We performed a comparison between CyberArk Privileged Access Manager, IBM Tivoli Access Manager [EOL], and PingID based on real PeerSpot user reviews.
Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM)."Ensures accounts are managed according to corporate policies."
"AIM has been a great help in automating password retrieval which removes the need for hard-coded credentials."
"You can easily manage more than 4000 accounts with one PSM."
"The password vault and session monitoring are useful."
"The established sessions on the target systems are fully isolated and the privileged account credentials are never exposed to the end-users or their client applications and devices."
"The fact that I can put my vault here in a central location on one net for example, and I'll have a CPM in California, a CPM in Texas, a CPM in New York, a CPM in Florida, and actually be able to grow with my company and not necessarily have to continue to grow my vault until I get to a certain number accounts - yet I can still manage everything across the country, if not the world - I love that. I love the flexibility and the capability of being able to pull those components out."
"It helps our customers in their software requirement imports."
"Provides improved security around having your credentials locked down and rotated regularly."
"SAML 2.0."
"The Verify feature: A push method which customers are going for."
"The integration effort with the end application is quite straightforward and easy."
"Single Sign-On functionality is valuable because the core purpose of the product is to allow universal (or bespoke) SSO for application suites."
"OAuth 2 is now the de facto standard for API protection and scoped authorized delegation. IBM TAM now supports OAuth 2 and can act as fully compliant OAuth 2 authorization server."
"I like the self-service feature. The 502 and UBP systems are also excellent. PingID's ability to authenticate with SSH, RDP, and Windows login is pretty handy. It covers the entire spectrum of use."
"It provides ease of connecting all our devices."
"I find the auto-discovery feature the most valuable. It helps us automate a lot of things using a single password across applications."
"It is a scalable solution...It is a stable solution."
"The solution has a smooth and configurable user interface for single sign-on capabilities."
"It gets a mobility portal in place in conjunction with Office 365. It provides very good possibilities and it's much better than other technology that we have used before which was unstable and slower."
"The mobile biometric authentication option improved user experience. It's always about security because, with two-factor authentication, it's always a separate device verifying the actual user logging in."
"The solution is stable. We haven't experienced any bugs or glitches."
"The current user interface is a little dated. However, I hear there are changes coming in the next version."
"There is a lot of room for improvement in the report section. I also work on other tools, such as Thycotic, which allows you to create customized reports for your organization's needs. In CyberArk, there are limited reports, whereas in Thycotic or some of the other PAM tools, because the database is different, you can customize the report based on your needs through SQL queries."
"I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine."
"The authentication port is available in CyberArk Alero but not Fortinet products."
"Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge."
"Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up."
"The scalability, sometimes, is lacking. It works really well for more static environments... But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up."
"I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs.""
"The self-service portal needs improvement."
"The profiling element is incredibly robust, but also equally as complex, it requires an off-site course to be able to understand the context or the plethora of options available."
"An Amazon Machine Image (AMI) for the newer appliance versions for hosting the virtual appliances on AWS will help."
"Looking at their roadmap, they have a broad grasp of the security features which the industry needs."
"Multi-factor authentication with social integration needs to improve."
"PingID would benefit from a better user interface for integration."
"The management console needs to be improved. PingID should revise it."
"The product is not customizable."
"We have encountered instances where it is not easy to do authentication."
"PingID's device management portal should be more easily accessible via a link. They provide no link to the portal like they do for the service. The passwordless functionality could be more comprehensive. You can't filter based on hardware devices. Having that filtering option would be great. Device authentication would be a great feature."
"If the solution is going to compete with Microsoft, they need to offer more unique functionality to keep their current user base."
"PingID classifies the type of environment into internal and external, which is an area for improvement because you need to take additional steps to trust internal and external users."
"They could use some bio-certification. It's just more user-friendly and more convenient than entering the one time passes. That would be an improvement."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
More IBM Tivoli Access Manager [EOL] Pricing and Cost Advice →
Earn 20 points