Coming October 25: PeerSpot Awards will be announced! Learn more

CyberArk Privileged Access Manager vs One Identity Safeguard comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between CyberArk Privileged Access Manager and One Identity Safeguard based on real PeerSpot user reviews.

Find out in this report how the two Privileged Access Management (PAM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed CyberArk Privileged Access Manager vs. One Identity Safeguard report (Updated: September 2022).
633,184 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"We like it for the ability to automatically change passwords. At least for my group, that's the best thing.""Creating policies and the password rotation feature have been valuable. We don't have to memorize our password for the ADM account.""The password vault and session monitoring are useful.""The automatic rotation of credentials is probably the most useful feature.""The solution is scalable.""It is useful for protecting passwords. If you need to do access security management, you can first use the CyberArk console, and after that, you can connect the firewall interface or firewall command line. Similarly, if you need to do an RDP session, you need to first log in to CyberArk before connecting to the Windows RDP session. This way, the admin doesn't know the password, and that password is changed immediately. To change the password, you first discover the old password in the network, and after that, you can change the password.""The automatic password management is the most important feature. The second most important feature is the ability to enforce dual control on the release of those passwords. The combination of these two features is the most important thing for us because we can show that we're in control of who uses any non-personal account, and when they do so.""The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task."

More CyberArk Privileged Access Manager Pros →

"The first feature I like about One Identity Safeguard is the live contact point for the VPNs. This has been working very well for us, as it's both highly available and reliable.""Safeguard has the ability to record and retrieve in the full-video format.""I have found the most useful feature of One Identity Safeguard to be Privileged Sessions.""We deployed it into our company for controlling a client's behavior in our data center. It is very useful to control their connections, such as RDP.""I have found One Identity Safeguard to be stable.""Safeguard can define and update processes and procedures into the security framework of a company, including mobile. It allows us to change the policies and configurations on a mass scale in regards to security."

More One Identity Safeguard Pros →

"It should be easy to use for non-technical people. Its interface can be a bit difficult. Some parts of its interface are not very intuitive. Some of the controls are hidden, and instead of having a screen with all the controls for that account on it, you have to use menus and other similar things.""They need to provide better training for the System Integrator.""Their post-sale support area requires a big improvement. Customers cannot automate tickets directly with CyberArk. They have to come through the distributor or bring in partners who have access to the support portal. Basically, the support for post-sales implementation is there, but the role of CyberArk is very minimal. Customers have to rely on partners, which sometimes creates issues. Some of the vendors help you during the implementation process, but the CyberArk support team does not do that. They have 24/7 support for our region, but they help only if there is an emergency or there is a problem with their system. If the password vault is down or the system is down, they provide immediate attention. For almost everything else, they take more time to respond. They give low priority to service-related or migration-related questions.""What could be improved in CyberArk Privileged Access Manager is the licensing model. It should be more flexible in terms of the users. Currently, it's based on the number of users, but many users only log in once in four months or once in five months. It would be great if the licensing model could be modified based on user needs. We even have users who have not logged in even once.""If there is an area that has room for improvement, it's probably working with their support and getting people on the phone. That is hard to do with most products in general, but that seems to be the difficult area. The product is fantastic, but sometimes we want somebody on the phone.""It is very complex and difficult to set up the solution.""Report creation could be improved. The policies could be more customized.""The product could be easier to use. More work needs to be done on this aspect; it is not good enough yet. It also takes up a lot of server space. Sometimes we need to use up to seven servers."

More CyberArk Privileged Access Manager Cons →

"We currently have a problem with the Active Directory integrations on Windows. Some of our users need to be logged with Active Directory, but we are having communication issues between One Identity and Active Directory. It seems that Active Directory is not well-integrated.""I just received a question from a customer in regards to a connection with Oracle OID. I tried to integrate Safeguard with the Oracle YAML as well as something else to manage the groups and users from a different system, like AD or LDAP. This one feature could be better. At this moment, the platform system can only use the integration with LDAP or AD. The software for research and development to create a connector to a YAML platform can be very complicated.""We can't review or audit HTTP and HTTPS. This functionality should be added so that we can review and audit HTTP and HTTPS.""When we compare One Identity Safeguard with Cyberark, we know CyberArk has other tools or other features that are more complex and more useful for the customers. For example, I have one customer that wants to elevate the permission that is available in CyberArk.""We have issues using Safeguard to connect to and record from the cloud. Currently, they don't have a mechanism to record this type of connection.""One Identity Safeguard can improve by having more integration with multiple devices."

More One Identity Safeguard Cons →

Pricing and Cost Advice
  • "I believe that this solution is priced well. It's the market leader and I think that it's the best solution."
  • "Overall, its pricing is really good. The main difference from all the other vendors is that they have one package that covers all the functionality and modules of the basic PAM, except the add-on modules like adware and server protection. It also doesn't include the licenses for domain controller protection or maybe an API call-related feature. For the basic privileged access management, the bundle pricing is really good, but when it comes to an agent-based solution for advanced cyber protection or application identity managers, it is expensive. Services are also very expensive if you hire the services team from CyberArk, but these guys are really good. For a couple of large banking projects, we had an experience with them. The banks wanted to have things quickly and efficiently, so we had to hire them. If we take four weeks, these guys can do everything on a weekend. They charge quite a big sum of money, but they know the system well."
  • "The price of this solution is quite reasonable."
  • "The solution is very expensive and requires a license. We pay for an enterprise license."
  • "Pricing is quite high and it could be improved."
  • "They have two types of licensing: purchase and subscription. You have to pay for each admin user, such as Microsoft admin, mail admin, database admin, etc."
  • "The price of CyberArk support could be a little bit less. Otherwise, pricing is fine."
  • "Before we bought it, they were licensing each function individually, which got complicated and very expensive. When we decided to buy it, it was much more straightforward and still quite expensive, but it brings a lot of value and risk reduction to the organization."
  • More CyberArk Privileged Access Manager Pricing and Cost Advice →

  • "Safeguard is cheaper than CyberArk."
  • "As compared to other products, it is reasonable, but the training sessions are too expensive."
  • "The license is very expensive for us, partly due to inflation and partly because of the exchange rate between the Dollar and the Iranian Rial. We purchased a perpetual license that we've been using up until now, but I believe that we are not going to update it in the future. Instead, we plan to find another third-party to support us with the license, in the sense that we would have access to their license as a shared agreement."
  • More One Identity Safeguard Pricing and Cost Advice →

    Use our free recommendation engine to learn which Privileged Access Management (PAM) solutions are best for your needs.
    633,184 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the… more »
    Top Answer:Within the solution, I love the fact that everything is recorded. The configuration capabilities are great, too.
    Top Answer:The first feature I like about One Identity Safeguard is the live contact point for the VPNs. This has been working very well for us, as it's both highly available and reliable.
    Top Answer:The license is very expensive for us, partly due to inflation and partly because of the exchange rate between the Dollar and the Iranian Rial. We purchased a perpetual license that we've been using up… more »
    Top Answer:We currently have a problem with the Active Directory integrations on Windows. Some of our users need to be logged with Active Directory, but we are having communication issues between One Identity… more »
    Average Words per Review
    Average Words per Review
    Also Known As
    CyberArk Privileged Access Security
    Learn More
    Video Not Available

    CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

    CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

    Benefits of CyberArk Privileged Access Manager

    Some of CyberArk Privileged Access Manager’s benefits include:

    • The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
    • The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
    • The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

    Reviews from Real Users

    CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

    PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

    Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

    One Identity Safeguard is an integrated system that combines a secure, toughened password safe and a session management and monitoring solution with threat detection and analytics into one integrated solution. It stores, manages, records, and analyzes privileged access in a secure manner.

    One Identity Safeguard Features

    One Identity Safeguard has many valuable key features. Some of the most useful ones include:

    • Policy-based release control: Seek access and approve privileged passwords and sessions using a secure online browser that supports mobile devices. Depending on your organization's policies, requests can be authorized immediately or require dual/multiple approvals. You can set One Identity Safeguard to match your personalized needs, whether your policies consider the requestor's identity and level of access, the time and day of the request attempt, and/or the specific resource requested. You can also enter reason codes and/or connect to ticketing systems.

    • Vault for personal passwords: In a free personal password vault, every one of your employees can keep and generate random passwords for non-federated business accounts. This allows your company to use a sanctioned tool to securely share and retrieve passwords, giving you much-needed security and visibility into your company's accounts.

    • Auditing, recording, and replaying entire sessions: All session activity is collected, indexed, and kept in tamper-proof audit trails that can be viewed like a video and searched like a database, down to the keystrokes, mouse movements, and windows viewed. Security teams can search across sessions for certain events and play the recording from the exact point where the search criterion happened. For forensics and compliance purposes, audit trails are encrypted, time-stamped, and cryptographically signed.

    • Approval in any location: Approve or refuse requests from anywhere, using One Identity Starling Two-Factor Authentication, without having to connect to a VPN.
    • Instantly on: Safeguard for Privileged Sessions can be implemented in a transparent manner, with no changes to user workflows required. Safeguard, when acting as a proxy gateway, can act as a network router, unseen to both the user and the server. Admins can continue to use their normal client programs and access target servers and systems without disrupting their everyday routine.

    • Biometrics of user behavior: Even when performing identical operations like typing or moving a mouse, each person has his or her own unique pattern of behavior. These behavioral characteristics are examined by the Safeguard algorithms. Keystroke dynamics and mouse movement analysis aid in the detection of security breaches while also acting as a continuous biometric authentication system.

    • Favorites: Right from the login screen, quickly access the passwords you use the most. You can combine many password requests into a single favorite, allowing you to log into all of your accounts with a single click.

    • Discovery options: With host, directory, and network-discovery options, you can quickly find privileged accounts or systems on your network.

    Reviews from Real Users

    One Identity Safeguard stands out among its competitors for a number of reasons. Two major ones are its stability and its connection control. PeerSpot users take note of the advantages of these features in their reviews:

    One PeerSpot reviewer, a Software Solutions Architect at a computer software company, writes, “I have found the most useful feature of One Identity Safeguard to be Privileged Sessions. One Identity Safeguard is a stable solution.” He adds, “I rate One Identity Safeguard a nine out of ten.”

    Walid S., Networking and Security Engineer at a tech services company, mentions of the solution, “We deployed it into our company for controlling a client's behavior in our data center. It is very useful to control their connections, such as RDP.”

    Learn more about CyberArk Privileged Access Manager
    Securely store, manage, record and analyze privileged access

    Prevent security breaches and limit damage by putting in place a privileged access management solution. Get a free 45-day trial, or request a demo of One Identity SafeGuard.

    Sample Customers
    Rockwell Automation
    Top Industries
    Financial Services Firm26%
    Insurance Company14%
    Healthcare Company8%
    Computer Software Company8%
    Computer Software Company19%
    Financial Services Firm14%
    Comms Service Provider13%
    Financial Services Firm58%
    Healthcare Company17%
    Manufacturing Company8%
    Computer Software Company23%
    Comms Service Provider13%
    Financial Services Firm11%
    Company Size
    Small Business20%
    Midsize Enterprise12%
    Large Enterprise68%
    Small Business18%
    Midsize Enterprise15%
    Large Enterprise67%
    Small Business36%
    Midsize Enterprise29%
    Large Enterprise36%
    Small Business20%
    Midsize Enterprise18%
    Large Enterprise62%
    Buyer's Guide
    CyberArk Privileged Access Manager vs. One Identity Safeguard
    September 2022
    Find out what your peers are saying about CyberArk Privileged Access Manager vs. One Identity Safeguard and other solutions. Updated: September 2022.
    633,184 professionals have used our research since 2012.

    CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 34 reviews while One Identity Safeguard is ranked 6th in Privileged Access Management (PAM) with 6 reviews. CyberArk Privileged Access Manager is rated 8.4, while One Identity Safeguard is rated 8.6. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of One Identity Safeguard writes "Offers a highly reliable VPN contact point and solves our password management issues". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Azure Active Directory (Azure AD), WALLIX Bastion, Delinea Secret Server and Saviynt, whereas One Identity Safeguard is most compared with WALLIX Bastion, Delinea Secret Server, Fudo PAM, BeyondTrust Privileged Remote Access and Cisco ISE (Identity Services Engine). See our CyberArk Privileged Access Manager vs. One Identity Safeguard report.

    See our list of best Privileged Access Management (PAM) vendors.

    We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.