Try our new research platform with insights from 80,000+ expert users

CyberArk Privileged Access Manager vs ForgeRock comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CyberArk Privileged Access ...
Average Rating
8.6
Reviews Sentiment
6.8
Number of Reviews
224
Ranking in other categories
User Activity Monitoring (1st), Enterprise Password Managers (2nd), Privileged Access Management (PAM) (1st), Mainframe Security (2nd), Operational Technology (OT) Security (3rd)
ForgeRock
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
30
Ranking in other categories
Identity Management (IM) (13th), Access Management (11th), Customer Identity and Access Management (CIAM) (6th)
 

Featured Reviews

Abdul Durrani - PeerSpot reviewer
Enables granular and secure access with just-in-time access and Zero Trust model
CyberArk provides a good amount of control over access types. However, as a future enhancement, having additional features for cross-platform integration would be beneficial. It would be good to have integrations with other tools and firewalls, such as Zscaler and CrowdStrike. Although I am not fully aware of recent updates, more cross-platform integration would be valuable. A SOC analyst would like to have centralized access in terms of information flowing in even for privileged access management. They would like to have control over everything instead of opening four to five tabs for different sorts of information. Cross-platform integration would help with that. Customers also want CyberArk's pricing to be better so that they can implement it further and have more licenses. Implementing a privileged access management solution can be challenging. It would be great if CyberArk could provide recommendations based on the compliance standards of an organization. It would help system admins ensure that all the required ports are closed and the systems are being managed properly. If any system is not being used anymore, any ports opened for that system need to be closed. Having such recommendations would be helpful.
Ahmet Murat Ülker - PeerSpot reviewer
Easy to use, but customizations can be complicated to handle
I would suggest others use the product after asking them to consider their use cases. SSO may be a use case for some, and using the product as an IDM tool may be a use case. At the moment, my company is not deploying all the components of ForgeRock itself. My company uses ForgeRock for OAuth 2.0. For example, my company is not deploying the IDM and identity gateway components. You should consider your use case and select the required components for that use case. My company does not use the SSO features of the tool. My company uses SSO to access ForgeRock's AM Console for individual users. My company does not use single sign on features of the product and instead, we use Auth0. I rate the tool a seven or eight out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"CyberArk's capabilities and functionality outperform other solutions."
"Password Vault's policy configuration is very good - when you receive an attack, you can segment the structure of the project in order to isolate parts or users."
"The solution is highly stable."
"If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network."
"I found it valuable that CyberArk Privileged Access Manager can be integrated with PTA (privileged threat analytics), and this means that it will tell you if there's a risk to the logins and signs of risk and if risky behavior is observed. It's a good feature. Another good feature is the CPM (central password manager) because it helps you rotate the passwords automatically without involving the admins. It can go and update the scheduled tasks and the services. At the same time, if there's an application where it cannot do all of these, CPM will trigger an automatic email to the application owners, telling them that they should go ahead and change the password. This allows you to manage the account password that CyberArk cannot manage, which helps mitigate the risk of old passwords, where the password gets compromised, and also allows you to manage the security of the domain."
"We like it for the ability to automatically change passwords. At least for my group, that's the best thing."
"The password rotation and cyber gateway have been quite useful."
"It is a robust product."
"Their access management solution, OpenAM, is most valuable because it meets the needs of a lot of users."
"The product is easy to use in a development environment."
"Easy to navigate, handle and manage the applications."
"ForgeRock products are customizable, and the out-of-the-box features are solid, too. I primarily use the OIDC compliance features. It's just a configuration. it's easy to set up and customize trees. We can add our own features if necessary. Banks and corporations have different standards and specific validations."
"Installation and configuration are pretty easy for ForgeRock OpenIDM."
"Easy to customize and adaptable to any environment."
"The solution integrates well and it is important for them to keep up with the current trends in the market quickly enough, and they have been doing a good job at it."
"The support is good and prompt."
 

Cons

"The current user interface is a little dated. However, I hear there are changes coming in the next version."
"They need to provide better training for the System Integrator."
"There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution."
"The product is very vaulting-focused. I'd love to see it expanding its capabilities a bit further into areas like just-in-time elevation, and access with non-vaulted credentials."
"There is a lot of room for improvement in the report section. I also work on other tools, such as Thycotic, which allows you to create customized reports for your organization's needs. In CyberArk, there are limited reports, whereas in Thycotic or some of the other PAM tools, because the database is different, you can customize the report based on your needs through SQL queries."
"I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides."
"It is only good as a PAM solution. If they could work more on Privileged Threat Analytics, it would be beneficial. It has limitations, so improvements on PTA would be fine."
"CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift."
"In an upcoming release, the solution could improve by limiting the need to do customizations."
"I find that it's quite expensive for just an open-source system. Support is quite expensive."
"Automatic Deployment needs improvement. it could be made easier."
"The solution's deployment should be made easier."
"It should be a little bit easier to implement. It is user-friendly, but there is always scope for improvement."
"The user interface could be improved as it is cumbersome and outdated. It doesn't have a responsive UI."
"As with any complex software platform, there is a learning curve to using ForgeRock, and it may require specialized expertise to implement and manage effectively."
"The product's customization is a bit complicated."
 

Pricing and Cost Advice

"This solution is expensive."
"Payments have to be made on a yearly basis toward the licensing costs of the solution."
"It's an affordable platform."
"It costs us around $200 per user."
"CyberArk is very expensive and there are additional fees for add-ons."
"It's not a cheap application. It's very expensive."
"Its price can be reduced."
"My company always complains about the cost of CyberArk Privileged Access Manager because it's too high."
"Its licensing is on a yearly basis, but it also depends on the contract that you have with the vendor. They have multiple types of contracts. There are additional costs to the standard licensing fees. If you need some of the features, you have to pay more."
"The pricing of the solution is fair but I do not have the full details."
"We have multiple clients we are looking at right now. We are at a very small number, however, the idea and the goal is to grow. We are looking at about $100,000 and $50,000 a minimum a month cost. That'd be minimum maybe in a couple of years."
"ForgeRock is an expensive solution."
"Its price is comparable to other products in the market."
"The license is purchased annually per user. However, you can negotiate if you are signing for a longer period of time. When comparing this solution to others on the market it is priced fair, it is not at the top of the price range or at the bottom end."
"It's a bit pricey and could be more competitive."
"ForgeRock's pricing is more competitive than other products."
report
Use our free recommendation engine to learn which Access Management solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
16%
Computer Software Company
14%
Financial Services Firm
14%
Manufacturing Company
7%
Financial Services Firm
24%
Computer Software Company
12%
Insurance Company
7%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does Sailpoint IdentityIQ compare with CyberArk PAM?
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the m...
What do you like most about CyberArk Privileged Access Manager?
The most valuable features of the solution are control and analytics.
What do you like most about ForgeRock?
The most valuable features of ForgeRock are social login and data protection.
What is your experience regarding pricing and costs for ForgeRock?
Our company was considering switching back to Keycloak from ForgeRock, so as to not pay any license fees. ForgeRock also supports M-PIN and biometric features that Keycloak does not provide. My com...
What needs improvement with ForgeRock?
In the past, I saw that Splunk was integrated with a testing portal, and then it was integrated with Slack. I don't think ForgeRock directly supports integrations with Slack, making it an area wher...
 

Also Known As

CyberArk Privileged Access Security, CyberArk Enterprise Password Vault
ForgeRock Identity Platform, ForgeRock OpenIDM
 

Overview

 

Sample Customers

Rockwell Automation
Geico, Thomson Reuters, Salesforce, McKesson, Trinet, SKY, BNP Paribas, Deloitte, Capgemini, North Western University
Find out what your peers are saying about CyberArk Privileged Access Manager vs. ForgeRock and other solutions. Updated: June 2025.
861,390 professionals have used our research since 2012.