We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.
"It enables companies to automate password management on target systems gaining a more secure access management approach."
"Securely protects our TAP/NUID and privileged access accounts within the company."
"It provides an accountability to the individuals who are using it, knowing that it is audited and tracked."
"Automates password management to remove the human chain weakness."
"We also use CyberArk’s Secrets Manager. Because AWS is the biggest area for us, we have accounts in AWS that are being rotated by CyberArk. We also have a manual process for the most sensitive of our AWS accounts, like root accounts. We've used Secrets Manager on those and that has resulted in a significant risk reduction, as well."
"We are utilizing CyberArk to secure applications, credentials, and endpoints."
"Central Password Manager is useful for agentless automated password management through AD integration as well as endpoints for different devices."
"The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution."
"The user management groups are valuable. It is a pretty basic product, but user management, in general, is valuable with the ability to differentiate between business lines and add different policies, group-based management, and dynamic user groups."
"The solution is free to use and you can use it for every service."
"I would say that Azure AD's pricing is very reasonable because of the structure and in terms of the solution."
"It's a quite comprehensive solution and it scales quite well within our required scale as well, which is very useful."
"Many of its features are valuable, including: facilitating application authentication, privileged access management, processes for attestation, and access reviews."
"I like the way it communicates to the cloud."
"The portal version of the Azure active directory is pretty robust."
"Personally, I'm a great fan of Azure Active Directory due to the security and compliance features that are there in the classic or default Azure Active Directory."
"The support services could act faster when people reach out to resolve issues."
"The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots."
"The product is very vaulting-focused. I'd love to see it expanding its capabilities a bit further into areas like just-in-time elevation, and access with non-vaulted credentials."
"It is easily customized, and that customization makes it very easy to start trying to shoehorn the solution into roles it was never intended to fill."
"For users to access a system via CyberArk Privileged Session Manager, a universal connector needs to be coded in a language called AutoIT and its support for web browsers is so-so. Other products like Centrify have browser plugins that can help automate the process when using their products."
"If we could have some kind of out-of-the box feature that you can simply say "no" so they don't have to go into a development mode, that would a really helpful feature."
"This is probably a common thing, but they do ask for a lot of log files, a lot of information. They ask you to provide a lot of information to them before they're willing to give you anything at all upfront. It would be better if they were a little more give-and-take upfront: "Why don't you try these couple of things while we take your log files and stuff and go research them?" A little bit of that might be more helpful."
"We would, of course, always prefer it if the pricing was cheaper."
"The Cloud Provisioning Agent cannot provision a lot of the information that AD Connect does. For starters, the lightweight version cannot synchronize device information. If you have computers on-premises, the information about them will not be synchronized by the Cloud Provisioning Agent. In addition, if you have a user on the cloud and he changes his password, that information should be written back to the on-premises instance. But that workflow cannot be done with the lightweight agent. It can only be done with the more robust version."
"The documentation, and the way that people are notified of updates, are things that can be improved. I'm a big fan of Microsoft products but the way they document is not that great."
"Microsoft's technical support has shortcomings where improvements are required."
"They should put the features of P1 and P2 into a single license."
"The product could be more cost-effective."
"Sometimes, the notifications and alerts are not delivered properly, and we end up missing them. Also, the overall graphical user interface needs to be improved."
"The workflow management for registering new applications and users could be improved."
"Maybe there could be a dashboard view for Active Directory with some pie or bar charts on who is logged in, who is not logged in, and on the activity of each user for the past few days: whether they're active or not active."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 144 reviews while Microsoft Entra ID is ranked 1st in Access Management with 190 reviews. CyberArk Privileged Access Manager is rated 8.8, while Microsoft Entra ID is rated 8.6. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Microsoft Entra ID writes "Saves us time and money and features Conditional Access policies, SSPR, and MFA". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and ManageEngine PAM360, whereas Microsoft Entra ID is most compared with Microsoft Intune, Google Cloud Identity, Ping Identity Platform, Okta Workforce Identity and Cisco Duo. See our CyberArk Privileged Access Manager vs. Microsoft Entra ID report.
See our list of best Access Management vendors.
We monitor all Access Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.