We performed a comparison between CyberArk Privileged Access Manager and SailPoint IdentityIQ based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions received high marks from users. CyberArk Privileged Access Manager has an edge over SailPoint IdentityIQ due to its advanced monitoring and reporting abilities.
"The solution is scalable."
"PSM (Privilege Session Manager."
"Ensures accounts are managed according to corporate policies."
"It is scalable."
"Within the solution, I love the fact that everything is recorded. The configuration capabilities are great, too."
"Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials."
"It has helped us with our adoption with other teams, and it has also helped us to integrate it at the ground level."
"The central password manager is the most valuable feature because the password is constantly changing. If an outsider threat came in and gained access to one of those passwords, they would not have access for long."
"Deployment takes a bit of time, however, once it's done properly, everything becomes very organized and easy to use."
"It significantly reduces the workload for certification processes."
"It is simple and easy to implement."
"It provides a lot of out-of-the-box functionalities. You don't have to do too much custom development like other solutions such as Microsoft or NetIQ. It also has a lot of out-of-the-box connectors for different sources, directories, databases, etc. Its cloud version is working very well, and its pricing is okay. Its value for money is fine for most of the customers. It is also very flexible. They have frequent new releases and patches for fixing errors and things like that."
"The first valuable feature of the solution is its interface. The second feature of the solution is the level of flexibility it provides."
"User provisioning and the role management features are good."
"It is a scalable product."
"Great product to manage the access control of users."
"What could be improved in CyberArk Privileged Access Manager is the licensing model. It should be more flexible in terms of the users. Currently, it's based on the number of users, but many users only log in once in four months or once in five months. It would be great if the licensing model could be modified based on user needs. We even have users who have not logged in even once."
"I don't know if "failed authentication" is a glitch or if that was an update... However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up. So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended." It doesn't say that anymore."
"Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together."
"They need to provide better training for the System Integrator."
"It is very complex and difficult to set up the solution."
"One of the main things that could be improved would be filtering accounts on the main page and increasing the functionality of the filters. There are some filters on the side which are very specific, but I feel there could be more."
"This product needs professional consulting services to onboard accounts effectively based user profiles."
"CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift."
"If you compare Saviynt and Okta Workforce Identity versus SailPoint IdentityIQ, SailPoint IdentityIQ needs to improve its UI."
"It tends to be more expensive, but at the end of the day, it works."
"The report functionality and dashboard of the access manager could be improved."
"SailPoint IdentityIQ could be cheaper."
"I would like for the next release to have a more user-friendly interface."
"Finding integration experts for SailPoint in the North American market can be challenging, and transitioning to a no-code or low-code setup could reduce dependence on specialized skills."
"One needs to understand that SailPoint is into full-fledged IAM practice with a long-term vision, and customers will get a quick ROI with best practices implementation."
"Some setups should be done in the interface and in the code, and could be made simpler."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews while SailPoint IdentityIQ is ranked 1st in User Provisioning Software with 61 reviews. CyberArk Privileged Access Manager is rated 8.8, while SailPoint IdentityIQ is rated 8.2. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of SailPoint IdentityIQ writes "Flexible, easy to customize, and not too difficult to set up". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and Saviynt, whereas SailPoint IdentityIQ is most compared with Saviynt, One Identity Manager, Microsoft Entra ID, ForgeRock and Microsoft Entra Permissions Management.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The two products are actually complimentary. Both companies have been very good about staying in their lanes and are their respective market leaders.
CyberArk's PAM solution is aimed at protecting privileged accounts by providing features like vaulting, credential rotation, session monitoring and recording. They also have solutions for DevOps and Secrets management.
SailPoint is an Identity Governance solution and actually manages CyberArk as an application the same way it manages accounts and privileges in SAP, AD, AAD and over 100 more applications. For CyberArk, it can add/change/delete users as well as create safes and assign users to those safes. At a user account certification time, it will show the CyberArk users and their associated privileges and allow the user's manager or other appropriate people to approve or revoke the privileged access.
SailPoint creates an Identity warehouse so that a user's accounts and entitlements are gathered, managed and reported on in a centralized manner. See Youtube for a quick explanation - SailPoint Identity Governance Integrates with CyberAek Privileged Access Security.
SailPoint does not provide the vault and session management functions that CyberArk does.
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the management of user identities, systems, data, and cloud services. It works great for Identity Access Management, specifically for cleaning up inactive and orphaned accounts. It has the joiner-mover-leaver feature.
One of the features we like is the large availability of connectors for different applications and platforms. You can also recertify an account, which is very useful. It is well suited for large companies with lots of users and applications. However, for small companies, it might be a bit of an overkill.
Sailpoint has a steep learning curve, so it is not for inexperienced users. Moreover, it doesn’t offer a lot of supporting documentation. It also doesn’t integrate well with other solutions.
We chose CyberArk despite the cost because it works great for password management. CyberArk helps manage privileged accounts and service accounts, for example, when users need to connect remotely into systems. It is especially useful for IT staff to access their privileged accounts without having to remember the passwords every time - individually and even as a group.
What we like the most about CyberArk is the ease of use and effectiveness in managing privileged accounts. For instance, it automatically changes the passwords for privileged accounts and reconciles and verifies passwords. New users can obtain secure credentials with minimal time and effort.
The initial cost is high, which can be a bit of a stretch for small organizations. It also has high requirements for the initial setup and is difficult to customize. The performance could be faster.
Conclusions
While Sailpoint IdentityIQ is a very good privileged account solution, CyberArk is better suited for us because of its ease of use and efficiency in password management.