• Home
  • Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager

Azure Active Directory (Azure AD) vs CyberArk Privileged Access Manager comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager
May 2023
Executive Summary
Updated on Sep 6, 2022

We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Azure Active Directory users say deployment is simple and easy. Users of CyberArk Privileged Access Manager say the initial setup is complex and requires technical expertise.
  • Features: Users say both products have good stability, scalability, and security.

    Azure users like the solution’s ease of use, single sign on, identity-based authentication, and its privileged access management. Users say the conditional access rules are a little limiting and that provisioning is not intuitive

    CyberArk users like the solution’s performance, password protection, and monitoring tools. Reviewers mention that it lacks flexibility.
  • Pricing: Azure users mention that the solution has various levels of licenses, with a free basic tier. CyberArk users consider the solution to be expensive.
  • Service and Support: Most users of both solutions are satisfied with the level of support they receive.
  • ROI: Users of both solutions report a positive ROI.

Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.

To learn more, read our detailed Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager Report (Updated: May 2023).
Download the complete report
706,951 professionals have used our research since 2012.
Featured Review
Helmut Draxler
Stable and scalable solution with a well-documented site and good security features
The client has to have a clone network storage and manage the services it provides to the handful of people he works for. The control and identify... Read more →
Dharmendra Kumar
Beneficial secure server assess, useful user log access, and good support
It's improved our organization a lot. It has fulfilled some guidelines from the Indian government. There is some Indian government guideline for... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"With Azure Conditional Access you can specify network locations where you want some of the services in the organization to be available to users, and where you don't want users to have access.""Active Directory itself is the best feature it has. It also gives us a single pane of glass for managing user access.""It's a quite comprehensive solution and it scales quite well within our required scale as well, which is very useful.""The scalability capabilities are quite high.""Azure Active Directory has been very useful for our company, it is not difficult to use.""The most valuable features of this solution are definitely the authorization and authentication, and the rule-based user validation.""It is cloud based so it is always updated,""We use BitLocker for policy enforcement. And now, because of the Microsoft 365 Business Premium package, we get Intune as a part of it. That's very useful for us for setting policies and managing the systems. The biggest strength of Azure AD is Intune."

More Azure Active Directory (Azure AD) Pros →

"The solution is scalable.""The most valuable feature of CyberArk Privileged Access Manager is the vault. I am satisfied with the interface and the documentation.""It has a centralized page where you can manage everything. This makes work easier. You don't have to remember different module URLs or browser applications. It is very easy to get all the secure identities of other environments into a single page, which is very important for us as it helps a lot in terms of operations, e.g., reduces management time. This is a single page where you can manage all accounts and onboard them to the CyberArk. You can then secure and see passwords from everywhere. So, there is a single pane of glass where you can manage all the identities across environments as well as across different types of identities.""The password vault and session monitoring are useful.""We like it for the ability to automatically change passwords. At least for my group, that's the best thing.""I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault.""It is a single tool that isolates possible kinds of malware. You get lateral movement blocking and auditing information, e.g., you know who is doing what. You are getting protections from the service as well as a useful environment. All your admins can easily go in and out of your company while accessing your servers in a secure way, even if they are working abroad.""What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users."

More CyberArk Privileged Access Manager Pros →

Cons
"Sometimes, what one customer may like, another may not like it. We have had customers asking, "Why is Microsoft forcing us to do this?" For example, when you use Exchange Server on-premise, then you can customize it for your company and these customizations are unlimited. However, if you use Exchange Online or with Microsoft 365, then your ability to make modifications is limited. So, only the cloud versus is limited.""Definitely, the price could be lower. When we moved from AWS to Azure, we started paying more.""Four years ago, we had an issue with Azure AD. We wanted to reverse sync from Azure AD to on-prem Active Directory, but we couldn't achieve this. Azure AD could connect only in one way, for example, from your site to Azure. If you needed to do the reverse and connect from Azure to on-prem, there was no way to achieve it. We asked Microsoft, and they told us that they don't support it.""I want to see new functionalities for the active directory.""The only issue is the OU is not properly synced. Therefore, you have to do a manual sync sometimes or you might lose the connector due to AD Connect or sync servers.""Microsoft services and most familiar third-party applications are currently supported, but we can't find many other platforms that integrate with Office 365 or Azure Active Directory. Microsoft should develop connectors for different applications and collaborate more with other vendors to cover a broader range of applications.""Better integration with external governance products would be a welcome addition to Azure AD.""One area where it can improve is connectivity with other systems. Not all systems are connected and you have to do coding to establish a point of connectivity. It supports certain vendors and it supports certain protocols. It is limited in many other aspects at the attribute level."

More Azure Active Directory (Azure AD) Cons →

"Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge.""There is a lot of room for improvement in the report section. I also work on other tools, such as Thycotic, which allows you to create customized reports for your organization's needs. In CyberArk, there are limited reports, whereas in Thycotic or some of the other PAM tools, because the database is different, you can customize the report based on your needs through SQL queries.""If there is an area that has room for improvement, it's probably working with their support and getting people on the phone. That is hard to do with most products in general, but that seems to be the difficult area. The product is fantastic, but sometimes we want somebody on the phone.""Sometimes the infrastructure team is hesitant to provide more resources.""The PTA could be improved. Currently, companies often have multiple domains and sometimes it's difficult to implement CyberArk in this kind of infrastructure. For example, you can add CPM (Central Policy Manager) and PSM (Privileged Session Manager and PVWA (Password Vault Web Access) for access, but if you want to add PTA (Privileged Threat Analysis) to scan Vault logs, it is difficult because this component may be adding multiple domain environments.""If you are an administrator or architect, then the solution is kind of complicated, as it is mostly focused on the end user. So, they need to also focus on the people who are implementing it.""Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use.""The turnaround time for technical support is lengthy."

More CyberArk Privileged Access Manager Cons →

Pricing and Cost Advice
  • "We make sure that we only enable the licenses that are needed for the users, rather than enabling licenses in a blanket fashion."
  • "The licensing model is straightforward. I don't think there are any issues with the E3 license or E5 license."
  • "It is bundled with other services and the pricing is quite reasonable."
  • "We have an agreement with Microsoft, and my company pays yearly."
  • "Azure has an educational package available for students with a variety of licenses and different software available."
  • "Its price is per user. It is also based on the type of user that you're synchronizing up there."
  • "Azure Active Directory has a very extensive licensing model. Most of the features are available in the free and basic version, and then there are premium P1 and P2 editions. The licensing model is based on how many users you have per month. In Australia, for a P1 license, the cost is 8 dollars. With P1 and P2 licenses, you get a lot of goodies around the security side of things. For example, User Identity Protection is available only in P2. These are extra features that allow you to have a pretty good security posture, but most of the required things are available in the free and basic version."
  • "Azure Active Directory is more expensive than Google, but the capabilities they provide are superior."

    • More Azure Active Directory (Azure AD) Pricing and Cost Advice →

  • "The price of CyberArk support could be a little bit less. Otherwise, pricing is fine."
  • "Before we bought it, they were licensing each function individually, which got complicated and very expensive. When we decided to buy it, it was much more straightforward and still quite expensive, but it brings a lot of value and risk reduction to the organization."
  • "It is in line with its competitors, but all such solutions cost too much money."
  • "CyberArk DNA is free if you purchase the CyberArk solution. There is no additional charge for CyberArk DNA, which is great."
  • "The main problem for the tool is its licensing. I work for a really big company. When you try to develop this as a service, usually you work with leverage teams who are formed with dozens of members. You might dedicate one FTE, or less, for something, e.g., an antivirus administrator. You might have half an FTE's effort dedicated to administering the antivirus, but then you have a team of about 30 users who might access that ticket. The problem is that CyberArk eliminated the possibility of concurrent users years ago. This is a big problem for companies who work with leverage teams. You need to pay for everyone. 40 licenses are used by 20 or 30 people. This is a big problem because licenses are not precisely cheap."
  • "It's expensive, certainly. But CyberArk is the leader in the market with regards to privileged access management. You pay a lot, but you are paying for the value that is being delivered."
  • "Previously, the pricing was very meager. They started publicizing and advertising the solution, growing CyberArk, as an organization. They also changed their pricing with that growth, e.g., the pricier the product, the more people who will purchase it."
  • "Generally, I don't get involved in the licensing or the purchasing side of it, but I do know that the licenses are expensive."

    • More CyberArk Privileged Access Manager Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Single Sign-On (SSO) solutions are best for your needs.
    See Recommendations
    706,951 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Azure Active Directory?
    Top Answer:The most valuable feature is Conditional Access, and we use it extensively.
    Read all 79 answers   →
    What is your experience regarding pricing and costs for Azure Active Dire...
    Top Answer:The product's price is in the midrange.
    Read all 64 answers   →
    What needs improvement with Azure Active Directory?
    Top Answer:The licensing and support are expensive and have room for improvement.
    Read all 74 answers   →
    How does Sailpoint IdentityIQ compare with CyberArk PAM?
    Top Answer:We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the… more »
    Read all 2 answers   →
    What do you like most about CyberArk Privileged Access Manager?
    Top Answer:The integrations are the most valuable aspect of CyberArk Privileged Access Manager. The software offers pre-built integrations, and our team can also create custom connectors. This flexibility allows… more »
    Read all 34 answers   →
    What is your experience regarding pricing and costs for CyberArk Privileg...
    Top Answer:The license CyberArk Privileged Access Manager is on an annual basis.
    Read all 23 answers   →
    Ranking
    1st
    out of 35 in Single Sign-On (SSO)
    Views
    33,822
    Comparisons
    24,681
    Reviews
    105
    Average Words per Review
    857
    Rating
    8.8
    1st
    out of 39 in Privileged Access Management (PAM)
    Views
    31,744
    Comparisons
    19,328
    Reviews
    30
    Average Words per Review
    960
    Rating
    8.4
    Comparisons
    Also Known As
    Azure Active Directory
    CyberArk Privileged Access Security
    Learn More
    Microsoft
    CyberArk
    Video Not Available
    Overview


    Azure Active Directory (Azure AD), part of Microsoft Entra, is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.

    Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps your employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on your corporate intranet network, along with any cloud apps developed for your own organization.

    Azure AD is intended for:

    • IT admins: As an IT admin, use Azure AD to control access to your apps and your app resources, based on your business requirements. For example, you can use Azure AD to require multi-factor authentication when accessing important organizational resources. You can also use Azure AD to automate user provisioning between your existing Windows Server AD and your cloud apps, including Microsoft 365. Finally, Azure AD gives you powerful tools to automatically help protect user identities and credentials and to meet your access governance requirements.
    • App developers: As an app developer, you can use Azure AD as a standards-based approach for adding single sign-on (SSO) to your app, allowing it to work with a user's pre-existing credentials. Azure AD also provides APIs that can help you build personalized app experiences using existing organizational data. 
    • Microsoft 365, Office 365, Azure, or Dynamics CRM Online subscribers: As a subscriber, you're already using Azure AD. Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically an Azure AD tenant. You can immediately start to manage access to your integrated cloud apps.

    CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

    CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

    Benefits of CyberArk Privileged Access Manager

    Some of CyberArk Privileged Access Manager’s benefits include:

    • The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
    • The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
    • The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

    Reviews from Real Users

    CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

    PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

    Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

    Offer
    Learn more about Azure Active Directory (Azure AD)
    Learn More
    Learn more about CyberArk Privileged Access Manager
    Learn More
    Sample Customers
    Azure Active Directory is trusted by companies of all sizes and industries including Walmart, Zscaler, Uniper, Amtrak, monday.com, and more.
    Rockwell Automation
    Top Industries
    REVIEWERS
    Financial Services Firm15%
    Computer Software Company13%
    Manufacturing Company9%
    Energy/Utilities Company6%
    VISITORS READING REVIEWS
    Educational Organization17%
    Computer Software Company15%
    Financial Services Firm11%
    Government7%
    REVIEWERS
    Financial Services Firm23%
    Computer Software Company15%
    Insurance Company12%
    Healthcare Company9%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm13%
    Educational Organization10%
    Government6%
    Company Size
    REVIEWERS
    Small Business35%
    Midsize Enterprise13%
    Large Enterprise52%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise25%
    Large Enterprise56%
    REVIEWERS
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise66%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise20%
    Large Enterprise62%
    Buyer's Guide
    Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager
    May 2023
    Free Report: Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager
    Find out what your peers are saying about Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager and other solutions. Updated: May 2023.
    DOWNLOAD NOW
    706,951 professionals have used our research since 2012.

    Azure Active Directory (Azure AD) is ranked 1st in Single Sign-On (SSO) with 100 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 37 reviews. Azure Active Directory (Azure AD) is rated 8.8, while CyberArk Privileged Access Manager is rated 8.4. The top reviewer of Azure Active Directory (Azure AD) writes "With multi-factor authentication, we've seen a marked decrease in the number of threats we've seen come through". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". Azure Active Directory (Azure AD) is most compared with Google Cloud Identity, Auth0, PingFederate, SailPoint IdentityIQ and Fortinet FortiAuthenticator, whereas CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion, SailPoint IdentityIQ and One Identity Safeguard. See our Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager report.

    We monitor all Single Sign-On (SSO) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.