CyberArk Privileged Access Manager vs Microsoft Entra ID comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Sep 6, 2022

We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Azure Active Directory users say deployment is simple and easy. Users of CyberArk Privileged Access Manager say the initial setup is complex and requires technical expertise.
  • Features: Users say both products have good stability, scalability, and security.

    Azure users like the solution’s ease of use, single sign on, identity-based authentication, and its privileged access management. Users say the conditional access rules are a little limiting and that provisioning is not intuitive

    CyberArk users like the solution’s performance, password protection, and monitoring tools. Reviewers mention that it lacks flexibility.
  • Pricing: Azure users mention that the solution has various levels of licenses, with a free basic tier. CyberArk users consider the solution to be expensive.
  • Service and Support: Most users of both solutions are satisfied with the level of support they receive.
  • ROI: Users of both solutions report a positive ROI.

Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.

To learn more, read our detailed CyberArk Privileged Access Manager vs. Microsoft Entra ID Report (Updated: September 2023).
735,226 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Performance-wise, it is excellent.""With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent""The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution.""The password management feature is valuable.""All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information.""The established sessions on the target systems are fully isolated and the privileged account credentials are never exposed to the end-users or their client applications and devices.""I found it valuable that CyberArk Privileged Access Manager can be integrated with PTA (privileged threat analytics), and this means that it will tell you if there's a risk to the logins and signs of risk and if risky behavior is observed. It's a good feature. Another good feature is the CPM (central password manager) because it helps you rotate the passwords automatically without involving the admins. It can go and update the scheduled tasks and the services. At the same time, if there's an application where it cannot do all of these, CPM will trigger an automatic email to the application owners, telling them that they should go ahead and change the password. This allows you to manage the account password that CyberArk cannot manage, which helps mitigate the risk of old passwords, where the password gets compromised, and also allows you to manage the security of the domain.""The most valuable feature of CyberArk Privileged Access Manager is privileged threat analytics."

More CyberArk Privileged Access Manager Pros →

"The solution allows users to authenticate from home, and the Office 360 integration is advantageous.""It's a quite comprehensive solution and it scales quite well within our required scale as well, which is very useful.""Active Directory itself is the best feature it has. It also gives us a single pane of glass for managing user access.""The cloud security part is very valuable. Security is the most important thing in today's world. With Azure Active Directory, there are some features that tell you how you need to improve your security level. It informs you if you set up certain policies, e.g., this is where my users sign in. It tends to let you know if your organization has been breached with this security set up. Therefore, it is easier to know when you have been breached, especially if you set up a Conditional Access policy for your organization.""The initial setup was very straightforward.""The two-step authentication is the most valuable.""It's a very scalable solution.""The most valuable features of Azure ID are the single sign-on and OpenID Connect authentication."

More Microsoft Entra ID Pros →

Cons
"Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge.""The greatest area of improvement is with the user interface of the Password Vault Web Access component.""The Vault's disaster recovery features need improvement.""The major pain point that we have is the capacity of CyberArk due to the sheer volume of NPAs that we are managing. We are a large organization and we have hundreds of thousands of non-personal accounts to manage. We have already found out that there are certain capacity limitations within CyberArk that might introduce performance issues. From my perspective, something that would be valuable would be if the vault could hold more passwords and be more scalable.""Overall what I would really love to see is the third-party PAS reporter tool pulled more into the overall solution, ideally as its own deployable component service installation package.""Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use.""The support services could act faster when people reach out to resolve issues.""If there is an area that has room for improvement, it's probably working with their support and getting people on the phone. That is hard to do with most products in general, but that seems to be the difficult area. The product is fantastic, but sometimes we want somebody on the phone."

More CyberArk Privileged Access Manager Cons →

"I would like them to improve the dashboard by presenting the raw data in a more visual way for the logs and events. That would help us understand the reports better.""Microsoft should work on enhancing its machine-learning algorithm to prevent unnecessary lockouts of users.""ESAE management, especially the admin tools, could be improved. It should be built in by the vendor, and I shouldn't have to add patches or updates to connect to my domain directly. It should be added by default. The price could be better.""They should put the features of P1 and P2 into a single license.""Definitely, the price could be lower. When we moved from AWS to Azure, we started paying more.""The only improvement would be for everything to be instant in terms of applying changes and propagating them to systems.""Azure AD does not support legacy authentication protocols, such as NTLM or Kerberos.""Microsoft services and most familiar third-party applications are currently supported, but we can't find many other platforms that integrate with Office 365 or Azure Active Directory. Microsoft should develop connectors for different applications and collaborate more with other vendors to cover a broader range of applications."

More Microsoft Entra ID Cons →

Pricing and Cost Advice
  • "The price of CyberArk support could be a little bit less. Otherwise, pricing is fine."
  • "Before we bought it, they were licensing each function individually, which got complicated and very expensive. When we decided to buy it, it was much more straightforward and still quite expensive, but it brings a lot of value and risk reduction to the organization."
  • "It is in line with its competitors, but all such solutions cost too much money."
  • "CyberArk DNA is free if you purchase the CyberArk solution. There is no additional charge for CyberArk DNA, which is great."
  • "The main problem for the tool is its licensing. I work for a really big company. When you try to develop this as a service, usually you work with leverage teams who are formed with dozens of members. You might dedicate one FTE, or less, for something, e.g., an antivirus administrator. You might have half an FTE's effort dedicated to administering the antivirus, but then you have a team of about 30 users who might access that ticket. The problem is that CyberArk eliminated the possibility of concurrent users years ago. This is a big problem for companies who work with leverage teams. You need to pay for everyone. 40 licenses are used by 20 or 30 people. This is a big problem because licenses are not precisely cheap."
  • "It's expensive, certainly. But CyberArk is the leader in the market with regards to privileged access management. You pay a lot, but you are paying for the value that is being delivered."
  • "Previously, the pricing was very meager. They started publicizing and advertising the solution, growing CyberArk, as an organization. They also changed their pricing with that growth, e.g., the pricier the product, the more people who will purchase it."
  • "Generally, I don't get involved in the licensing or the purchasing side of it, but I do know that the licenses are expensive."
  • More CyberArk Privileged Access Manager Pricing and Cost Advice →

  • "Previously, only building and global administrators could purchase subscriptions or licenses. Mid-last year, Microsoft made it so users can purchase the license online. Microsoft business subscription is for 200 to 300 users. If you have more than 300 users, you can't purchase the business plan. You have to purchase the enterprise plan. The enterprise plan is for 301 users and above. Pay as you go is also available. If you pay as you go in Azure, you will be billed for whatever you use."
  • "It can be a bit expensive for organizations, but they do have different pricing models. Their free tier can be used on a personal level, but for an organization, the licenses might be a bit expensive. In general, the licenses can become cheaper, which will make it accessible for more people."
  • "The basic tier of Azure Active Directory is free, so many users use the service for free. For a small company having the security and compliance that Azure offers is a great benefit. For small companies that are using the basic services, not having to pay for Azure Active Directory is the main asset because they can manage their users and have authentications tools and security."
  • "Microsoft Azure AD has P1 or P2 licensing options, and it depends on the customer's needs. To use Conditional Access, you need to have the P1 license, and to use the PIN features, you need the P2 license."
  • "The pricing for companies and businesses is okay, it's fair. But if you are trying to teach someone about Azure AD, there is no licensing option for that... It would be nice to have a 'learning' license, one that is cheaper for a single person."
  • "The E5 plan we are using contains the premium plans for Azure Active Directory. We are not paying only for the Azure Active Directory Premium licenses. We have it already included within our E5 plan."
  • "The cost is billed on a per-user licensing basis."
  • "The process for buying licenses from Microsoft is somewhat messy and really hard to do. We have to talk to someone because it's hard to find out how many licenses we need. If I'm applying for 2,000 users, how many Windows licenses do we need? They could also charge less for support."
  • More Microsoft Entra ID Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Access Management solutions are best for your needs.
    735,226 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the… more »
    Top Answer:I like the integrations for external applications.
    Top Answer:Licensing may sometimes seem a little complicated. A good partner from CyberArk can work it out.
    Top Answer:It helps with privacy control of identity data. It makes security very easy.
    Top Answer:Sometimes it is difficult to understand the structure of the menu. Sometimes they make some changes in the configuration structure and you might have trouble finding a button or some functionality… more »
    Ranking
    Views
    12,388
    Comparisons
    7,141
    Reviews
    40
    Average Words per Review
    842
    Rating
    8.8
    1st
    out of 33 in Access Management
    Views
    12,783
    Comparisons
    8,879
    Reviews
    95
    Average Words per Review
    775
    Rating
    8.8
    Comparisons
    Also Known As
    CyberArk Privileged Access Security
    Azure Active Directory (Azure AD), Azure Active Directory
    Learn More
    CyberArk
    Video Not Available
    Overview

    CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

    CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

    Benefits of CyberArk Privileged Access Manager

    Some of CyberArk Privileged Access Manager’s benefits include:

    • The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
    • The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
    • The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

    Reviews from Real Users

    CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

    PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

    Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

    Secure access to any app or resource from anywhere

    Take advantage of adaptive identity and network access controls to secure access to any app or resource for every user or digital workload across your entire environment.

    Protect and verify every identity

    Implement consistent security policies for every user—employees, frontline workers, customers, partners—as well as apps, devices, and workloads across multicloud and hybrid.

    Provide only the access necessary

    Discover and right-size permissions, manage access lifecycles, and ensure least privilege access for any identity.

    Simplify the user experience

    Reduce IT friction and improve the hybrid workforce experience with seamless access to any resource, single sign-on, user self-service management, and automated lifecycle workflows.

    Offer
    Learn more about CyberArk Privileged Access Manager
    Learn more about Microsoft Entra ID
    Sample Customers
    Rockwell Automation
    Azure Active Directory is trusted by companies of all sizes and industries including Walmart, Zscaler, Uniper, Amtrak, monday.com, and more.
    Top Industries
    REVIEWERS
    Financial Services Firm23%
    Computer Software Company14%
    Insurance Company13%
    Healthcare Company9%
    VISITORS READING REVIEWS
    Educational Organization28%
    Computer Software Company12%
    Financial Services Firm11%
    Government5%
    REVIEWERS
    Financial Services Firm15%
    Computer Software Company14%
    Manufacturing Company7%
    Energy/Utilities Company6%
    VISITORS READING REVIEWS
    Educational Organization29%
    Computer Software Company12%
    Financial Services Firm10%
    Government6%
    Company Size
    REVIEWERS
    Small Business21%
    Midsize Enterprise12%
    Large Enterprise66%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise37%
    Large Enterprise48%
    REVIEWERS
    Small Business34%
    Midsize Enterprise14%
    Large Enterprise52%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise37%
    Large Enterprise47%
    Buyer's Guide
    CyberArk Privileged Access Manager vs. Microsoft Entra ID
    September 2023
    Find out what your peers are saying about CyberArk Privileged Access Manager vs. Microsoft Entra ID and other solutions. Updated: September 2023.
    735,226 professionals have used our research since 2012.

    CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 49 reviews while Microsoft Entra ID is ranked 1st in Access Management with 100 reviews. CyberArk Privileged Access Manager is rated 8.8, while Microsoft Entra ID is rated 8.8. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Microsoft Entra ID writes "Provides a secure environment to easily manage users and assign roles and permissions". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion, SailPoint IdentityIQ and One Identity Safeguard, whereas Microsoft Entra ID is most compared with Google Cloud Identity, Auth0, PingFederate, SailPoint IdentityIQ and Okta Workforce Identity. See our CyberArk Privileged Access Manager vs. Microsoft Entra ID report.

    See our list of best Access Management vendors.

    We monitor all Access Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.