Azure Active Directory (Azure AD) vs CyberArk Privileged Access Manager comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Sep 6, 2022

We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Azure Active Directory users say deployment is simple and easy. Users of CyberArk Privileged Access Manager say the initial setup is complex and requires technical expertise.
  • Features: Users say both products have good stability, scalability, and security.

    Azure users like the solution’s ease of use, single sign on, identity-based authentication, and its privileged access management. Users say the conditional access rules are a little limiting and that provisioning is not intuitive

    CyberArk users like the solution’s performance, password protection, and monitoring tools. Reviewers mention that it lacks flexibility.
  • Pricing: Azure users mention that the solution has various levels of licenses, with a free basic tier. CyberArk users consider the solution to be expensive.
  • Service and Support: Most users of both solutions are satisfied with the level of support they receive.
  • ROI: Users of both solutions report a positive ROI.

Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.

To learn more, read our detailed Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager Report (Updated: January 2023).
672,411 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It is a central point where we provide the cloud lock-in for our company. We focus the multi-factor authentication within Azure AD before jumping to other clouds or software as a service offerings. So, it is the central point when you need to access something for our company within the cloud. You go to Azure AD and can authenticate there, then you move from there to the target destination or the single sign-on.""This solution is less time-consuming. We don't have to hire as many resources to give permissions to a particular user or group for any application.""We use BitLocker for policy enforcement. And now, because of the Microsoft 365 Business Premium package, we get Intune as a part of it. That's very useful for us for setting policies and managing the systems. The biggest strength of Azure AD is Intune.""Installation is straightforward. It only took a couple of hours to set everything up.""Technical support has been great.""Active Directory Federation Services (ADFS) stores the identities of our customers.""Multi-factor authentication (MFA) has improved our customers' security posture. Multi-factor authentication has two layers of authentication, which helps in case you input your credentials into a phishing website and then it has access to your credentials. So if they use your credentials, then you have proof on your phone that was sent to the end user.""The scalability capabilities are quite high."

More Azure Active Directory (Azure AD) Pros →

"We also use CyberArk’s Secrets Manager. Because AWS is the biggest area for us, we have accounts in AWS that are being rotated by CyberArk. We also have a manual process for the most sensitive of our AWS accounts, like root accounts. We've used Secrets Manager on those and that has resulted in a significant risk reduction, as well.""The automatic password management is the most important feature. The second most important feature is the ability to enforce dual control on the release of those passwords. The combination of these two features is the most important thing for us because we can show that we're in control of who uses any non-personal account, and when they do so.""Within the solution, I love the fact that everything is recorded. The configuration capabilities are great, too.""I found it valuable that CyberArk Privileged Access Manager can be integrated with PTA (privileged threat analytics), and this means that it will tell you if there's a risk to the logins and signs of risk and if risky behavior is observed. It's a good feature. Another good feature is the CPM (central password manager) because it helps you rotate the passwords automatically without involving the admins. It can go and update the scheduled tasks and the services. At the same time, if there's an application where it cannot do all of these, CPM will trigger an automatic email to the application owners, telling them that they should go ahead and change the password. This allows you to manage the account password that CyberArk cannot manage, which helps mitigate the risk of old passwords, where the password gets compromised, and also allows you to manage the security of the domain.""All of the features of CyberArk Privileged Access Manager are valuable.""Performance-wise, it is excellent.""The password management feature is valuable.""I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault."

More CyberArk Privileged Access Manager Pros →

Cons
"The solution has not saved costs. While we’ve eliminated some tools, there are some other features that we are dependent on as admin, which are not yet integrated with Azure AD.""I would like it if Intune could manage MacOS or iOS directly. Right now, we have to use a third-party solution.""The technical support can be confusing - if you're looking for something very specific, it can be hard to get the right answer or a solution.""Something that can be improved is their user interface""In terms of connecting the web application, there is technology for single sign-on. When we use it, the solution opens very slowly. It might be a bandwidth issue, and some content will not work on that portal.""Microsoft is working with Microsoft Identity Manager for Active Directory on-premise. It will be very important to have these identity management solutions directly in Azure Active Directory. It's very important to have some kind of Azure identity manager as a technology for identity and access management for working both in the cloud and inside the Azure suite.""We have a lot of freedom in using the Group Policy Objects and, although Group Policy Objects are part of Azure Active Directory, there are still a lot of things that can be improved, such as providing local admin rights to a user. There are various, easy ways that I can do that in the on-premises version, but in the cloud version, it is a bit difficult. You have to create a bunch of policies to make it work.""Its integration with open-source applications can be improved. I know that they are working on open-source authentication methods for integration with open-source applications, but they can make it more open."

More Azure Active Directory (Azure AD) Cons →

"Report creation could be improved. The policies could be more customized.""The solution could improve by adding more connectors.""It can be integrated with other systems, but it is not easy to integrate. It takes too long to integrate it. Its integration should be easier and simpler.""They need to provide better training for the System Integrator.""What could be improved in CyberArk Privileged Access Manager is the licensing model. It should be more flexible in terms of the users. Currently, it's based on the number of users, but many users only log in once in four months or once in five months. It would be great if the licensing model could be modified based on user needs. We even have users who have not logged in even once.""The turnaround time for technical support is lengthy.""CyberArk Privileged Access Manager could improve the integration with other solutions and ease of use. Additionally, there should be a feature to have remote connections without a VPN.""CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift."

More CyberArk Privileged Access Manager Cons →

Pricing and Cost Advice
  • "We got a good deal. If you get rid of all the products providing features that Azure Suite can provide, then it makes sense cost-wise."
  • "Microsoft has a free version of Azure AD. So, if you don't do a lot of advanced features, then you can use the free version, which is no cost at all because it is underpinning Office 365. Because Microsoft gives it to you as a SaaS, so there are no infrastructure costs whatsoever that you need to incur. If you use the free version, then it is free. If you use the advanced features (that we use), it is a license fee per user."
  • "Make sure that you get the most out of your Office 365 licenses for Azure AD. If you have additional concerns for users who don't have an Office 365 license, consider Azure AD Premium P1 and P2. Be aware that you have to evaluate your license usage beforehand."
  • "If you have a different IDP today, I would take a close look at what your licensing looks like, then reevaluate the licensing that you have with Microsoft 365, and see if you're covered for some of this other stuff. Folks sometimes don't realize that, "Oh, I'm licensed for that service in Azure." This becomes one of those situations where you have the "aha" moment, "Oh, I didn't know we can do that. Alright, let's go down this road." Then, they start to have conversations with Microsoft to see what they can gain. I would recommend that they work closely with their TAM, just to make sure that they are getting the right level of service. They may just not be aware of what is available to them."
  • "If you are dealing with one supplier with an out-of-the-box solution, which provides you end-to-end capabilities, then it is naturally cheaper and less of a headache to manage and operate."
  • "Be sure: You know your userbase, e.g., how many users you have. You choose the right license and model that suit your business requirements."
  • "For the Czech people, the solution is not cheap, as we are not a rich country. However, for most countries, the product pricing is acceptable."
  • "Everything needs to be considered for the requirements and if it is within the budget, then you can come up with a solution, whether it is SaaS, PaaS, or IaaS."
  • More Azure Active Directory (Azure AD) Pricing and Cost Advice →

  • "I believe that this solution is priced well. It's the market leader and I think that it's the best solution."
  • "Overall, its pricing is really good. The main difference from all the other vendors is that they have one package that covers all the functionality and modules of the basic PAM, except the add-on modules like adware and server protection. It also doesn't include the licenses for domain controller protection or maybe an API call-related feature. For the basic privileged access management, the bundle pricing is really good, but when it comes to an agent-based solution for advanced cyber protection or application identity managers, it is expensive. Services are also very expensive if you hire the services team from CyberArk, but these guys are really good. For a couple of large banking projects, we had an experience with them. The banks wanted to have things quickly and efficiently, so we had to hire them. If we take four weeks, these guys can do everything on a weekend. They charge quite a big sum of money, but they know the system well."
  • "The price of this solution is quite reasonable."
  • "The solution is very expensive and requires a license. We pay for an enterprise license."
  • "Pricing is quite high and it could be improved."
  • "They have two types of licensing: purchase and subscription. You have to pay for each admin user, such as Microsoft admin, mail admin, database admin, etc."
  • "The price of CyberArk support could be a little bit less. Otherwise, pricing is fine."
  • "Before we bought it, they were licensing each function individually, which got complicated and very expensive. When we decided to buy it, it was much more straightforward and still quite expensive, but it brings a lot of value and risk reduction to the organization."
  • More CyberArk Privileged Access Manager Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Single Sign-On (SSO) solutions are best for your needs.
    672,411 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Azure Active Directory's single sign-on feature has been helpful because users don't need to authenticate again and again each time they access it. Users only need to sign in the first time, and Azure… more »
    Top Answer:Active Directory is bundled with a package of Microsoft services, so it doesn't cost much. I don't know about the individual license of Active Directory.
    Top Answer:Microsoft services and most familiar third-party applications are currently supported, but we can't find many other platforms that integrate with Office 365 or Azure Active Directory. Microsoft should… more »
    Top Answer:We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the… more »
    Top Answer:Return on investment on over all product solution cost. especially hardware cost. when the licence increase due to jumpbox concept Hardware requirement also increase. secondly customisation duration… more »
    Ranking
    1st
    Views
    30,320
    Comparisons
    22,546
    Reviews
    98
    Average Words per Review
    959
    Rating
    8.9
    Views
    31,492
    Comparisons
    19,630
    Reviews
    31
    Average Words per Review
    903
    Rating
    8.2
    Comparisons
    Also Known As
    Azure Active Directory
    CyberArk Privileged Access Security
    Learn More
    CyberArk
    Video Not Available
    Overview


    Azure Active Directory (Azure AD), part of Microsoft Entra, is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.

    Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps your employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on your corporate intranet network, along with any cloud apps developed for your own organization.

    Azure AD is intended for:

    • IT admins: As an IT admin, use Azure AD to control access to your apps and your app resources, based on your business requirements. For example, you can use Azure AD to require multi-factor authentication when accessing important organizational resources. You can also use Azure AD to automate user provisioning between your existing Windows Server AD and your cloud apps, including Microsoft 365. Finally, Azure AD gives you powerful tools to automatically help protect user identities and credentials and to meet your access governance requirements.
    • App developers: As an app developer, you can use Azure AD as a standards-based approach for adding single sign-on (SSO) to your app, allowing it to work with a user's pre-existing credentials. Azure AD also provides APIs that can help you build personalized app experiences using existing organizational data. 
    • Microsoft 365, Office 365, Azure, or Dynamics CRM Online subscribers: As a subscriber, you're already using Azure AD. Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically an Azure AD tenant. You can immediately start to manage access to your integrated cloud apps.

    CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

    CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

    Benefits of CyberArk Privileged Access Manager

    Some of CyberArk Privileged Access Manager’s benefits include:

    • The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
    • The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
    • The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

    Reviews from Real Users

    CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

    PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

    Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

    Offer
    Learn more about Azure Active Directory (Azure AD)
    Learn more about CyberArk Privileged Access Manager
    Sample Customers
    Azure Active Directory is trusted by companies of all sizes and industries including Walmart, Zscaler, Uniper, Amtrak, monday.com, and more.
    Rockwell Automation
    Top Industries
    REVIEWERS
    Financial Services Firm15%
    Computer Software Company13%
    Manufacturing Company10%
    Energy/Utilities Company6%
    VISITORS READING REVIEWS
    Computer Software Company20%
    Financial Services Firm12%
    Comms Service Provider9%
    Government7%
    REVIEWERS
    Financial Services Firm25%
    Insurance Company15%
    Healthcare Company9%
    Computer Software Company8%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm14%
    Comms Service Provider9%
    Government7%
    Company Size
    REVIEWERS
    Small Business32%
    Midsize Enterprise14%
    Large Enterprise54%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise66%
    REVIEWERS
    Small Business20%
    Midsize Enterprise13%
    Large Enterprise68%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise68%
    Buyer's Guide
    Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager
    January 2023
    Find out what your peers are saying about Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager and other solutions. Updated: January 2023.
    672,411 professionals have used our research since 2012.

    Azure Active Directory (Azure AD) is ranked 1st in Single Sign-On (SSO) with 101 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 38 reviews. Azure Active Directory (Azure AD) is rated 8.8, while CyberArk Privileged Access Manager is rated 8.2. The top reviewer of Azure Active Directory (Azure AD) writes "With multi-factor authentication, we've seen a marked decrease in the number of threats we've seen come through". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". Azure Active Directory (Azure AD) is most compared with Google Cloud Identity, Auth0, PingFederate, AWS Directory Service and Okta Workforce Identity, whereas CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion, SailPoint IdentityIQ and One Identity Safeguard. See our Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager report.

    We monitor all Single Sign-On (SSO) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.