We performed a comparison between CyberArk Privileged Access Manager and One Identity Active Roles based on real PeerSpot user reviews.
Find out in this report how the two Privileged Access Management (PAM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a scalable product."
"With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent"
"The product is an important security measure against credential theft. It ensures session isolation and password rotation including pushing passwords to the endpoints."
"The solution is scalable."
"The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task."
"The solution helps our developers access internal systems. It also helps us in Privilege Access Management."
"CyberArk Privileged Access Manager is stable."
"It is a central repository. Therefore, if someone needs to access a server, then they go through CyberArk PAM. It provides a secure way to do this and CyberArk PAM records everything. For example, if you are connecting to a Linux server, then once you get into the Linux server and if it is integrated with CyberArk, it will automatically start recording everything that is being done. In most banks, seeing the recordings is very useful. If there are any gaps or something has happened which shouldn't have happened, then we can check the logs and videos. So, it gives security, in a robust manner, to the organization."
"The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes."
"Active Roles improved the management of users, groups, and AD objects in the organization."
"Secure access is the most valuable feature."
"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."
"The solution is stable."
"The PTA could be improved. Currently, companies often have multiple domains and sometimes it's difficult to implement CyberArk in this kind of infrastructure. For example, you can add CPM (Central Policy Manager) and PSM (Privileged Session Manager and PVWA (Password Vault Web Access) for access, but if you want to add PTA (Privileged Threat Analysis) to scan Vault logs, it is difficult because this component may be adding multiple domain environments."
"The admin interface of the Password Vault Web Access (PVWA) is moving from an old style (the classic interface) to a new style (the v10 interface) and unfortunately, this process is quite slow."
"CyberArk PAM is a very broad product as everyone's requirements for implementation are different. In our particular case, the initial implementation was planned and developed by people who didn't know our specific network requirements, so the initial implementation needed to be tweaked over time. While this is normal, at the time all these "major" changes required CyberArk professional services to come in-plant and "assist" with the changes."
"The continuous scanning of the assets is limited to Windows and Unix. We like to have the solution scan any databases, network devices, and security devices for privileged accounts. That would be very helpful."
"CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift."
"There is a lot of room for improvement in the report section. I also work on other tools, such as Thycotic, which allows you to create customized reports for your organization's needs. In CyberArk, there are limited reports, whereas in Thycotic or some of the other PAM tools, because the database is different, you can customize the report based on your needs through SQL queries."
"The support services could act faster when people reach out to resolve issues."
"The current interface is not very intuitive."
"Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up."
"The solution needs an attestation process that includes certification and recertification attestation."
"The initial setup was quite easy, but it was time-consuming. It took about three months."
"The way you can search groups could be better."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 49 reviews while One Identity Active Roles is ranked 5th in User Provisioning Software with 5 reviews. CyberArk Privileged Access Manager is rated 8.8, while One Identity Active Roles is rated 8.0. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of One Identity Active Roles writes "Give us control over attributes a service desk analyst can change, and we can build in integrity rules". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and Zscaler Internet Access, whereas One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, One Identity Manager, SailPoint IdentityIQ and Saviynt. See our CyberArk Privileged Access Manager vs. One Identity Active Roles report.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.