Try our new research platform with insights from 80,000+ expert users

CyberArk Privileged Access Manager vs ForgeRock comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CyberArk Privileged Access ...
Average Rating
8.6
Reviews Sentiment
6.8
Number of Reviews
224
Ranking in other categories
User Activity Monitoring (1st), Enterprise Password Managers (2nd), Privileged Access Management (PAM) (1st), Mainframe Security (2nd), Operational Technology (OT) Security (3rd)
ForgeRock
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
30
Ranking in other categories
Identity Management (IM) (13th), Access Management (11th), Customer Identity and Access Management (CIAM) (6th)
 

Featured Reviews

Abdul Durrani - PeerSpot reviewer
Enables granular and secure access with just-in-time access and Zero Trust model
CyberArk provides a good amount of control over access types. However, as a future enhancement, having additional features for cross-platform integration would be beneficial. It would be good to have integrations with other tools and firewalls, such as Zscaler and CrowdStrike. Although I am not fully aware of recent updates, more cross-platform integration would be valuable. A SOC analyst would like to have centralized access in terms of information flowing in even for privileged access management. They would like to have control over everything instead of opening four to five tabs for different sorts of information. Cross-platform integration would help with that. Customers also want CyberArk's pricing to be better so that they can implement it further and have more licenses. Implementing a privileged access management solution can be challenging. It would be great if CyberArk could provide recommendations based on the compliance standards of an organization. It would help system admins ensure that all the required ports are closed and the systems are being managed properly. If any system is not being used anymore, any ports opened for that system need to be closed. Having such recommendations would be helpful.
Ahmet Murat Ülker - PeerSpot reviewer
Easy to use, but customizations can be complicated to handle
I would suggest others use the product after asking them to consider their use cases. SSO may be a use case for some, and using the product as an IDM tool may be a use case. At the moment, my company is not deploying all the components of ForgeRock itself. My company uses ForgeRock for OAuth 2.0. For example, my company is not deploying the IDM and identity gateway components. You should consider your use case and select the required components for that use case. My company does not use the SSO features of the tool. My company uses SSO to access ForgeRock's AM Console for individual users. My company does not use single sign on features of the product and instead, we use Auth0. I rate the tool a seven or eight out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The password protection itself is the most important feature. It's something we didn't have before."
"I like the integrations for external applications."
"Their legacy of more than 20 years is very valuable. It brings a lot of stability to the product and a wide variety of integration with the ecosystem. Because of these factors, it has also been very successful in deployment. So, the legacy and integration with other technologies make the PAM platform very stable and strong. In terms of features, most of the other vendors are still focusing just on the privileged access management or session recording, but CyberArk has incorporated artificial intelligence to make PAM a more proactive system. They have implemented threat analytics into this, and there is also a lot of focus on domain controller production, Windows Server protection, and stuff like that. They have also further advanced it with the security on the cloud and DevOps systems. They have a bundle licensing model, which really helps. They don't have a complex licensing model. Even though in our market, people say CyberArk is expensive as compared to some of the other products, but in terms of overall value and as a bundling solution, it is an affordable and highly scalable product."
"The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task."
"The feature that I like the most is the Privileged Session Manager."
"The automatic change of the password and Privileged Session Manager (PSM) are the most valuable features. With Privileged Session Manager, you can control the password management in a centralized way. You can activate these features in a session; the session isolation and recording. You apply the full intermediation principle. So, you must pass through CyberArk PAM to get access to the target system. You don't need to know the password, and everything that you do is registered and auditable. In this case, no one gets to touch the password directly. Also, you can implement detection and response behavior in case of a breach."
"Technical support has been very responsive in navigating challenges. It is very easy to open a ticket."
"The most beneficial feature in CyberArk Privileged Access Manager is its simple user interface."
"Easy to navigate, handle and manage the applications."
"ForgeRock products are customizable, and the out-of-the-box features are solid, too. I primarily use the OIDC compliance features. It's just a configuration. it's easy to set up and customize trees. We can add our own features if necessary. Banks and corporations have different standards and specific validations."
"The solution is very scalable. We have a lot of users that have been increasing over the years that we have been using it. We have approximately 20,000 users."
"I like the way it is handling authentication and authorization."
"The support is good and prompt."
"We used it to implement multi-factor authentication and to improve our security posture as well as reducing the potential for attacks."
"Their access management solution, OpenAM, is most valuable because it meets the needs of a lot of users."
"Installation and configuration are pretty easy for ForgeRock OpenIDM."
 

Cons

"The initial setup can get complex."
"This is probably a common thing, but they do ask for a lot of log files, a lot of information. They ask you to provide a lot of information to them before they're willing to give you anything at all upfront. It would be better if they were a little more give-and-take upfront: "Why don't you try these couple of things while we take your log files and stuff and go research them?" A little bit of that might be more helpful."
"CyberArk Enterprise Password Vault can improve the distributive vault feature. Distributing the vault in multiple areas and multiple data centers should improve."
"CyberArk reporting is notoriously poor, offering about 5 reports out of the box. I am certified in Delinea, which includes 60 reports plus a custom report generator out of the box. Improved reporting would be beneficial."
"In CyberArk Privileged Access Manager, the UI has room for improvement, as does the dashboard reporting, which could be made better or easier to use."
"Based on the user experience that I see on a day-to-day basis, some changes could be made to the Privileged Session Manager tool to make it more user-friendly. The user interface of that tool could be more advanced and understandable to laymen, rather than being more of a developer tool."
"Updates have been somewhat difficult, resulting in challenges when moving from one version to another. The current version includes automatic updates."
"The tool needs to improve its usage and interface. They need to have a modern and useful interface. I want the product to improve its integration capabilities as well since some of the integration features do not work always."
"It should be a little bit easier to implement. It is user-friendly, but there is always scope for improvement."
"The identity management model needs a bit of improvement."
"The solution requires more simplified customization. However, part of the problem is my clients determining their own preferences. Technology can help and do many things, but you have to define your own policies to ensure that the solution or service works within those parameters. Helping customers understand their business and different processes is another issue not relating to the functionality of this solution."
"As with any complex software platform, there is a learning curve to using ForgeRock, and it may require specialized expertise to implement and manage effectively."
"We raised tickets asking for improvements, but sometimes we don't get the proper solution. They are responding, but the ticket is open for weeks and weeks. For some issues, we don't get a satisfactory solution or the solution doesn't work."
"The solution's documentation is not very good, and they do not give more details."
"In an upcoming release, the solution could improve by limiting the need to do customizations."
"We would like this solution to be developed for use with mobile applications."
 

Pricing and Cost Advice

"Pricing is a problem. CyberArk is expensive compared to other products I know. It is similar to buying a German car. It comes with all the bells and whistles, but some companies may find it too expensive."
"This solution is considered to be more expensive than others out there on the market today."
"The solution is available at a high price"
"It can be an expensive product."
"CyberArk is one of the best PAM solutions and one of the most expensive, but it works better than the others, so the pricing is fair."
"Payments have to be made on a yearly basis toward the licensing costs of the solution."
"The price of this solution is expensive."
"Overall, its pricing is really good. The main difference from all the other vendors is that they have one package that covers all the functionality and modules of the basic PAM, except the add-on modules like adware and server protection. It also doesn't include the licenses for domain controller protection or maybe an API call-related feature. For the basic privileged access management, the bundle pricing is really good, but when it comes to an agent-based solution for advanced cyber protection or application identity managers, it is expensive. Services are also very expensive if you hire the services team from CyberArk, but these guys are really good. For a couple of large banking projects, we had an experience with them. The banks wanted to have things quickly and efficiently, so we had to hire them. If we take four weeks, these guys can do everything on a weekend. They charge quite a big sum of money, but they know the system well."
"Its licensing is on a yearly basis, but it also depends on the contract that you have with the vendor. They have multiple types of contracts. There are additional costs to the standard licensing fees. If you need some of the features, you have to pay more."
"ForgeRock is an expensive solution."
"We have multiple clients we are looking at right now. We are at a very small number, however, the idea and the goal is to grow. We are looking at about $100,000 and $50,000 a minimum a month cost. That'd be minimum maybe in a couple of years."
"Its price is comparable to other products in the market."
"It's a bit pricey and could be more competitive."
"ForgeRock's pricing is more competitive than other products."
"The pricing of the solution is fair but I do not have the full details."
"The license is purchased annually per user. However, you can negotiate if you are signing for a longer period of time. When comparing this solution to others on the market it is priced fair, it is not at the top of the price range or at the bottom end."
report
Use our free recommendation engine to learn which Access Management solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
16%
Computer Software Company
14%
Financial Services Firm
14%
Manufacturing Company
7%
Financial Services Firm
24%
Computer Software Company
12%
Insurance Company
7%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does Sailpoint IdentityIQ compare with CyberArk PAM?
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the m...
What do you like most about CyberArk Privileged Access Manager?
The most valuable features of the solution are control and analytics.
What do you like most about ForgeRock?
The most valuable features of ForgeRock are social login and data protection.
What is your experience regarding pricing and costs for ForgeRock?
Our company was considering switching back to Keycloak from ForgeRock, so as to not pay any license fees. ForgeRock also supports M-PIN and biometric features that Keycloak does not provide. My com...
What needs improvement with ForgeRock?
In the past, I saw that Splunk was integrated with a testing portal, and then it was integrated with Slack. I don't think ForgeRock directly supports integrations with Slack, making it an area wher...
 

Also Known As

CyberArk Privileged Access Security, CyberArk Enterprise Password Vault
ForgeRock Identity Platform, ForgeRock OpenIDM
 

Overview

 

Sample Customers

Rockwell Automation
Geico, Thomson Reuters, Salesforce, McKesson, Trinet, SKY, BNP Paribas, Deloitte, Capgemini, North Western University
Find out what your peers are saying about CyberArk Privileged Access Manager vs. ForgeRock and other solutions. Updated: June 2025.
861,390 professionals have used our research since 2012.