We performed a comparison between CyberArk Privileged Access Manager, One Identity Safeguard, and SailPoint IdentityIQ based on real PeerSpot user reviews.
Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM)."We have accomplished our security goals. We have two-factor authenticated and vaulted our important accounts, so people can't just steal stuff from us."
"It is scalable."
"The Vault offers great capabilities for structuring and accessing data."
"Creating policies and the password rotation feature have been valuable. We don't have to memorize our password for the ADM account."
"It is very simple to use."
"You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily."
"All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information."
"Increased our insight into how privileged accounts are being used and distributed within our footprint."
"It is generally easy-to-use and install."
"I like Safeguard's snapshot feature that enables us to review the last time an application was opened and by whom. If there are any issues, we can look behind the scenes to see what has been done. We can suspend a user's access or close off a server."
"The transparent mode for privileged sessions is one of the best things for customers, because they don't see the system in-between."
"Safeguard can define and update processes and procedures into the security framework of a company, including mobile. It allows us to change the policies and configurations on a mass scale in regards to security."
"The monitoring system is very good."
"It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage."
"We use the solution’s “transparent mode” feature for privileged sessions. It is very easy because it is only a simple configuration for our users. We don't have to modify our network. We install it, configure it, and it works. So, it is super easy. The rollout for our users is seamless."
"The customer service and technical support are very good."
"Great product to manage the access control of users."
"The tool is quite stable and user-friendly."
"Deployment takes a bit of time, however, once it's done properly, everything becomes very organized and easy to use."
"The solution is one of the main security products you need to control access and have visibility into what's happening in your organization. It helps with managing access to applications, ensuring governance, and obtaining certifications."
"The initial setup isn't so difficult."
"User provisioning and the role management features are good."
"The support is very good."
"The solution is stable and reliable."
"it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs."
"When something comes out, it's generally airtight and works as advertised. However, sometimes they are a little bit slow to keep up with what's coming out. In 2017, for example, they released support for Windows Server 2016, which had been out for a year or so."
"The initial setup was a bit complex."
"The issue of technical support is crucial, as there are not many specialized partners available in Brazil to provide this service. While English language support is of good quality, there is a significant shortage of partners capable of meeting the demand locally."
"CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well."
"One thing that could be improved is to create of a better alternative for fixing group policy fees. We currently use Microsoft, but they have introduced new policies that may not be compatible."
"We would like to expand the usage of the auto discovery accounts feed, then on our end, tie in the REST API for automation."
"The scalability, sometimes, is lacking. It works really well for more static environments... But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up."
"From a usability perspective, what we are finding out is that our privileged domain admin users, in particular, want functionality for extending a checkout session. So we are working with One Identity support to see if there's an enhancement that can be made to the product."
"We have feature requests and would like to see the turnaround times on those features to be faster."
"Some of our users find the functionality a bit complex, and it could be made more user-friendly."
"The GUI has room for improvement because it is confusing and cumbersome."
"The product uses a lot of resources in current sessions."
"I just received a question from a customer in regards to a connection with Oracle OID. I tried to integrate Safeguard with the Oracle YAML as well as something else to manage the groups and users from a different system, like AD or LDAP. This one feature could be better. At this moment, the platform system can only use the integration with LDAP or AD. The software for research and development to create a connector to a YAML platform can be very complicated."
"Monitoring of the platform should be easier and more functional so that you can have a clear picture of the running service."
"For some users, the physical appliance has been a bit buggy."
"In the past, we had a lot of problems with SailPoint IdentityIQ, particularly in providing access and provisioning. There were some gaps in the operation of the solution because they were manual rather than automated, and the users and administrators were given access directly via Active Directory, and it wasn't appropriate for us at the time to use. In terms of integration, we could provide a more automated solution after a minimum number of years, but not in the SailPoint IdentityIQ platform, but there were problems in the registration, for example, with putting information inside ADP, but in general, we were able to solve those problems, and after implementing SailPoint IdentityIQ we had increased evaluations."
"Some setups should be done in the interface and in the code, and could be made simpler."
"The cost can be prohibitive for middle-tier companies."
"We faced some issues while integrating the solution with a third-party tool."
"SailPoint IdentityIQ has a primitive AI engine."
"What it doesn't do is provide notice in the event of a vulnerability or offense from the security."
"It allowed to implement the automated processes when a new employee is hired. It allows to have a main central process for new hires."
"Competitors are advancing by offering integrated solutions encompassing access and privileged access management in a single unified platform. IdentityIQ's focus has remained primarily on identity and access governance, neglecting to expand its offerings to include these additional functionalities within its existing product. Enhancing their product by incorporating modules for access management, privileged access management, and third-party access governance could address this gap."
More CyberArk Privileged Access Manager Pricing and Cost Advice →