Try our new research platform with insights from 80,000+ expert users

CyberArk Privileged Access Manager vs Microsoft Entra ID comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024
 

Categories and Ranking

CyberArk Privileged Access ...
Average Rating
8.6
Number of Reviews
193
Ranking in other categories
User Activity Monitoring (1st), Enterprise Password Managers (2nd), Privileged Access Management (PAM) (1st), Mainframe Security (3rd), Operational Technology (OT) Security (3rd)
Microsoft Entra ID
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
195
Ranking in other categories
Single Sign-On (SSO) (1st), Authentication Systems (1st), Identity Management (IM) (1st), Identity and Access Management as a Service (IDaaS) (IAMaaS) (1st), Access Management (1st), Microsoft Security Suite (4th)
 

Featured Reviews

SatishIyer - PeerSpot reviewer
Jun 21, 2022
Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK
When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time. PTA is essentially the monitoring interface of the broker (e.g. Privileged Access Management, the Vault, CPM, PSM, etc.), and it's where you can capture your broker bypass and perform related actions. For this reason, we thought that this kind of mapping would be required, but CyberArk informed us that they did not have the capability we had in mind with regard to MITRE ATT&CK. I am not sure what the situation is now, but it would definitely help to have that kind of alignment with one of the more well-known frameworks like MITRE. For CyberArk as a vendor, it would also help them to clearly spell out in which areas they have full functionality and in which ares they have partial or none. Of course, it also greatly benefits the customers when they're evaluating the product.
Vinod Survase - PeerSpot reviewer
Oct 31, 2022
Saves us time and money and features Conditional Access policies, SSPR, and MFA
I want better integration between Azure AD and the on-prem environment because there are currently limitations that can hamper employee experience. We use a feature called password writeback, that can be challenging to implement in a hybrid environment. Employees can change their passwords using a self-service password reset (SSPR) feature, which reflects from the cloud to the on-prem identity, but not the other way around. Currently, there is no way to reflect passwords from on-prem identities to the cloud. There are other similar limitations, such as a cap on the number of identities that can be synchronized in a particular time frame, which can be an issue for large enterprises with 300,000 employees or more.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is scalable."
"It is scalable."
"The most valuable features of CyberArk Enterprise Password Vault are password rotations and password encryptions."
"Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment."
"Service count rotation is probably one of my favorite features... The ability to automatically rotate any password I need to really helps with the entire enterprise strategy that we're pushing right now."
"I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault."
"We have the identity provider for all the authentication processes. However, sometimes, we need access to different applications for customers or clients that are not integrated into the identity provider. For these, we need to store a password to gain access. For example, we use the CyberArk Password Vault for third-party services. This vault needs to be shared with many people in our company."
"When we started with RPA, there was a requirement that every credential and the bots themselves be protected through the PAM system. From the get-go, we've had CyberArk in the middle... We've got a pretty robust RPA implementation with our PAM platform. Users, bots, the credentials — everything is managed via our PAM solution."
"Azure Active Directory has many automation capabilities, and you can apply policies on top. You can do a lot of things with these combinations and integrate other tools like PingFederate."
"Privileged Identity Management and Privileged Identity Management make controlling access considerably easier and ensure that authorized access is achieved."
"It is a really nice tool and we have a license for the more complex model."
"It also has features that help improve security posture. The most important of these features include multifactor authentication, which is very useful for connecting to the organization, especially from outside the boundaries of the organization. That is very helpful when it comes to user security."
"Coming from a traditional on-premises Active Directory infrastructure, it is purely a SaaS platform. It is global. It is evergreen. It is always evolving. It is core to the Microsoft Ecosystem."
"The tool's most valuable features are security and integration with other tenants."
"The tool's most valuable feature is auto logs. It helps with user activity and monitoring. It also assists us with GLBA policies and procedures. Microsoft Entra ID gives a 360 view of what the user has access to, what applications are available to them, when they are logging in and out, etc. It makes knowing what is happening to our tenants incredibly powerful."
"The initial setup was very straightforward."
 

Cons

"The price is high compared to Azure Key Vault. It's the most expensive solution."
"I would like to see a simplification of the product."
"The installation process should be easier and more user-friendly so that you don't need to hire a third party to deploy it."
"I would like to see better usability for non-technical people."
"CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift."
"The PTA could be improved. Currently, companies often have multiple domains and sometimes it's difficult to implement CyberArk in this kind of infrastructure. For example, you can add CPM (Central Policy Manager) and PSM (Privileged Session Manager and PVWA (Password Vault Web Access) for access, but if you want to add PTA (Privileged Threat Analysis) to scan Vault logs, it is difficult because this component may be adding multiple domain environments."
"The lead product has a slow process. There are some reports and requirements from CyberArk which are not readily available as an applicable solution. We have made consistent management requests in the logs."
"More than the product itself, there is room for improvement in the documentation. The documentation should be very detailed and very structured. It has a lot of good information, on one level, but I feel that it could be more elaborate and more structured."
"Microsoft's technical support has shortcomings where improvements are required."
"There are issues using it with ADFS."
"We would like to have more granularity in the Azure conditional access in order to be able to manage more groups for devices and for applications."
"The robustness of the conditional access feature of the zero trust strategy to verify users is adequate but not comprehensive."
"The permission management is a mess."
"One thing that bothers me about Azure AD is that I can't specify login hours. I have to use an on-premises instance of Active Directory if I want to specify the hours during which a user can log in. For example, if I want to restrict login to only be possible during working hours, to prevent overtime payments or to prevent lawsuits, I can't do this using only Azure AD."
"The solution was difficult to scale because the group's configuration was complex. I would rate the scalability level of Azure Active Directory a five out of ten."
"Microsoft should work on enhancing its machine-learning algorithm to prevent unnecessary lockouts of users."
 

Pricing and Cost Advice

"I would rate the tool’s pricing a six out of ten."
"CyberArk is very expensive and there are additional fees for add-ons."
"Before we bought it, they were licensing each function individually, which got complicated and very expensive. When we decided to buy it, it was much more straightforward and still quite expensive, but it brings a lot of value and risk reduction to the organization."
"CyberArk DNA is free if you purchase the CyberArk solution. There is no additional charge for CyberArk DNA, which is great."
"There are additional features added to our CyberArk Privileged Access Manager license. For example, features that allow us to integrate into various kinds of platforms."
"The main problem for the tool is its licensing. I work for a really big company. When you try to develop this as a service, usually you work with leverage teams who are formed with dozens of members. You might dedicate one FTE, or less, for something, e.g., an antivirus administrator. You might have half an FTE's effort dedicated to administering the antivirus, but then you have a team of about 30 users who might access that ticket. The problem is that CyberArk eliminated the possibility of concurrent users years ago. This is a big problem for companies who work with leverage teams. You need to pay for everyone. 40 licenses are used by 20 or 30 people. This is a big problem because licenses are not precisely cheap."
"The solution is available at a high price"
"With reducing the privileged account access, there has been a huge improvement. They are now bringing more accounts on a little at a time."
"This product is sold as part of the enterprise package and our licensing fees are paid on a yearly basis."
"I don't pay for it. Going by how I feel, I see the prices for any MFA solution going down because the more different alternatives there are, the cheaper things should be. Microsoft Authenticator app would be the preferred application, but there are too many ways to implement MFA. I don't know how much it cost, but the price should go down."
"It is a really nice tool and we have a license for the more complex model."
"The price of Azure Active Directory and Amazon AWS, are almost the same, but most people prefer Amazon AWS because they find it's a little cheaper to some extent and an easier platform to use."
"Licensing is easy."
"The pricing for Azure Active Directory is affordable; I would rate the cost a six out of ten."
"Our customers are looking for advanced features and processes for it to be cost-effective for their organizations. They see it as an overpriced product. They are enjoying using Azure Active Directory, but they are looking for better prices."
"Pricing could always be better. You pay the premium for Microsoft. Sometimes, it is worth it, and at other times, you wish to have more licensing options, especially for smaller companies."
report
Use our free recommendation engine to learn which Access Management solutions are best for your needs.
814,578 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
30%
Financial Services Firm
13%
Computer Software Company
12%
Manufacturing Company
6%
Educational Organization
30%
Computer Software Company
11%
Financial Services Firm
9%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does Sailpoint IdentityIQ compare with CyberArk PAM?
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the m...
What do you like most about CyberArk Privileged Access Manager?
The most valuable features of the solution are control and analytics.
What is your experience regarding pricing and costs for CyberArk Privileged Access Manager?
CyberArk Privileged Access Manager comes at a high cost. But the solution is worth its price.
How does Duo Security compare with Microsoft Authenticator?
We switched to Duo Security for identity verification. We’d been using a competitor but got the chance to evaluate Duo for 30 days, and we could not be happier. Duo Security is easy to configure a...
What do you like most about Azure Active Directory?
It is very simple. The Active Directory functions are very easy for us. Its integration with anything is very easy. We can easily do third-party multifactor authentication.
What is your experience regarding pricing and costs for Azure Active Directory?
Initially, customers can get good prices for a three-year package, but renewal prices tend to increase significantly. If a customer looks for an alternative solution after three years, we often fin...
 

Also Known As

CyberArk Privileged Access Security, CyberArk Enterprise Password Vault
Azure AD, Azure Active Directory, Azure Active Directory, Microsoft Authenticator
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Rockwell Automation
Microsoft Entre ID is trusted by companies of all sizes and industries including Walmart, Zscaler, Uniper, Amtrak, monday.com, and more.
Find out what your peers are saying about CyberArk Privileged Access Manager vs. Microsoft Entra ID and other solutions. Updated: October 2024.
814,578 professionals have used our research since 2012.