We performed a comparison between CyberArk Privileged Access Manager and SailPoint IdentityIQ based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions received high marks from users. CyberArk Privileged Access Manager has an edge over SailPoint IdentityIQ due to its advanced monitoring and reporting abilities.
"The solution is stable."
"We've written over a hundred custom connectors ourselves that allow us to do all types of privileged session management for various applications. On top of that, the rest of the API-based central credential providers allow us to get away from credentials that may be hard-coded in the script or some application."
"The automatic rotation of credentials is probably the most useful feature."
"The password vault and session monitoring are useful."
"It is one of the best solutions in the market. Ever since I started using this solution, there has not been any compromise when it comes to our lab."
"The automatic password management is the most important feature. The second most important feature is the ability to enforce dual control on the release of those passwords. The combination of these two features is the most important thing for us because we can show that we're in control of who uses any non-personal account, and when they do so."
"The most valuable feature of CyberArk Privileged Access Manager is privileged threat analytics."
"Performance-wise, it is excellent."
"The access certification feature is valuable."
"IdentityIQ's best features are the hassle-free user experience and security."
"The solution is pretty stable and simple to use."
"This solution is easy to configure."
"It is a scalable product."
"This solution is great for providing control access across your environment."
"The solution is very good at the management of the identity lifecycle."
"It offers a single source of truth. Everything can be handled from one tier."
"PAM could be more user-friendly and CyberArk could update the documentation to include more real-world examples. You have to learn it yourself through trial and error. In particular, the online documentation should have more information about troubleshooting."
"It should be easy to use for non-technical people. Its interface can be a bit difficult. Some parts of its interface are not very intuitive. Some of the controls are hidden, and instead of having a screen with all the controls for that account on it, you have to use menus and other similar things."
"One thing that could be improved is to create of a better alternative for fixing group policy fees. We currently use Microsoft, but they have introduced new policies that may not be compatible."
"What could be improved in CyberArk Privileged Access Manager is the licensing model. It should be more flexible in terms of the users. Currently, it's based on the number of users, but many users only log in once in four months or once in five months. It would be great if the licensing model could be modified based on user needs. We even have users who have not logged in even once."
"Some aspects of the administration need improvement, though they have recently made improvements to the API. However, the management with the interface and configuration are not so user-friendly. It has not changed much during all the years that CyberArk has been on the market. The management part, like platform management as well as PSM connectors definition and management, could be improved, even if it has already been done with the API."
"They are sometimes not flexible with things. For instance, from one day to another, there might be something that had been done years ago by CyberArk, then they say, "We do not support that." You then have to initiate a complaint and start working with them. Things might become complicated and months pass while you are working with them. Usually, they are good and fast, but sometimes they seem to be blocked with problems, e.g., you will suddenly be working with another team instead of the team that you were working with the day before."
"The turnaround time for technical support is lengthy."
"Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge."
"The user interface could be slightly improved. It could be made simpler and more user-friendly, however, it is good enough right now."
"Compared to at least one other product some of the administrative tasks could be easier or more intuitive."
"The price of IdentityIQ could be lower. There are additional costs when you buy the licenses, and they force the customers to pay for them."
"If there's a price reduction for SailPoint IdentityIQ, that would be helpful. Another area for improvement in the product is the technical support, which needs to be more friendly to customers."
"The solution, in general, is quite expensive."
"It tends to be more expensive, but at the end of the day, it works."
"The mover process for this solution could be improved."
"In the past, we had a lot of problems with SailPoint IdentityIQ, particularly in providing access and provisioning. There were some gaps in the operation of the solution because they were manual rather than automated, and the users and administrators were given access directly via Active Directory, and it wasn't appropriate for us at the time to use. In terms of integration, we could provide a more automated solution after a minimum number of years, but not in the SailPoint IdentityIQ platform, but there were problems in the registration, for example, with putting information inside ADP, but in general, we were able to solve those problems, and after implementing SailPoint IdentityIQ we had increased evaluations."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 37 reviews while SailPoint IdentityIQ is ranked 1st in User Provisioning Software with 25 reviews. CyberArk Privileged Access Manager is rated 8.4, while SailPoint IdentityIQ is rated 8.4. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of SailPoint IdentityIQ writes "End-to-end Identity Management and Access Governance solution that shows why its a Market leader". CyberArk Privileged Access Manager is most compared with Azure Active Directory (Azure AD), Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion and One Identity Safeguard, whereas SailPoint IdentityIQ is most compared with Azure Active Directory (Azure AD), Okta Workforce Identity, Saviynt, One Identity Manager and SAP Identity Management.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The two products are actually complimentary. Both companies have been very good about staying in their lanes and are their respective market leaders.
CyberArk's PAM solution is aimed at protecting privileged accounts by providing features like vaulting, credential rotation, session monitoring and recording. They also have solutions for DevOps and Secrets management.
SailPoint is an Identity Governance solution and actually manages CyberArk as an application the same way it manages accounts and privileges in SAP, AD, AAD and over 100 more applications. For CyberArk, it can add/change/delete users as well as create safes and assign users to those safes. At a user account certification time, it will show the CyberArk users and their associated privileges and allow the user's manager or other appropriate people to approve or revoke the privileged access.
SailPoint creates an Identity warehouse so that a user's accounts and entitlements are gathered, managed and reported on in a centralized manner. See Youtube for a quick explanation - SailPoint Identity Governance Integrates with CyberAek Privileged Access Security.
SailPoint does not provide the vault and session management functions that CyberArk does.
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the management of user identities, systems, data, and cloud services. It works great for Identity Access Management, specifically for cleaning up inactive and orphaned accounts. It has the joiner-mover-leaver feature.
One of the features we like is the large availability of connectors for different applications and platforms. You can also recertify an account, which is very useful. It is well suited for large companies with lots of users and applications. However, for small companies, it might be a bit of an overkill.
Sailpoint has a steep learning curve, so it is not for inexperienced users. Moreover, it doesn’t offer a lot of supporting documentation. It also doesn’t integrate well with other solutions.
We chose CyberArk despite the cost because it works great for password management. CyberArk helps manage privileged accounts and service accounts, for example, when users need to connect remotely into systems. It is especially useful for IT staff to access their privileged accounts without having to remember the passwords every time - individually and even as a group.
What we like the most about CyberArk is the ease of use and effectiveness in managing privileged accounts. For instance, it automatically changes the passwords for privileged accounts and reconciles and verifies passwords. New users can obtain secure credentials with minimal time and effort.
The initial cost is high, which can be a bit of a stretch for small organizations. It also has high requirements for the initial setup and is difficult to customize. The performance could be faster.
Conclusions
While Sailpoint IdentityIQ is a very good privileged account solution, CyberArk is better suited for us because of its ease of use and efficiency in password management.