We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.
"CyberArk has been easy for us to implement and the adoption has been good. We've been able to standardize a bunch of things. We've been able to standardize relatively easily with the use of the platforms and managing the policies."
"It is useful for protecting passwords. If you need to do access security management, you can first use the CyberArk console, and after that, you can connect the firewall interface or firewall command line. Similarly, if you need to do an RDP session, you need to first log in to CyberArk before connecting to the Windows RDP session. This way, the admin doesn't know the password, and that password is changed immediately. To change the password, you first discover the old password in the network, and after that, you can change the password."
"We like it for the ability to automatically change passwords. At least for my group, that's the best thing."
"I like the integrations for external applications."
"The product is an important security measure against credential theft. It ensures session isolation and password rotation including pushing passwords to the endpoints."
"You can easily manage more than 4000 accounts with one PSM."
"The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out."
"I find value in notifications from CyberArk when passwords fail verification and have other issues."
"A use case that we did for an end user in a manufacturing organization: We used WVD with biometric authentication because 1,500 processes need to happen in a process. The user didn't want to use a login using their credentials. They wanted to use fingerprinting or tap their ID. That is where we integrated with the authentication. Now, they can process in a couple of hours, and they run those 1,500 processes every day. This changed their login process, which improved the manufacturing process. This helped a lot for their high deployment."
"The most valuable feature is the ability to set up conditional access, where you can enforce users to connect using multifactor authentication."
"The solution adds an extra layer of security."
"Don't delay implementing this solution, it's the best thing you can do for your identity protection."
"It's a very intuitive platform. It's easy to create groups and add people."
"The most important things of Azure Active Directory are the security and the facility to manage all the services and users. It is very easy to manage users and assign roles, permissions, and access. At the same time, it is a very secure environment. Microsoft takes security very seriously. They take care of all the security and all the factors to prevent any kind of data or information compromise."
"Privilege identity management is the most valuable feature."
"Single sign-on provides flexibility and helps because users don't want to remember so many passwords when logging in. It's a major feature. Once you log in, you have access to all the applications. It also enables us to provide backend access controls to our users, especially when it comes to groups, as we are trying to normalize things."
"Some aspects of the administration need improvement, though they have recently made improvements to the API. However, the management with the interface and configuration are not so user-friendly. It has not changed much during all the years that CyberArk has been on the market. The management part, like platform management as well as PSM connectors definition and management, could be improved, even if it has already been done with the API."
"Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together."
"I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides."
"As a customer, I might need a plugin for a specific product, or an application, and CyberArk might have already worked with some other client on it. There has to be some platform where it is available for everybody else to go and grab it, instead of my having to reinvent the wheel."
"The current interface doesn't scale that well, and has some screens still in the old layout."
"I don't know if "failed authentication" is a glitch or if that was an update... However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up. So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended." It doesn't say that anymore."
"The usual workload is sometimes delayed by the solution."
"It's hard to find competent resellers/support."
"They have had a few outages, so stability is a little bit of an issue. It is global. That is the thing. I know some of the other competitors are regionalized ID platforms, but Entra ID is global, so when something goes wrong, it is a problem because it underpins everything, whether you are logging in to M365 or you have single sign-on to Azure, Autopilot, Intune, Exchange mailbox or another application. If there is a problem with Entra ID, all of that falls apart, so its great strength and weakness is the global single tenant for it. Stability is a key area for me. Otherwise, it is generally pretty good."
"Microsoft Entra ID's impact on access and identity management is relatively limited."
"Something that can be improved is their user interface"
"From an admin perspective, I would like to see improvement in the Microsoft Graph API."
"The conditional access rules are a little limiting. There's greater scope for the variety of rules and conditions you could put in that rules around a more factual authentication for other users. If you have an Azure AD setup, you can then connect to other people's Azure AD, but you don't have a huge amount of control in terms of what you can do. Greater control over guest users and guest access would be better. It's pretty good as it is but that could be improved."
"Azure Active Directory could improve the two-factor authentication."
"From time to time it takes a little bit of time to replicate, with some of the applications—something like five to 10 minutes. I know that the design is not supposed to enable real-time replication with some of the applications. But, as an administrator, I would like to run a specific change or modification in Azure Active Directory and see it replicated almost immediately."
"I rate Microsoft support five out of 10. It's just okay."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews while Microsoft Entra ID is ranked 1st in Access Management with 190 reviews. CyberArk Privileged Access Manager is rated 8.8, while Microsoft Entra ID is rated 8.6. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Microsoft Entra ID writes "Allows users to authenticate from home and has excellent integrations in a simple, stable solution". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and Zscaler Internet Access, whereas Microsoft Entra ID is most compared with Microsoft Intune, Google Cloud Identity, Yubico YubiKey, Cisco Duo and Auth0. See our CyberArk Privileged Access Manager vs. Microsoft Entra ID report.
See our list of best Access Management vendors.
We monitor all Access Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
