We performed a comparison between CyberArk Privileged Access Manager and SailPoint IdentityIQ based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions received high marks from users. CyberArk Privileged Access Manager has an edge over SailPoint IdentityIQ due to its advanced monitoring and reporting abilities.
"CyberArk Privileged Access Manager is stable."
"The implementation of the PSM proxy has reduced the specific risk of "insider attacks" on our domain controllers and SLDAP servers by eliminating direct user login by an open secure connection on the user's behalf without ever revealing the privileged credentials."
"Automates password management to remove the human chain weakness."
"Password rotation, session recording & isolation and on-demand privileges."
"Because we now have the ability to grant access to management utilities like DNS Manager, Sequel Studio, and MMC, in a secure fashion, without system admins being required to continually reenter various passwords that are stored who knows where, it has really made the system admin's job much easier. It has made the PSM's job much easier. It has made the auditor's job and the security team's job and the access manager's job significantly easier, because we're able to move much more quickly toward a role-based access management system, and that is really streamlining the whole onboarding/offboarding management process."
"The users have the ability to rotate passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically."
"The solution helps our developers access internal systems. It also helps us in Privilege Access Management."
"It enables us to secure accounts and make sure they are compliant."
"Security and administration for any new/current access."
"Access certification and provisioning are two of the solutions most valuable features."
"What I like most about SailPoint IdentityIQ is that it's simple to use and easy to configure and deploy."
"The solution’s stability and performance are good."
"This solution has improved our organization through its ease of application onboarding, approvals, provisioning, and lifecycle UI performance."
"This solution is great for providing control access across your environment."
"User provisioning and the role management features are good."
"The solution is one of the main security products you need to control access and have visibility into what's happening in your organization. It helps with managing access to applications, ensuring governance, and obtaining certifications."
"It should be easy to use for non-technical people. Its interface can be a bit difficult. Some parts of its interface are not very intuitive. Some of the controls are hidden, and instead of having a screen with all the controls for that account on it, you have to use menus and other similar things."
"If you are an administrator or architect, then the solution is kind of complicated, as it is mostly focused on the end user. So, they need to also focus on the people who are implementing it."
"We need a bit more education for our user community because they are not using it to its capabilities."
"Sometimes the infrastructure team is hesitant to provide more resources."
"There should be more models and licensing plans for this software."
"The solution should be able to mitigate internal threats"
"They can do a better job in the PSM space."
"Some aspects of the administration need improvement, though they have recently made improvements to the API. However, the management with the interface and configuration are not so user-friendly. It has not changed much during all the years that CyberArk has been on the market. The management part, like platform management as well as PSM connectors definition and management, could be improved, even if it has already been done with the API."
"The connector for EPIC, ServiceNow, and Duo."
"SailPoint IdentityIQ could be cheaper."
"The user interface could be slightly improved. It could be made simpler and more user-friendly, however, it is good enough right now."
"The solution, in general, is quite expensive."
"Finding integration experts for SailPoint in the North American market can be challenging, and transitioning to a no-code or low-code setup could reduce dependence on specialized skills."
"It is too technical. You need really good technical skills in Java and other technologies, which are hard to find. If they can make it easier so that things can be done with a few clicks, it will be great."
"The report functionality and dashboard of the access manager could be improved."
"They can work on their strategy for the on-premise version. They have to decide whether and for how long they will support the on-premise version. The new features first appear in the cloud, and after that, they are released for the on-premise version. In the cloud, you have more options and flexibility, which is absolutely normal. They have to have a clear strategy regarding whether they'll support the on-premises version with the same focus. The licensing for on-premise and cloud is a little bit different. They can make it the same."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
More SailPoint Identity Security Cloud Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 144 reviews while SailPoint Identity Security Cloud is ranked 1st in User Provisioning Software with 62 reviews. CyberArk Privileged Access Manager is rated 8.8, while SailPoint Identity Security Cloud is rated 8.2. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of SailPoint Identity Security Cloud writes "Flexible, easy to customize, and not too difficult to set up". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and ARCON Privileged Access Management, whereas SailPoint Identity Security Cloud is most compared with Saviynt, One Identity Manager, Microsoft Entra ID, ForgeRock and Omada Identity.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The two products are actually complimentary. Both companies have been very good about staying in their lanes and are their respective market leaders.
CyberArk's PAM solution is aimed at protecting privileged accounts by providing features like vaulting, credential rotation, session monitoring and recording. They also have solutions for DevOps and Secrets management.
SailPoint is an Identity Governance solution and actually manages CyberArk as an application the same way it manages accounts and privileges in SAP, AD, AAD and over 100 more applications. For CyberArk, it can add/change/delete users as well as create safes and assign users to those safes. At a user account certification time, it will show the CyberArk users and their associated privileges and allow the user's manager or other appropriate people to approve or revoke the privileged access.
SailPoint creates an Identity warehouse so that a user's accounts and entitlements are gathered, managed and reported on in a centralized manner. See Youtube for a quick explanation - SailPoint Identity Governance Integrates with CyberAek Privileged Access Security.
SailPoint does not provide the vault and session management functions that CyberArk does.
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the management of user identities, systems, data, and cloud services. It works great for Identity Access Management, specifically for cleaning up inactive and orphaned accounts. It has the joiner-mover-leaver feature.
One of the features we like is the large availability of connectors for different applications and platforms. You can also recertify an account, which is very useful. It is well suited for large companies with lots of users and applications. However, for small companies, it might be a bit of an overkill.
Sailpoint has a steep learning curve, so it is not for inexperienced users. Moreover, it doesn’t offer a lot of supporting documentation. It also doesn’t integrate well with other solutions.
We chose CyberArk despite the cost because it works great for password management. CyberArk helps manage privileged accounts and service accounts, for example, when users need to connect remotely into systems. It is especially useful for IT staff to access their privileged accounts without having to remember the passwords every time - individually and even as a group.
What we like the most about CyberArk is the ease of use and effectiveness in managing privileged accounts. For instance, it automatically changes the passwords for privileged accounts and reconciles and verifies passwords. New users can obtain secure credentials with minimal time and effort.
The initial cost is high, which can be a bit of a stretch for small organizations. It also has high requirements for the initial setup and is difficult to customize. The performance could be faster.
Conclusions
While Sailpoint IdentityIQ is a very good privileged account solution, CyberArk is better suited for us because of its ease of use and efficiency in password management.