We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.
"It is a central point where we provide the cloud lock-in for our company. We focus the multi-factor authentication within Azure AD before jumping to other clouds or software as a service offerings. So, it is the central point when you need to access something for our company within the cloud. You go to Azure AD and can authenticate there, then you move from there to the target destination or the single sign-on."
"This solution is less time-consuming. We don't have to hire as many resources to give permissions to a particular user or group for any application."
"We use BitLocker for policy enforcement. And now, because of the Microsoft 365 Business Premium package, we get Intune as a part of it. That's very useful for us for setting policies and managing the systems. The biggest strength of Azure AD is Intune."
"Installation is straightforward. It only took a couple of hours to set everything up."
"Technical support has been great."
"Active Directory Federation Services (ADFS) stores the identities of our customers."
"Multi-factor authentication (MFA) has improved our customers' security posture. Multi-factor authentication has two layers of authentication, which helps in case you input your credentials into a phishing website and then it has access to your credentials. So if they use your credentials, then you have proof on your phone that was sent to the end user."
"The scalability capabilities are quite high."
"We also use CyberArk’s Secrets Manager. Because AWS is the biggest area for us, we have accounts in AWS that are being rotated by CyberArk. We also have a manual process for the most sensitive of our AWS accounts, like root accounts. We've used Secrets Manager on those and that has resulted in a significant risk reduction, as well."
"The automatic password management is the most important feature. The second most important feature is the ability to enforce dual control on the release of those passwords. The combination of these two features is the most important thing for us because we can show that we're in control of who uses any non-personal account, and when they do so."
"Within the solution, I love the fact that everything is recorded. The configuration capabilities are great, too."
"I found it valuable that CyberArk Privileged Access Manager can be integrated with PTA (privileged threat analytics), and this means that it will tell you if there's a risk to the logins and signs of risk and if risky behavior is observed. It's a good feature. Another good feature is the CPM (central password manager) because it helps you rotate the passwords automatically without involving the admins. It can go and update the scheduled tasks and the services. At the same time, if there's an application where it cannot do all of these, CPM will trigger an automatic email to the application owners, telling them that they should go ahead and change the password. This allows you to manage the account password that CyberArk cannot manage, which helps mitigate the risk of old passwords, where the password gets compromised, and also allows you to manage the security of the domain."
"All of the features of CyberArk Privileged Access Manager are valuable."
"Performance-wise, it is excellent."
"The password management feature is valuable."
"I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault."
"The solution has not saved costs. While we’ve eliminated some tools, there are some other features that we are dependent on as admin, which are not yet integrated with Azure AD."
"I would like it if Intune could manage MacOS or iOS directly. Right now, we have to use a third-party solution."
"The technical support can be confusing - if you're looking for something very specific, it can be hard to get the right answer or a solution."
"Something that can be improved is their user interface"
"In terms of connecting the web application, there is technology for single sign-on. When we use it, the solution opens very slowly. It might be a bandwidth issue, and some content will not work on that portal."
"Microsoft is working with Microsoft Identity Manager for Active Directory on-premise. It will be very important to have these identity management solutions directly in Azure Active Directory. It's very important to have some kind of Azure identity manager as a technology for identity and access management for working both in the cloud and inside the Azure suite."
"We have a lot of freedom in using the Group Policy Objects and, although Group Policy Objects are part of Azure Active Directory, there are still a lot of things that can be improved, such as providing local admin rights to a user. There are various, easy ways that I can do that in the on-premises version, but in the cloud version, it is a bit difficult. You have to create a bunch of policies to make it work."
"Its integration with open-source applications can be improved. I know that they are working on open-source authentication methods for integration with open-source applications, but they can make it more open."
"Report creation could be improved. The policies could be more customized."
"The solution could improve by adding more connectors."
"It can be integrated with other systems, but it is not easy to integrate. It takes too long to integrate it. Its integration should be easier and simpler."
"They need to provide better training for the System Integrator."
"What could be improved in CyberArk Privileged Access Manager is the licensing model. It should be more flexible in terms of the users. Currently, it's based on the number of users, but many users only log in once in four months or once in five months. It would be great if the licensing model could be modified based on user needs. We even have users who have not logged in even once."
"The turnaround time for technical support is lengthy."
"CyberArk Privileged Access Manager could improve the integration with other solutions and ease of use. Additionally, there should be a feature to have remote connections without a VPN."
"CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift."
More Azure Active Directory (Azure AD) Pricing and Cost Advice →
More CyberArk Privileged Access Manager Pricing and Cost Advice →
Azure Active Directory (Azure AD) is ranked 1st in Single Sign-On (SSO) with 101 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 38 reviews. Azure Active Directory (Azure AD) is rated 8.8, while CyberArk Privileged Access Manager is rated 8.2. The top reviewer of Azure Active Directory (Azure AD) writes "With multi-factor authentication, we've seen a marked decrease in the number of threats we've seen come through". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". Azure Active Directory (Azure AD) is most compared with Google Cloud Identity, Auth0, PingFederate, AWS Directory Service and Okta Workforce Identity, whereas CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion, SailPoint IdentityIQ and One Identity Safeguard. See our Azure Active Directory (Azure AD) vs. CyberArk Privileged Access Manager report.
We monitor all Single Sign-On (SSO) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.