We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.
"The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution."
"On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need."
"There are no issues with scalability. Our clients are very happy to use the product."
"It is a robust product."
"CyberArk has resulted in a massive increase in our security footprint."
"We like it for the ability to automatically change passwords. At least for my group, that's the best thing."
"The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task."
"I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes that can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors."
"Azure Active Directory provides us with identity-based authentication, which secures access at the user level and also integrates with conditional access policies and multi-factor authentication helping to increase the identity security for that person. So, the hacking and leaking of passwords is a secondary problem because you will not authenticate a person with one factor. There is a second factor of authentication available to increase the security premise for your company."
"Syncing with our on-prem Active Directory is valuable because we do not have to keep multiple identities for each of our staff members. We can easily evaluate login risks and provide access for SSO via 365 into applications, such as Salesforce, and other things that we run our business on."
"The most valuable feature is its ability to act as an identity provider for other cloud-based, SaaS applications. In our bank, this is the main identity provider for such features."
"Azure Active Directory provides access to resources in a very secure manner. We can detect which user is logging in to access resources on the cloud. It gives us a comprehensive audit trace in terms of from where a user signed in and whether a sign-in is a risky sign-in or a normal sign-in. So, there is a lot of security around the access to resources, which helps us in realizing that a particular sign-in is not a normal sign-in. If a sign-in is not normal, Azure Active Directory automatically blocks it for us and sends us an email, and unless we allow that user, he or she won't be able to log in. So, the User Identity Protection feature is the most liked feature for me in Azure Active Directory."
"This solution serves as the basis to understand the MS SSO and MFA capabilities."
"The most valuable feature is the factor identification. I find that it is natural integration, and it is just a natural step. I do not need to do anything else."
"The tool's most valuable feature is conditional access."
"Personally, I'm a great fan of Azure Active Directory due to the security and compliance features that are there in the classic or default Azure Active Directory."
"it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs."
"CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well."
"The documentation is rather basic and it is missing many use cases."
"Initial setup is complex. Lots of architecture, lots of planning, and lots of education and training are needed."
"There were a lot of manual steps in the initial setup which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5."
"More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet."
"I would like to see is the policy export and import. When we expend, we do not want to just hand do a policy."
"The product is very vaulting-focused. I'd love to see it expanding its capabilities a bit further into areas like just-in-time elevation, and access with non-vaulted credentials."
"I want better integration between Azure AD and the on-prem environment because there are currently limitations that can hamper employee experience. We use a feature called password writeback, that can be challenging to implement in a hybrid environment. Employees can change their passwords using a self-service password reset (SSPR) feature, which reflects from the cloud to the on-prem identity, but not the other way around. Currently, there is no way to reflect passwords from on-prem identities to the cloud."
"The solution could be improved when it comes to monitoring and logging as these are the most critical areas in case something was to go wrong."
"The monitoring dashboard could be a bit better."
"There are some features, where if you want to access them, then you need to make use of PowerShell. If someone is not really versed in PowerShell scripting, then they would definitely have issues using some of those features in Azure Active Directory."
"The scalability of the solution is good."
"Some systems do not integrate very well with Azure AD. We thought of going for Okta, but later on we were able to achieve it, but not the way we wanted. It was not as easy as we thought it would be. The integration was not very seamless."
"The onboarding process for new users can be improved. It can be made simpler for people who have never registered to Azure AD previously and need to create an account and enable the MFA. The initial setup can be made simpler for non-IT people. It should be a bit simpler to use. Unless you get certifications, such as AZ-300 and AZ-301, it is not a simple thing to use at the enterprise scale."
"My problem with Azure AD is that it's designed for medium to large systems, and we're not that large."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews while Microsoft Entra ID is ranked 1st in Access Management with 190 reviews. CyberArk Privileged Access Manager is rated 8.8, while Microsoft Entra ID is rated 8.6. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Microsoft Entra ID writes "Allows users to authenticate from home and has excellent integrations in a simple, stable solution". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and Zscaler Internet Access, whereas Microsoft Entra ID is most compared with Microsoft Intune, Google Cloud Identity, Yubico YubiKey, Cisco Duo and Auth0. See our CyberArk Privileged Access Manager vs. Microsoft Entra ID report.
See our list of best Access Management vendors.
We monitor all Access Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
