work in a distributed environment. It's a mainframe product. As many companies move to the cloud, depending on what cloud models they choose, such as a public, hybrid, or private cloud, it should be deployable. I am not sure if it can be deployed on those platforms. It has been there since the '50s or '60s, and it's still scalable. It has survived all these years, and it's scalable to many platforms, but I don't know about the cloud."
"Within CyberArk, I would like to see more support for personal accounts."
"CyberArk could enhance its usability by simplifying its architecture and design."
"This is where we have had some woes with this software."
"We would, of course, always prefer it if the pricing was cheaper."
"Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up."
"In terms of mean time to respond, I acknowledge variable response time. The L1 team is proactive, yet the vendor often pushes to close incidents swiftly, even when issues remain unresolved."
"Their post-sale support area requires a big improvement. Customers cannot automate tickets directly with CyberArk. They have to come through the distributor or bring in partners who have access to the support portal. Basically, the support for post-sales implementation is there, but the role of CyberArk is very minimal. Customers have to rely on partners, which sometimes creates issues. Some of the vendors help you during the implementation process, but the CyberArk support team does not do that. They have 24/7 support for our region, but they help only if there is an emergency or there is a problem with their system. If the password vault is down or the system is down, they provide immediate attention. For almost everything else, they take more time to respond. They give low priority to service-related or migration-related questions."
"The downside is that it's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers."
 

Pricing and Cost Advice

Information not available
"Its price can be reduced."
"CyberArk Privileged Access Manager is on the expensive side. It is very expensive."
"Payments have to be made on a yearly basis toward the licensing costs of the solution."
"Generally, I don't get involved in the licensing or the purchasing side of it, but I do know that the licenses are expensive."
"The solution is costly but we get what we pay for."
"Previously, the pricing was very meager. They started publicizing and advertising the solution, growing CyberArk, as an organization. They also changed their pricing with that growth, e.g., the pricier the product, the more people who will purchase it."
"Quite expensive"
"Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product."
report
Use our free recommendation engine to learn which Mainframe Security solutions are best for your needs.
904,836 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Educational Organization
10%
Manufacturing Company
10%
Comms Service Provider
8%
Financial Services Firm
13%
Manufacturing Company
10%
Outsourcing Company
7%
Construction Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business2
Midsize Enterprise1
Large Enterprise4
By reviewers
Company SizeCount
Small Business59
Midsize Enterprise42
Large Enterprise175
 

Questions from the Community

Ask a question
Earn 20 points
How does Sailpoint IdentityIQ compare with CyberArk PAM?
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the m...
What is your experience regarding pricing and costs for CyberArk Privileged Access Manager?
My thoughts on the pricing of CyberArk Privileged Access Manager depend entirely on the vendors' requirements. If they want their things to be secure, they have to spend accordingly. We have four t...
What needs improvement with CyberArk Privileged Access Manager?
I believe account discovery and rolling support need to be improved. Account discovery is important when integrating with other systems, as other PAM solutions can perform account discovery and onb...
 

Also Known As

CA ACF2
CyberArk Privileged Access Security, CyberArk Enterprise Password Vault
 

Overview

 

Sample Customers

Sky, Rogers Communications
Rockwell Automation
Find out what your peers are saying about ACF2 vs. Idira Privileged Access Manager and other solutions. Updated: June 2026.
904,836 professionals have used our research since 2012.