It has made things more complex, but has eliminated the possibility of Pass The Hash.
Senior Consultant at a tech services company with 5,001-10,000 employees
Allows secure, logged access to highly sensitive servers and services
Pros and Cons
- "Allows secure, logged access to highly sensitive servers and services."
- "I help implement and train others on how to use it in a highly secure environment."
- "It's hard to find competent resellers/support."
- "Initial setup is complex. Lots of architecture, lots of planning, and lots of education and training are needed."
- "it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs."
How has it helped my organization?
What is most valuable?
Allows secure, logged access to highly sensitive servers and services.
What needs improvement?
Perhaps by design, but it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs.
For how long have I used the solution?
Three to five years.
Buyer's Guide
Idira Privileged Access Manager
July 2026
Learn what your peers think about Idira Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,836 professionals have used our research since 2012.
What do I think about the stability of the solution?
No scalability issues.
What do I think about the scalability of the solution?
Yes. The OU limitations, noted above.
How are customer service and support?
It's hard to find competent resellers/support.
How was the initial setup?
Complex. Lots of architecture, lots of planning, and lots of education and training are needed. Technically, roll-out isn’t bad. It’s the support, training, education, philosophy, and integration within existing ways of doing things that are challenging.
What other advice do I have?
I’m a consultant. I help implement and train others on how to use it in a highly secure environment.
I’d give it a nine out of 10. It is very, very secure.
Plan for major culture change, especially in non-progressive shops. This is a necessary evil to endure for the sake of real security.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Works at a financial services firm with 10,001+ employees
Securely protects our TAP/NUID and privileged access accounts within the company
Pros and Cons
- "The regulation of accounts is by far the most needed and valuable part of the application."
- "Securely protects our TAP/NUID and privileged access accounts within the company."
- "For audit and risk purposes, CyberArk EPV has helped us meet our standards and requirements to help us comply with industry standards and banking regulations."
- "Cost efficiency is the number one thing that can be improved in my mind."
What is our primary use case?
Our main use is for CyberArk to hold, maintain, and securely protect our TAP/NUID and "privileged access" accounts within the company.
How has it helped my organization?
For audit and risk purposes, CyberArk EPV has helped us meet our standards and requirements to help us comply with industry standards and banking regulations. Reports and other quick audit checks make this possible.
What is most valuable?
EPV, as a whole, is very valuable to the company. However, the regulation of accounts is by far the most needed and valuable part of the application.
What needs improvement?
Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product.
For how long have I used the solution?
Less than one year.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Idira Privileged Access Manager
July 2026
Learn what your peers think about Idira Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,836 professionals have used our research since 2012.
Senior Consultant - Information Security Engineering at a financial services firm with 10,001+ employees
Can provide transparent connection to targeted systems and record activities
Pros and Cons
- "Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials."
- "You can gradually implement CyberArk, starting with more easily attainable goals."
What is our primary use case?
We proactively vault and manage all elevated accounts across multiple platforms.
For especially sensitive business units, we additionally leverage Privilege Session Manager to provide transparent connection to targeted systems and record activities.
How has it helped my organization?
Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials.
What is most valuable?
You can gradually implement CyberArk, starting with more easily attainable goals, such as basic vaulting and password rotation and build on that with additional modules, such as Privileged Session Manager and Application Identity Manager.
What needs improvement?
While in the past, administration required several tools and multiple screens/options in those products, v10 is moving towards a single pane of glass with common functions easily found and information regarding privileged accounts given to users in plain, easy to understand terms, now enhanced with graphics.
For how long have I used the solution?
Three to five years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Princ. Info Security Analyst at a insurance company with 10,001+ employees
Ensures accounts are managed according to corporate policies
Pros and Cons
- "It takes people out of the machine work of ensuring credentials remain up-to-date, and handles connection brokering such that human usage and credential management remain independent."
- "CyberArk PAS helps ensure accounts are managed according to corporate policies."
- "It is easily customized, and that customization makes it very easy to start trying to shoehorn the solution into roles it was never intended to fill."
What is our primary use case?
We use it all.
- Privileged account access and management
- Credential rotation
- Access control
- Privileged session recording
How has it helped my organization?
CyberArk PAS helps ensure accounts are managed according to corporate policies. In short, it takes people out of the machine work of ensuring credentials remain up-to-date, and handles connection brokering such that human usage and credential management remain independent.
What is most valuable?
All of the features we use have helped our security posture in some way. All of these have their place in defining and supporting the security posture:
- Password management
- Session management
- Recording
- Access control.
What needs improvement?
Overall, I think it is a fantastic product, when used as designed and intended.
One of its biggest downfalls is also one of its biggest strengths. It is easily customized, and that customization makes it very easy to start trying to shoehorn the solution into roles it was never intended to fill.
For how long have I used the solution?
More than five years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Identity and Access Management System Administrator Sr. at a financial services firm with 1,001-5,000 employees
Increased our insight into how privileged accounts are being used and distributed within our footprint
Pros and Cons
- "Increased our insight into how privileged accounts are being used and distributed within our footprint."
- "CyberArk PAS is our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage."
- "Areas the product could be improved are in some of the reporting capabilities and how the reports are configured."
What is our primary use case?
CyberArk PAS is our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage.
How has it helped my organization?
The CyberArk PAS has greatly increased our insight into how privileged accounts are being used and distributed within our footprint.
What is most valuable?
- Ease of use
- The auditing capabilities
- The great support of their customer success teams
What needs improvement?
Areas the product could be improved are in some of the reporting capabilities and how the reports are configured.
For how long have I used the solution?
One to three years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Works at a energy/utilities company with 1,001-5,000 employees
The ability to write your own connectors and plugins is invaluable as far as flexibility goes
Pros and Cons
- "Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened."
- "The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes."
- "Enhanced PSM support for Java based applications."
What is our primary use case?
- Vaulting of privileged credentials.
- Used as a jump host solution.
- We wanted to keep passwords from being exposed to end users and connect them seamlessly to their target devices.
How has it helped my organization?
Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened.
What is most valuable?
The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes.
What needs improvement?
- Enhanced PSM support for Java based applications.
- Easier to use bulk uploader tools (which are already being worked on).
For how long have I used the solution?
One to three years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Global Privilege Access Management Technical Architect at a consultancy with 10,001+ employees
All access to our servers, by both staff and vendors, is monitored and recorded
Pros and Cons
- "CyberArk has resulted in a massive increase in our security footprint."
- "All access to our servers by both staff and vendors is monitored and recorded."
- "The current user interface is a little dated. However, I hear there are changes coming in the next version."
- "There is a learning curve when it comes to planning out the deployment strategy, but once it is defined, it runs itself."
What is our primary use case?
We are leveraging CyberArk to provide Windows server access management across our enterprise. All our staff is looking for access to a server and needs to use CyberArk.
How has it helped my organization?
CyberArk has resulted in a massive increase in our security footprint. All access to our servers, by both staff and vendors, is monitored and recorded.
What is most valuable?
Session recording and key logging. We can track down not only who made a change, but exactly what they changed or did.
What needs improvement?
The current user interface is a little dated. However, I hear there are changes coming in the next version.
There is a learning curve when it comes to planning out the deployment strategy, but once it is defined, it runs itself.
For how long have I used the solution?
More than five years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Security Engineer at a tech services company with 51-200 employees
Enables us to manage passwords of highly privileged accounts.
Pros and Cons
- "The product enables us manage passwords of highly privileged (service) accounts, which are not tied to a person, and they include a full audit trail and approval workflow functionality."
- "Perhaps improve the user registry integration. It is already fine, but a bit atypical."
What is most valuable?
The product enables us manage passwords of highly privileged (service) accounts. These are not tied to a person, and they include a full audit trail and approval workflow functionality.
How has it helped my organization?
Management of these accounts is typically required to prevent abuse and gain control of this.
What needs improvement?
Perhaps improve the user registry integration. It is already fine, but a bit atypical.
My experience with the product was with older versions, so this may not represent the actual case anymore. In essence, user registry integration is atypical in the sense that the product creates a copy of the user inside the product itself (to accommodate for license seat counting, I guess).
Depending upon the size of the user base and license model, it may not allow new users to log in to the platform. I doubt the vendor considers this an issue, though.
For how long have I used the solution?
I have used this for three years, including the implementation of the product
What do I think about the stability of the solution?
There were no issues with stability.
What do I think about the scalability of the solution?
There were no issues with scalability.
How is customer service and technical support?
Technical support is OK. The product is not very difficult to install, but there are some considerations that need to be taken into account. Tech support is very well aware of this.
How was the initial setup?
The initial setup was simple. It is windows based and leverages installation wizards to perform installation. Also, sufficient documentation exists to guide the setup procedure.
What's my experience with pricing, setup cost, and licensing?
Look well at the user base and frequency of use. A lot of licensing models exist, but having this clear will immediately indicate what fits best.
As for pricing, I cannot comment.
Which other solutions did I evaluate?
We did not evaluate other solutions.
What other advice do I have?
Make sure that the organization is ready and willing to adopt this, as the typical business cases cannot be addressed by the product alone.
Disclosure: My company has a business relationship with this vendor other than being a customer. We are a CyberArk business partner.
CyberArk PAS Solution Professional | Project Manager at a tech services company with 10,001+ employees
Provides automatic password management. We can monitor, record, and control sessions.
Pros and Cons
- "All features of the CyberArk PAS solution are valuable."
What is most valuable?
All features of the CyberArk PAS solution are valuable.
The Digital Vault is one of the key components of the solution along with many other great benefits. The highly secured vault stores the privileged account passwords and data files using encryption. In version v9.7, CyberArk has introduced the Cluster Vault feature, which enhances high availability of the Vault server.
Other important features:
- Automatic password management
- Monitor, record, and control privileged sessions
- Flexible architecture
- Clientless product
- Custom plug-ins for managing privileged accounts and sessions
How has it helped my organization?
Unmanaged, highly privileged accounts increase risks that can be exploited by attackers. The security controls defined by the organization require protection of the privileged account passwords. CyberArk helps organizations to identify, store, protect, and monitor the usage of privileged accounts.
What needs improvement?
An immediate improvement was the implementation of security controls to protect, control and monitor privileged accounts through CyberArk solution.
For how long have I used the solution?
I have used CyberArk for over two and a half years.
What do I think about the stability of the solution?
It’s a very stable product. I haven’t encountered any stability issues.
What do I think about the scalability of the solution?
I haven’t encountered any scalability issues. All the components are scalable.
How are customer service and technical support?
I would give technical support a rating of 4.5/5.
Which solution did I use previously and why did I switch?
This is the first PAM product that I have used.
How was the initial setup?
The initial installation was straightforward. The configuration or integration can be complex depending on the requirements, design, and infrastructure of the organization.
What's my experience with pricing, setup cost, and licensing?
The pricing and licensing depend on many factors and on the components considered for implementation.
What other advice do I have?
The PAM solution brings cultural change and adds a layer to the way IT administrators access the privileged accounts before implementing the PAM tool. A great, valuable product like CyberArk requires good planning and time to implement all the features.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
IT Security Specialist at a tech services company with 11-50 employees
Password rotation, session recording & isolation and on-demand privileges.
Pros and Cons
- "Password rotation, session recording & isolation and on-demand privileges."
- "For users to access a system via CyberArk Privileged Session Manager, a universal connector needs to be coded in a language called AutoIT and its support for web browsers is so-so. Other products like Centrify have browser plugins that can help automate the process when using their products."
What is most valuable?
Password rotation, session recording & isolation and on-demand privileges.
What needs improvement?
For users to access a system via CyberArk Privileged Session Manager, a universal connector needs to be coded in a language called AutoIT and its support for web browsers is so-so. Other products like Centrify have browser plugins that can help automate the process when using their products.
What do I think about the stability of the solution?
No
What do I think about the scalability of the solution?
No
How is customer service and technical support?
Very good.
How was the initial setup?
Basic setup is pretty straightforward, but to fully utilise the product it can get complicated as it ties in with a lot of other products. Suggest a phased installation so staff can adjust to new processes.
What's my experience with pricing, setup cost, and licensing?
It can be an expensive product. I Suggest only licensing basics to begin with and as need arises, start to license extensions (AIM, etc.) during next phase of implementation.
Which other solutions did I evaluate?
Centrify and Lieberman ERPM.
What other advice do I have?
CyberArk offers extensive training, utilise it. Also their support staff are very good and can assist with everything.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
SecArch3081IT Security Consultant and Platform Architect at a pharma/biotech company with 10,001+ employees
Real User
Have you assessed TPAM/Safeguard? (was a Dell product, now One Identity)
Buyer's Guide
Download our free Idira Privileged Access Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: July 2026
Product Categories
Privileged Access Management (PAM) User Activity Monitoring Enterprise Password Managers Mainframe Security Operational Technology (OT) SecurityPopular Comparisons
Okta Platform
Azure Key Vault
Saviynt Identity Cloud
AWS Secrets Manager
Claroty Platform
Idira Identity
Nozomi Networks
One Identity Safeguard
Idira Endpoint Privilege Manager
Delinea Secret Server
BeyondTrust Endpoint Privilege Management
HashiCorp Vault
Keeper Enterprise Password Manager
LastPass Business
Buyer's Guide
Download our free Idira Privileged Access Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- CyberArk vs. ManageEngine Password Manager Pro
- Which PAM tool do you prefer: CyberArk Privileged Access Manager, One Identity Safeguard, Delinea Secret Server, or BeyondTrust Privileged Remote A
- How does Sailpoint IdentityIQ compare with CyberArk PAM?
- What is the difference between Privileged Users and Privileged Accounts
- When evaluating Privileged Identity Management, what aspect do you think is the most important to look for?
- How was the 2020 Twitter Hack carried out? Could it have been prevented?
- Which is the best Privileged Account Management solution?
- What are the top 5 PAM solutions that can be implemented which cover both hybrid and cloud?
- What are the top 5 PAM solutions?
- Which PAM tool do you prefer: CyberArk Privileged Access Manager, One Identity Safeguard, Delinea Secret Server, or BeyondTrust Privileged Remote A
















The UI has been completely revamped in Version 10. It has a differently look and feel. We will be looking to test it in our Development landscape and possibly go to Production towards the end of the year.