We performed a comparison between CyberArk Privileged Access Manager and SailPoint IdentityIQ based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions received high marks from users. CyberArk Privileged Access Manager has an edge over SailPoint IdentityIQ due to its advanced monitoring and reporting abilities.
"The Vault offers great capabilities for structuring and accessing data."
"Helped us meet our standards and requirements to help us comply with industry standards and banking regulations."
"It is a robust product."
"It allows users to self-provision access to the accounts that they need."
"CyberArk has been easy for us to implement and the adoption has been good. We've been able to standardize a bunch of things. We've been able to standardize relatively easily with the use of the platforms and managing the policies."
"We are utilizing CyberArk to secure applications, credentials, and endpoints."
"It is very simple to use."
"The credentials management capability is key to ensuring that the credentials are kept secure and that access to them is done on a temporary and event-driven basis."
"It is a scalable product."
"Great product to manage the access control of users."
"The level of customization for data imports and role modeling, because it helps to integrate faster, support easier and let it reuse the organization role structure."
"Access certification and provisioning are two of the solutions most valuable features."
"I find the built-in connectors, lifecycle management, certification, and recertification features to be the most valuable."
"The Certification and Provisioning features are most valuable."
"A feature of SailPoint IdentityIQ that I like best is that it has good integration with other platforms. My company is using ADP here in Brazil, and SailPoint IdentityIQ works very, very well with it. My company is also using the solution for governance evaluation, segregation, and other access tests. For my company, SailPoint IdentityIQ is a very important solution, especially because it's automated, and there's a huge audit and risk issue here in Brazil."
"The basic concept is most valuable. I like how they have designed the solution. They create an Identity Cube, and then they do all the processes and configuration around the Identity Cube."
"The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA."
"Some of the additional features that we are looking at are in the Conjur product. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines."
"The solution should be able to mitigate internal threats"
"There is a lot of room for improvement in the report section. I also work on other tools, such as Thycotic, which allows you to create customized reports for your organization's needs. In CyberArk, there are limited reports, whereas in Thycotic or some of the other PAM tools, because the database is different, you can customize the report based on your needs through SQL queries."
"The usual workload is sometimes delayed by the solution."
"More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet."
"If you are an administrator or architect, then the solution is kind of complicated, as it is mostly focused on the end user. So, they need to also focus on the people who are implementing it."
"The initial setup of CyberArk is a challenge if you do not have prior experience with it."
"The interface should be simple and easier to use."
"It allowed to implement the automated processes when a new employee is hired. It allows to have a main central process for new hires."
"Needs to focus on automation wherein provisioning of work can be improved and access certification should be automated without the intervention from a manager for approval."
"The advanced provisioning features require more improvement."
"It tends to be more expensive, but at the end of the day, it works."
"The UI of the solution could be more customizable so we could change the workflows to suit our needs."
"We have had a lot of service breaks because of the lack of support."
"There's a lot of customization required to improve the user experience."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
More SailPoint Identity Security Cloud Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 144 reviews while SailPoint Identity Security Cloud is ranked 1st in User Provisioning Software with 62 reviews. CyberArk Privileged Access Manager is rated 8.8, while SailPoint Identity Security Cloud is rated 8.2. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of SailPoint Identity Security Cloud writes "Flexible, easy to customize, and not too difficult to set up". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and ARCON Privileged Access Management, whereas SailPoint Identity Security Cloud is most compared with Saviynt, One Identity Manager, Microsoft Entra ID, ForgeRock and Omada Identity.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The two products are actually complimentary. Both companies have been very good about staying in their lanes and are their respective market leaders.
CyberArk's PAM solution is aimed at protecting privileged accounts by providing features like vaulting, credential rotation, session monitoring and recording. They also have solutions for DevOps and Secrets management.
SailPoint is an Identity Governance solution and actually manages CyberArk as an application the same way it manages accounts and privileges in SAP, AD, AAD and over 100 more applications. For CyberArk, it can add/change/delete users as well as create safes and assign users to those safes. At a user account certification time, it will show the CyberArk users and their associated privileges and allow the user's manager or other appropriate people to approve or revoke the privileged access.
SailPoint creates an Identity warehouse so that a user's accounts and entitlements are gathered, managed and reported on in a centralized manner. See Youtube for a quick explanation - SailPoint Identity Governance Integrates with CyberAek Privileged Access Security.
SailPoint does not provide the vault and session management functions that CyberArk does.
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the management of user identities, systems, data, and cloud services. It works great for Identity Access Management, specifically for cleaning up inactive and orphaned accounts. It has the joiner-mover-leaver feature.
One of the features we like is the large availability of connectors for different applications and platforms. You can also recertify an account, which is very useful. It is well suited for large companies with lots of users and applications. However, for small companies, it might be a bit of an overkill.
Sailpoint has a steep learning curve, so it is not for inexperienced users. Moreover, it doesn’t offer a lot of supporting documentation. It also doesn’t integrate well with other solutions.
We chose CyberArk despite the cost because it works great for password management. CyberArk helps manage privileged accounts and service accounts, for example, when users need to connect remotely into systems. It is especially useful for IT staff to access their privileged accounts without having to remember the passwords every time - individually and even as a group.
What we like the most about CyberArk is the ease of use and effectiveness in managing privileged accounts. For instance, it automatically changes the passwords for privileged accounts and reconciles and verifies passwords. New users can obtain secure credentials with minimal time and effort.
The initial cost is high, which can be a bit of a stretch for small organizations. It also has high requirements for the initial setup and is difficult to customize. The performance could be faster.
Conclusions
While Sailpoint IdentityIQ is a very good privileged account solution, CyberArk is better suited for us because of its ease of use and efficiency in password management.