Coming October 25: PeerSpot Awards will be announced! Learn more

Azure Active Directory (Azure AD) vs CyberArk Privileged Access Manager comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on September 6, 2022

We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Azure Active Directory users say deployment is simple and easy. Users of CyberArk Privileged Access Manager say the initial setup is complex and requires technical expertise.
  • Features: Users say both products have good stability, scalability, and security.

    Azure users like the solution’s ease of use, single sign on, identity-based authentication, and its privileged access management. Users say the conditional access rules are a little limiting and that provisioning is not intuitive

    CyberArk users like the solution’s performance, password protection, and monitoring tools. Reviewers mention that it lacks flexibility.
  • Pricing: Azure users mention that the solution has various levels of licenses, with a free basic tier. CyberArk users consider the solution to be expensive.
  • Service and Support: Most users of both solutions are satisfied with the level of support they receive.
  • ROI: Users of both solutions report a positive ROI.

Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.

To learn more, read our detailed Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager report (Updated: August 2022).
634,550 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I like that you can run it on-premises. I also like that I can use Azure at any time as the main one.""Conditional access is a very important feature where a specific user can be restricted such that they cannot connect to the application if they travel outside of the US.""The scalability capabilities are quite high.""The feature that I have found most valuable is its authentication security. That is Azure Active Directory's purpose - making cloud services' security and integration easier.""The portal version of the Azure active directory is pretty robust.""Multi-factor authentication really secures our environments and gives us the flexibility to use location-based policies. Azure AD also gives us a lot of flexibility in our scope of integration.""In terms of identity management, it helps to improve security posture. It generally helps in terms cloud security, simplicity, and single sign-on for multiple apps.""If a company has hundreds of users that already exist in the cloud, and it now wants to enable those same users to be present in third-party applications that their business uses, like Atlassian or GoToMeeting, the provisioning technology can assist in achieving that."

More Azure Active Directory (Azure AD) Pros →

"It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank.""CyberArk Privileged Access Manager's main benefit is it provides secure access to our servers. There are features to capture the user activity, it provides video recording processing. If the users are logged in to the server, we can see what activities they are performing. It's a very nice tool for Privileged Access Management. They have plenty of useful services and the solution has fulfilled our needs.""What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users.""CyberArk Privileged Access Manager is stable.""I found it valuable that CyberArk Privileged Access Manager can be integrated with PTA (privileged threat analytics), and this means that it will tell you if there's a risk to the logins and signs of risk and if risky behavior is observed. It's a good feature. Another good feature is the CPM (central password manager) because it helps you rotate the passwords automatically without involving the admins. It can go and update the scheduled tasks and the services. At the same time, if there's an application where it cannot do all of these, CPM will trigger an automatic email to the application owners, telling them that they should go ahead and change the password. This allows you to manage the account password that CyberArk cannot manage, which helps mitigate the risk of old passwords, where the password gets compromised, and also allows you to manage the security of the domain.""The automatic change of the password and Privileged Session Manager (PSM) are the most valuable features. With Privileged Session Manager, you can control the password management in a centralized way. You can activate these features in a session; the session isolation and recording. You apply the full intermediation principle. So, you must pass through CyberArk PAM to get access to the target system. You don't need to know the password, and everything that you do is registered and auditable. In this case, no one gets to touch the password directly. Also, you can implement detection and response behavior in case of a breach.""The technical support is good.""All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information."

More CyberArk Privileged Access Manager Pros →

Cons
"The solution was difficult to scale because the group's configuration was complex. I would rate the scalability level of Azure Active Directory a five out of ten.""It would be awesome to have a feature where you can see the permissions of a user in all their Azure subscriptions. Right now, you have to select a user, then you have to select the subscription to see which permissions the user has in their selected subscriptions. Sometimes, you just want to know, "Does that user have any permissions in any subscriptions?" That would be awesome if that would be available via the portal.""Some of the features that they offer, e.g., customized emails, are not available with B2C. You are stuck with whatever email template they give you, and it is not the best user experience. For B2C, that is a bit of a negative thing.""When you start to deal with legacy applications, provisioning is not as intuitive.""If your organization requires additional security then the subscription will be more expensive.""I would like it to be easier to integrate third-party applications.""There is no documentation about how Microsoft will scale Azure AD for customers. It only mentions that it will scale out if you have a lot of requests but does not mention how in detail.""The thing that is a bit annoying is the inability to nest groups. Because we run an Azure hybrid model, we have nested groups on-premise which does not translate well. So, we have written some scripts to kind of work around that. This is a feature request that we have put in previously to be able to use a group that is nested in Active Directory on-premise and have it handled the same way in Azure."

More Azure Active Directory (Azure AD) Cons →

"Their post-sale support area requires a big improvement. Customers cannot automate tickets directly with CyberArk. They have to come through the distributor or bring in partners who have access to the support portal. Basically, the support for post-sales implementation is there, but the role of CyberArk is very minimal. Customers have to rely on partners, which sometimes creates issues. Some of the vendors help you during the implementation process, but the CyberArk support team does not do that. They have 24/7 support for our region, but they help only if there is an emergency or there is a problem with their system. If the password vault is down or the system is down, they provide immediate attention. For almost everything else, they take more time to respond. They give low priority to service-related or migration-related questions.""The PTA could be improved. Currently, companies often have multiple domains and sometimes it's difficult to implement CyberArk in this kind of infrastructure. For example, you can add CPM (Central Policy Manager) and PSM (Privileged Session Manager and PVWA (Password Vault Web Access) for access, but if you want to add PTA (Privileged Threat Analysis) to scan Vault logs, it is difficult because this component may be adding multiple domain environments.""The continuous scanning of the assets is limited to Windows and Unix. We like to have the solution scan any databases, network devices, and security devices for privileged accounts. That would be very helpful.""It can be integrated with other systems, but it is not easy to integrate. It takes too long to integrate it. Its integration should be easier and simpler.""I would love them to improve their UI customizing features.""The product could be easier to use. More work needs to be done on this aspect; it is not good enough yet. It also takes up a lot of server space. Sometimes we need to use up to seven servers.""The solution could improve by adding more connectors.""Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge."

More CyberArk Privileged Access Manager Cons →

Pricing and Cost Advice
  • "This product is sold as part of the enterprise package and our licensing fees are paid on a yearly basis."
  • "MFA and P2 licenses for two Azures for fully-enabled scenarios and features cost a lot of money. This is where Okta is trying to get the prices down."
  • "We are a non-profit organization, so we get good prices from Microsoft for their products. It is working well, but it could be cheaper. For the type of organization we are, it would be good if they could give a little bit more and be more generous like Google, which has completely free services. Microsoft has free versions or web services called Office 365 E1, which is free for use, but we want to have it with more qualified clients."
  • "We pay about $35 per user."
  • "I think we're on the E3 — I think it was about 35 dollars per user."
  • "We got a good deal. If you get rid of all the products providing features that Azure Suite can provide, then it makes sense cost-wise."
  • "Microsoft has a free version of Azure AD. So, if you don't do a lot of advanced features, then you can use the free version, which is no cost at all because it is underpinning Office 365. Because Microsoft gives it to you as a SaaS, so there are no infrastructure costs whatsoever that you need to incur. If you use the free version, then it is free. If you use the advanced features (that we use), it is a license fee per user."
  • "Make sure that you get the most out of your Office 365 licenses for Azure AD. If you have additional concerns for users who don't have an Office 365 license, consider Azure AD Premium P1 and P2. Be aware that you have to evaluate your license usage beforehand."
  • More Azure Active Directory (Azure AD) Pricing and Cost Advice →

  • "I believe that this solution is priced well. It's the market leader and I think that it's the best solution."
  • "Overall, its pricing is really good. The main difference from all the other vendors is that they have one package that covers all the functionality and modules of the basic PAM, except the add-on modules like adware and server protection. It also doesn't include the licenses for domain controller protection or maybe an API call-related feature. For the basic privileged access management, the bundle pricing is really good, but when it comes to an agent-based solution for advanced cyber protection or application identity managers, it is expensive. Services are also very expensive if you hire the services team from CyberArk, but these guys are really good. For a couple of large banking projects, we had an experience with them. The banks wanted to have things quickly and efficiently, so we had to hire them. If we take four weeks, these guys can do everything on a weekend. They charge quite a big sum of money, but they know the system well."
  • "The price of this solution is quite reasonable."
  • "The solution is very expensive and requires a license. We pay for an enterprise license."
  • "Pricing is quite high and it could be improved."
  • "They have two types of licensing: purchase and subscription. You have to pay for each admin user, such as Microsoft admin, mail admin, database admin, etc."
  • "The price of CyberArk support could be a little bit less. Otherwise, pricing is fine."
  • "Before we bought it, they were licensing each function individually, which got complicated and very expensive. When we decided to buy it, it was much more straightforward and still quite expensive, but it brings a lot of value and risk reduction to the organization."
  • More CyberArk Privileged Access Manager Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Single Sign-On (SSO) solutions are best for your needs.
    634,550 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:It has things like conditional access. For example, if someone is accessing sensitive information, then we could force them to do multi-factor authentication. Therefore, we can stop access if it is… more »
    Top Answer:Pricing-wise, they offer a stepladder approach. You can start with the lowest level features, then start increasing based on new requirements.
    Top Answer:Compared to what we can do on-prem, Azure AD lacks a feature for multiple hierarchical groups. For example, Group A is part of group B. Group B is part of group C. Then, if I put someone into group A… more »
    Top Answer:We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the… more »
    Top Answer:Within the solution, I love the fact that everything is recorded. The configuration capabilities are great, too.
    Ranking
    1st
    Views
    23,978
    Comparisons
    18,481
    Reviews
    97
    Average Words per Review
    918
    Rating
    8.7
    Views
    29,761
    Comparisons
    19,166
    Reviews
    26
    Average Words per Review
    965
    Rating
    8.3
    Comparisons
    Also Known As
    Azure Active Directory
    CyberArk Privileged Access Security
    Learn More
    CyberArk
    Video Not Available
    Overview


    Azure Active Directory (Azure AD), part of Microsoft Entra, is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.

    Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps your employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on your corporate intranet network, along with any cloud apps developed for your own organization.

    Azure AD is intended for:

    • IT admins: As an IT admin, use Azure AD to control access to your apps and your app resources, based on your business requirements. For example, you can use Azure AD to require multi-factor authentication when accessing important organizational resources. You can also use Azure AD to automate user provisioning between your existing Windows Server AD and your cloud apps, including Microsoft 365. Finally, Azure AD gives you powerful tools to automatically help protect user identities and credentials and to meet your access governance requirements.
    • App developers: As an app developer, you can use Azure AD as a standards-based approach for adding single sign-on (SSO) to your app, allowing it to work with a user's pre-existing credentials. Azure AD also provides APIs that can help you build personalized app experiences using existing organizational data. 
    • Microsoft 365, Office 365, Azure, or Dynamics CRM Online subscribers: As a subscriber, you're already using Azure AD. Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically an Azure AD tenant. You can immediately start to manage access to your integrated cloud apps.

    CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

    CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

    Benefits of CyberArk Privileged Access Manager

    Some of CyberArk Privileged Access Manager’s benefits include:

    • The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
    • The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
    • The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

    Reviews from Real Users

    CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

    PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

    Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

    Offer
    Learn more about Azure Active Directory (Azure AD)
    Learn more about CyberArk Privileged Access Manager
    Sample Customers
    Azure Active Directory is trusted by companies of all sizes and industries including Walmart, Zscaler, Uniper, Amtrak, monday.com, and more.
    Rockwell Automation
    Top Industries
    REVIEWERS
    Financial Services Firm17%
    Computer Software Company11%
    Manufacturing Company11%
    Energy/Utilities Company7%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Comms Service Provider11%
    Financial Services Firm11%
    Government7%
    REVIEWERS
    Financial Services Firm26%
    Insurance Company14%
    Healthcare Company8%
    Computer Software Company8%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider14%
    Financial Services Firm14%
    Government6%
    Company Size
    REVIEWERS
    Small Business30%
    Midsize Enterprise13%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise14%
    Large Enterprise67%
    REVIEWERS
    Small Business20%
    Midsize Enterprise12%
    Large Enterprise68%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise15%
    Large Enterprise68%
    Buyer's Guide
    Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager
    August 2022
    Find out what your peers are saying about Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager and other solutions. Updated: August 2022.
    634,550 professionals have used our research since 2012.

    Azure Active Directory (Azure AD) is ranked 1st in Single Sign-On (SSO) with 99 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 35 reviews. Azure Active Directory (Azure AD) is rated 8.8, while CyberArk Privileged Access Manager is rated 8.2. The top reviewer of Azure Active Directory (Azure AD) writes "With multi-factor authentication, we've seen a marked decrease in the number of threats we've seen come through". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". Azure Active Directory (Azure AD) is most compared with Google Cloud Identity, Auth0, Okta Workforce Identity, AWS Directory Service and PingFederate, whereas CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), WALLIX Bastion, Delinea Secret Server, SailPoint IdentityIQ and BeyondTrust Endpoint Privilege Management. See our Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager report.

    We monitor all Single Sign-On (SSO) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.