We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.
"Performance-wise, it is excellent."
"With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent"
"The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution."
"The password management feature is valuable."
"All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information."
"The established sessions on the target systems are fully isolated and the privileged account credentials are never exposed to the end-users or their client applications and devices."
"I found it valuable that CyberArk Privileged Access Manager can be integrated with PTA (privileged threat analytics), and this means that it will tell you if there's a risk to the logins and signs of risk and if risky behavior is observed. It's a good feature. Another good feature is the CPM (central password manager) because it helps you rotate the passwords automatically without involving the admins. It can go and update the scheduled tasks and the services. At the same time, if there's an application where it cannot do all of these, CPM will trigger an automatic email to the application owners, telling them that they should go ahead and change the password. This allows you to manage the account password that CyberArk cannot manage, which helps mitigate the risk of old passwords, where the password gets compromised, and also allows you to manage the security of the domain."
"The most valuable feature of CyberArk Privileged Access Manager is privileged threat analytics."
"The solution allows users to authenticate from home, and the Office 360 integration is advantageous."
"It's a quite comprehensive solution and it scales quite well within our required scale as well, which is very useful."
"Active Directory itself is the best feature it has. It also gives us a single pane of glass for managing user access."
"The cloud security part is very valuable. Security is the most important thing in today's world. With Azure Active Directory, there are some features that tell you how you need to improve your security level. It informs you if you set up certain policies, e.g., this is where my users sign in. It tends to let you know if your organization has been breached with this security set up. Therefore, it is easier to know when you have been breached, especially if you set up a Conditional Access policy for your organization."
"The initial setup was very straightforward."
"The two-step authentication is the most valuable."
"It's a very scalable solution."
"The most valuable features of Azure ID are the single sign-on and OpenID Connect authentication."
"Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge."
"The greatest area of improvement is with the user interface of the Password Vault Web Access component."
"The Vault's disaster recovery features need improvement."
"The major pain point that we have is the capacity of CyberArk due to the sheer volume of NPAs that we are managing. We are a large organization and we have hundreds of thousands of non-personal accounts to manage. We have already found out that there are certain capacity limitations within CyberArk that might introduce performance issues. From my perspective, something that would be valuable would be if the vault could hold more passwords and be more scalable."
"Overall what I would really love to see is the third-party PAS reporter tool pulled more into the overall solution, ideally as its own deployable component service installation package."
"Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use."
"The support services could act faster when people reach out to resolve issues."
"If there is an area that has room for improvement, it's probably working with their support and getting people on the phone. That is hard to do with most products in general, but that seems to be the difficult area. The product is fantastic, but sometimes we want somebody on the phone."
"I would like them to improve the dashboard by presenting the raw data in a more visual way for the logs and events. That would help us understand the reports better."
"Microsoft should work on enhancing its machine-learning algorithm to prevent unnecessary lockouts of users."
"ESAE management, especially the admin tools, could be improved. It should be built in by the vendor, and I shouldn't have to add patches or updates to connect to my domain directly. It should be added by default. The price could be better."
"They should put the features of P1 and P2 into a single license."
"Definitely, the price could be lower. When we moved from AWS to Azure, we started paying more."
"The only improvement would be for everything to be instant in terms of applying changes and propagating them to systems."
"Azure AD does not support legacy authentication protocols, such as NTLM or Kerberos."
"Microsoft services and most familiar third-party applications are currently supported, but we can't find many other platforms that integrate with Office 365 or Azure Active Directory. Microsoft should develop connectors for different applications and collaborate more with other vendors to cover a broader range of applications."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 49 reviews while Microsoft Entra ID is ranked 1st in Access Management with 100 reviews. CyberArk Privileged Access Manager is rated 8.8, while Microsoft Entra ID is rated 8.8. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Microsoft Entra ID writes "Provides a secure environment to easily manage users and assign roles and permissions". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion, SailPoint IdentityIQ and One Identity Safeguard, whereas Microsoft Entra ID is most compared with Google Cloud Identity, Auth0, PingFederate, SailPoint IdentityIQ and Okta Workforce Identity. See our CyberArk Privileged Access Manager vs. Microsoft Entra ID report.
See our list of best Access Management vendors.
We monitor all Access Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.