CyberArk Privileged Access Manager vs ForgeRock vs One Identity Safeguard comparison

CyberArk and Ping Identity are both solutions in the Access Management category. Additionally, 95% of CyberArk users are willing to recommend the solution, compared to 92% of Ping Identity users who would recommend it.

CyberArk Privileged Access ...

Read 225 CyberArk Privileged Access Manager reviews

17,191 Views
6,704 Comparison Views

95% willing to recommend

ForgeRock

Read 30 ForgeRock reviews

4,336 Views
2,125 Comparison Views

92% willing to recommend

One Identity Safeguard

Read 45 One Identity Safeguard reviews

3,728 Views
2,610 Comparison Views

93% willing to recommend

CyberArk Privileged Access ...

ForgeRock

One Identity Safeguard

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between CyberArk Privileged Access Manager, ForgeRock, and One Identity Safeguard based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Auth0, Ping Identity and others in Access Management.

To learn more, read our detailed Access Management Report (Updated: July 2025).

Buyer's Guide

Access Management

July 2025

Download the complete report

Helped 865,164 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Featured Reviews

Abdul Durrani

Security Manager at Insight

Enables granular and secure access with just-in-time access and Zero Trust model

CyberArk provides a good amount of control over access types. However, as a future enhancement, having additional features for cross-platform integration would be beneficial. It would be good to have integrations with other tools and firewalls, such as Zscaler and CrowdStrike. Although I am not fully aware of recent updates, more cross-platform integration would be valuable. A SOC analyst would like to have centralized access in terms of information flowing in even for privileged access management. They would like to have control over everything instead of opening four to five tabs for different sorts of information. Cross-platform integration would help with that. Customers also want CyberArk's pricing to be better so that they can implement it further and have more licenses. Implementing a privileged access management solution can be challenging. It would be great if CyberArk could provide recommendations based on the compliance standards of an organization. It would help system admins ensure that all the required ports are closed and the systems are being managed properly. If any system is not being used anymore, any ports opened for that system need to be closed. Having such recommendations would be helpful.

Read full review

Ahmet Murat Ülker

Devops Engineer and Trainer at a tech vendor with 1-10 employees

Easy to use, but customizations can be complicated to handle

I would suggest others use the product after asking them to consider their use cases. SSO may be a use case for some, and using the product as an IDM tool may be a use case. At the moment, my company is not deploying all the components of ForgeRock itself. My company uses ForgeRock for OAuth 2.0. For example, my company is not deploying the IDM and identity gateway components. You should consider your use case and select the required components for that use case. My company does not use the SSO features of the tool. My company uses SSO to access ForgeRock's AM Console for individual users. My company does not use single sign on features of the product and instead, we use Auth0. I rate the tool a seven or eight out of ten.

Read full review

Tor Nordhagen

Executive Director at Semaphore

Transparent mode for privileged sessions will greatly simplify our client's administrative situation

We're introducing the solution's transparent mode for privileged sessions. This is part of what the client hasn't used before. It will simplify their administrative situation greatly. So far, the rollout of this feature has been a seamless process, but we're still in the midst of rolling it out. The benefits will be on the risk side. Right now, the way accounts are managed, you don't necessarily know who is using an account. There's a shared admin account, and that's not a good thing. And those accounts are shared in wallets by several people. One of the real benefits of safeguarding here is that the client will have an absolute audit of who is using an administrative interface, whether it's server or network.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information."

"The established sessions on the target systems are fully isolated and the privileged account credentials are never exposed to the end-users or their client applications and devices."

"The most important feature is managing the credentials and implementing those policies which rotate the credentials. Session Manager is also key in not letting the users have access to those credentials. Instead, CyberArk actually manages everything by itself."

"It enables companies to automate password management on target systems gaining a more secure access management approach."

"Performance-wise, it is excellent."

"Identity and access management are fundamental in cybersecurity."

"Considering all those factors and being the best tool in the market for Privileged Access Management, it is recommended."

"I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes that can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors."

More CyberArk Privileged Access Manager pros

"The solution integrates well and it is important for them to keep up with the current trends in the market quickly enough, and they have been doing a good job at it."

"The product is easy to use in a development environment."

"The solution is very scalable. We have a lot of users that have been increasing over the years that we have been using it. We have approximately 20,000 users."

"We have found the identity and access management tools in the solution to be particularly useful for our organization."

"Easy to customize and adaptable to any environment."

"The solution's most valuable feature is the authentication for the consumers. The integration with other third-party applications is excellent."

"ForgeRock products are customizable, and the out-of-the-box features are solid, too. I primarily use the OIDC compliance features. It's just a configuration. it's easy to set up and customize trees. We can add our own features if necessary. Banks and corporations have different standards and specific validations."

"We used it to implement multi-factor authentication and to improve our security posture as well as reducing the potential for attacks."

More ForgeRock pros

"The initial setup is very easy."

"From my experience, the features are best for monitoring and the usage of LDAP and SSH."

"The most valuable feature of One Identity Safeguard is the user-friendly interface."

"There are a lot of features, so it's going to sound funny, but one of the most simplistic features, the Favorites feature, is the one we like the best. You do a full run-through of configuration to check out a server and then you can save that whole configuration as a favorite. So the next time you go in, you click on the favorite that you configured and it automatically takes you to the end so you can check the server out that much faster. It saves a lot of time..."

"I have found the most useful feature of One Identity Safeguard to be Privileged Sessions."

"It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage."

"In terms of the user experience, it is a pretty useful product. It works in a good way."

"We don't need to use VPN for remote access."

More One Identity Safeguard pros

Cons

"CyberArk could enhance its usability by simplifying its architecture and design."

"It should be easier to install. It is a comprehensive product, which makes it difficult to install. You need to have their consulting services in order to get it all installed and set up correctly because there is so much going on. It would be nice if there were an easier way to do the installation without professional services. I suspect they get a fair amount of their money from professional services. So, there is not a huge incentive."

"The price is high compared to Azure Key Vault. It's the most expensive solution."

"The issue of technical support is crucial, as there are not many specialized partners available in Brazil to provide this service. While English language support is of good quality, there is a significant shortage of partners capable of meeting the demand locally."

"It's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers."

"CyberArk reporting is notoriously poor, offering about 5 reports out of the box. I am certified in Delinea, which includes 60 reports plus a custom report generator out of the box. Improved reporting would be beneficial."

"Pricing is a concern for me because it is not very user-friendly for startups, new users, or very small organizations."

"It could be more user-friendly. Sometimes I encounter issues, and I do not know what the issue is. It takes a lot of time to find the error and fix it. Sometimes it gives an error, but I do not know what the error is. I have to find the documents, but it does not provide all the details needed to fix the error. This is one of the day-to-day issues with CyberArk."

More CyberArk Privileged Access Manager cons

"The solution requires more simplified customization. However, part of the problem is my clients determining their own preferences. Technology can help and do many things, but you have to define your own policies to ensure that the solution or service works within those parameters. Helping customers understand their business and different processes is another issue not relating to the functionality of this solution."

"Automatic Deployment needs improvement. it could be made easier."

"We're worried about the scaling. We're told it will be okay and there won't be issues, however, I'm not 100% convinced."

"The user interface could be improved as it is cumbersome and outdated. It doesn't have a responsive UI."

"In future releases, I would like to see easier integration with other solutions, like facial recognition and KYC solutions with biometric onboarding."

"Lacks simplified documentation within the tool that requires use of a separate portal."

"The product's support services in the French language are not free."

"The solution's documentation is not very good, and they do not give more details."

More ForgeRock cons

"We have issues using Safeguard to connect to and record from the cloud. Currently, they don't have a mechanism to record this type of connection."

"Transparent mode was too cumbersome, so I don't foresee us being able to use it. On paper when we were initially talking about it, it was definitely going to be the preferred method until we realized the burden it would be on our network guys. Then, we had to step back and reevaluate what we wanted to do. That's when we changed our approach to use the RD Gateway feature."

"The main point regarding the user experience is that Safeguard has two separate management consoles."

"I rate customer support six out of ten. It needs improvement as it can significantly impact customer access."

"One Identity's support is not appropriately structured, and it has a lot of room to improve."

"Our experience with technical support has been disappointing. We require more prompt and faster response times. We require answers to our questions right away but we haven't received that level of support."

"Something for One Identity to look at is having integration guidelines for how to logically group accounts."

"There is room for improvement in the launch module. They built in a launch button but they don't have effective instructions for configuring it to allow it to launch an RDP session. They're working on that, but the button is in the live product. If they were going to install something that wasn't useful, they should have just disabled it and not rolled it out with the product."

More One Identity Safeguard cons

Pricing and Cost Advice

"It's not a cheap application. It's very expensive."

"Its price can be reduced."

"Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product."

"Pricing is a problem. CyberArk is expensive compared to other products I know. It is similar to buying a German car. It comes with all the bells and whistles, but some companies may find it too expensive."

"If you want a Ferrari, it will cost you. The solution is really nice, so it costs the client, but in the long run, it is very good. If you buy a solution that costs a lot to maintain because it is not stable, and you are frequently asking for consultant support, it costs more."

"It can be an expensive product."

"CyberArk Privileged Access Manager is on the expensive side. It is very expensive."

"CyberArk Privileged Access Manager is more expensive than its competitors, such as BeyondTrust, Delinea, and ManageEngine PAM360."

More CyberArk Privileged Access Manager pricing and cost advice

"Its licensing is on a yearly basis, but it also depends on the contract that you have with the vendor. They have multiple types of contracts. There are additional costs to the standard licensing fees. If you need some of the features, you have to pay more."

"ForgeRock is an expensive solution."

"The pricing of the solution is fair but I do not have the full details."

"Its price is comparable to other products in the market."

"The license is purchased annually per user. However, you can negotiate if you are signing for a longer period of time. When comparing this solution to others on the market it is priced fair, it is not at the top of the price range or at the bottom end."

"We have multiple clients we are looking at right now. We are at a very small number, however, the idea and the goal is to grow. We are looking at about $100,000 and $50,000 a minimum a month cost. That'd be minimum maybe in a couple of years."

"ForgeRock's pricing is more competitive than other products."

"It's a bit pricey and could be more competitive."

"It is a bit on the pricey side, but you get what you pay for. You don't want to get anything too cheap because then you get cheap stuff and cheap support. That really never helps anybody."

"We have a yearly license. The cost depends on how much a company wants to invest in technology. In our organization, we believe in modern digitization and automation processes so we found it affordable. One Identity was not that much less than other solutions and it is not a cheap solution. There were number of cheaper solutions. However, it's the most effective, according to our evaluation."

"We bought their other products, so it was not that expensive. It is one of those where the more you buy, the cheaper it is."

"The pricing depends on our perspective, our budget, and, of course, the competitors we are taking into account."

"They have comparable pricing. All identity products are essentially priced in a similar way. It's a per-user base."

"Safeguard is cheaper than CyberArk."

"It is cheaper than CyberArk. Its price is fair."

"The license is around $3,000 per month."

More One Identity Safeguard pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Access Management solutions are best for your needs.

See recommendations

865,164 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

15%

Manufacturing Company

Government

Financial Services Firm

23%

Computer Software Company

12%

Manufacturing Company

Government

Computer Software Company

22%

Financial Services Firm

Comms Service Provider

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

How does Sailpoint IdentityIQ compare with CyberArk PAM?

We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to m...

See all answers

What do you like most about CyberArk Privileged Access Manager?

The most valuable features of the solution are control and analytics.

See all answers

What is your experience regarding pricing and costs for CyberArk Privileged Access Manager?

It's not a cheap application. It's very expensive.

See all answers

What do you like most about ForgeRock?

The most valuable features of ForgeRock are social login and data protection.

See all answers

What is your experience regarding pricing and costs for ForgeRock?

Our company was considering switching back to Keycloak from ForgeRock, so as to not pay any license fees. ForgeRock a...

See all answers

What needs improvement with ForgeRock?

In the past, I saw that Splunk was integrated with a testing portal, and then it was integrated with Slack. I don't t...

See all answers

What do you like most about One Identity Safeguard?

The identity discovery is good, and the performance is pretty good value.

See all answers

What is your experience regarding pricing and costs for One Identity Safeguard?

The pricing of One Identity Safeguard is fairly priced and cheaper than other solutions of the same enterprise level....

See all answers

What needs improvement with One Identity Safeguard?

There is room for improvement in integration between modules. The native integration between SPP and SPS, which is cu...

See all answers

Comparisons

Microsoft Entra ID vs CyberArk Privileged Access Manager

Compared 8% of the time

WALLIX Bastion vs CyberArk Privileged Access Manager

Compared 6% of the time

Delinea Secret Server vs CyberArk Privileged Access Manager

Compared 5% of the time

Cisco Identity Services Engine (ISE) vs CyberArk Privileged Access Manager

Compared 5% of the time

1Password Business vs CyberArk Privileged Access Manager

Compared 3% of the time

More CyberArk Privileged Access Manager Competitors

Microsoft Entra ID vs ForgeRock

Compared 23% of the time

Ping Identity Platform vs ForgeRock

Compared 11% of the time

SailPoint Identity Security Cloud vs ForgeRock

Compared 10% of the time

Auth0 vs ForgeRock

Compared 9% of the time

More ForgeRock Competitors

WALLIX Bastion vs One Identity Safeguard

Compared 15% of the time

SailPoint Identity Security Cloud vs One Identity Safeguard

Compared 8% of the time

One Identity Cloud PAM Essentials vs One Identity Safeguard

Compared 8% of the time

Delinea Secret Server vs One Identity Safeguard

Compared 7% of the time

Fudo PAM vs One Identity Safeguard

Compared 7% of the time

More One Identity Safeguard Competitors

Product Reports

Buyer's Guide

CyberArk Privileged Access Manager

August 2025

CyberArk Privileged Access Manager report

Download CyberArk Privileged Access Manager product report

Buyer's Guide

ForgeRock

August 2025

Download ForgeRock product report

Buyer's Guide

One Identity Safeguard

August 2025

Download One Identity Safeguard product report

Also Known As

CyberArk Privileged Access Security, CyberArk Enterprise Password Vault

ForgeRock Identity Platform, ForgeRock OpenIDM

No data available

Overview

CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

Benefits of CyberArk Privileged Access Manager

Some of CyberArk Privileged Access Manager’s benefits include:

The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

Reviews from Real Users

CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

CyberArk

ForgeRock is a comprehensive open-source identity and access management solution designed to meet the unique needs of your users and workforce. With ForgeRock you can orchestrate, manage, and secure the complete lifecycle of identities in any cloud or hybrid environment. ForgeRock allows you to set up bot detection, identity proofing, and risk-based authentication.

With ForgeRock, you can define access policies and automate the management of the identity lifecycle all from a central, easy to use, and graphical dashboard. ForgeRock Access Management allows you to build safe authentication using options like passwordless and usernameless logins, single sign-on, biometrics, contextual analytics, and behavioral authentication. When threats appear, you can swiftly change how your users access your most sensitive applications and provide users with secure access to the applications, systems, and resources they need on demand.

ForgeRock Benefits and Key Features

Elevate your security and efficiency: Consolidating your legacy systems under one single platform provides reliable, unified control over all your user identities and access-related policies. ForgeRock Access Management also supports scaling existing policies for application onto new setups.
Passwordless authentication: Implementing passwordless authentication is simple with ForgeRock Access Management. You can easily replace user-selected passwords with other options, such as easy multi-factor authentication, biometrics, and SSO.
Identity governance: ForgeRock Identity Governance is a modern, AI-driven identity governance solution. By leveraging ForgeRock generated analysis reports, you can identify and apply appropriate user access, automate high-confidence access approvals, recommend certification for low-risk accounts, and review high-risk and inappropriate user access privileges. In addition, you can grant and enforce access to systems, applications, and infrastructure according to established policies.

Reviews from Real Users

ForgeRock stands out among its competitors for a number of reasons. Two major ones are its robust identity and access tools and its being easy to manage and scale with one central dashboard.

PeerSpot users note the effectiveness of these features. A technology solutions leader at an outsourcing company writes, “We need it for multiple clients, multiple implementations. Not all of them are necessarily a multi-tenant solution. We need a very versatile solution that can do a lot of work, but from a single instance that we can centralize authentications and we don't duplicate the efforts and that's where ForgeRock seems to do better.”

Mohamed B., a cyber security consultant at a tech company, writes, "Their access management solution, OpenAM, is most valuable because it meets the needs of a lot of users. ForgeRock secured our system so that it is accessed only by authorized people, and it implemented the SSO."

Ping Identity

One Identity Safeguard manages and monitors privileged access, enhancing security with features like automatic session recording, real-time monitoring, and credential rotation. It integrates seamlessly, supports compliance with audit trails, and improves operational efficiency across organizations. This robust platform significantly bolsters security protocols while controlling sensitive operations.

One Identity

Sample Customers

Rockwell Automation

Geico, Thomson Reuters, Salesforce, McKesson, Trinet, SKY, BNP Paribas, Deloitte, Capgemini, North Western University

Cavium

Find out what your peers are saying about Microsoft, Auth0, Ping Identity and others in Access Management. Updated: July 2025.

DOWNLOAD NOW

865,164 professionals have used our research since 2012.