We performed a comparison between CyberArk Privileged Access Manager and One Identity Manager based on real PeerSpot user reviews.
Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM)."I found it valuable that CyberArk Privileged Access Manager can be integrated with PTA (privileged threat analytics), and this means that it will tell you if there's a risk to the logins and signs of risk and if risky behavior is observed. It's a good feature. Another good feature is the CPM (central password manager) because it helps you rotate the passwords automatically without involving the admins. It can go and update the scheduled tasks and the services. At the same time, if there's an application where it cannot do all of these, CPM will trigger an automatic email to the application owners, telling them that they should go ahead and change the password. This allows you to manage the account password that CyberArk cannot manage, which helps mitigate the risk of old passwords, where the password gets compromised, and also allows you to manage the security of the domain."
"Lessens the risk with privileged access."
"The regulation of accounts is by far the most needed and valuable part of the application."
"It has helped from an auditing perspective identify who has access to privileged accounts."
"The product is an important security measure against credential theft. It ensures session isolation and password rotation including pushing passwords to the endpoints."
"You can gradually implement CyberArk, starting with more easily attainable goals."
"We are utilizing CyberArk to secure applications, credentials, and endpoints."
"Their legacy of more than 20 years is very valuable. It brings a lot of stability to the product and a wide variety of integration with the ecosystem. Because of these factors, it has also been very successful in deployment. So, the legacy and integration with other technologies make the PAM platform very stable and strong. In terms of features, most of the other vendors are still focusing just on the privileged access management or session recording, but CyberArk has incorporated artificial intelligence to make PAM a more proactive system. They have implemented threat analytics into this, and there is also a lot of focus on domain controller production, Windows Server protection, and stuff like that. They have also further advanced it with the security on the cloud and DevOps systems. They have a bundle licensing model, which really helps. They don't have a complex licensing model. Even though in our market, people say CyberArk is expensive as compared to some of the other products, but in terms of overall value and as a bundling solution, it is an affordable and highly scalable product."
"The company policies feature is really good because in workflows you can check whether the policies are all working."
"The most valuable features are centralized Identity Management, robust Access Governance, and One Identity Manager workflow automation."
"The short version is that we gained significant insight into the issues of access governance. This allowed us to turn an auditing nightmare into praise from our auditors."
"The most valuable features include the automated attestations or recertification... The time that people have to focus on their real jobs and not spend it doing recertifications is huge."
"Its flexibility is the most valuable feature, the way we can customize the user interface and the workflow processes."
"For me, personally, the automation is the most valuable feature. I don't have to do things manually, like creating user accounts and provisioning them to the target systems."
"The most valuable feature is the JML. Unlike other identity manager tools, the JML is more customizable, making it easier to find."
"The Data Importer is a great tool to create an ETL. It generates code which is easy to maintain later without the tool."
"Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use."
"The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA."
"I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool."
"The issue of technical support is crucial, as there are not many specialized partners available in Brazil to provide this service. While English language support is of good quality, there is a significant shortage of partners capable of meeting the demand locally."
"It should be easy to use for non-technical people. Its interface can be a bit difficult. Some parts of its interface are not very intuitive. Some of the controls are hidden, and instead of having a screen with all the controls for that account on it, you have to use menus and other similar things."
"They need to provide better training for the System Integrator."
"Many of the infrastructure folks who use the product dislike it because it complicates their workflow. They get a little less control, and they have to go through a specific solution. It proactively logs in for them, which obfuscates some of the issues that they may be troubleshooting."
"The current interface doesn't scale that well, and has some screens still in the old layout."
"A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement. I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager. Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager."
"Make the logging and debugging easier to find, because I'm always confused, "Where do I have to go to turn this log on if I want to see it?""
"The support for DevOps could be improved with quick delivery cycles and multiple delivery streams."
"End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes."
"The performance could be better. I also think One Identity could improve its documentation for developers. Many of One Identity's features aren't fully documented. We don't have enough information on how to use them."
"One Identity has a self-service portal but many customers need a helpdesk where they can go in and request. To make that happen we need to do a lot of customization. Maybe that could be improved..."
"It would be nice to have more functionality in terms of connecting SAP systems, provisioning user accounts through SAP systems, and provisioning additional attributes."
"One of the things we would like is the ability to have more than one system role manager. That would be nice. For example, when people are on vacation, sometimes it gets a little hard to administrate system roles."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 144 reviews while One Identity Manager is ranked 3rd in Identity Management (IM) with 77 reviews. CyberArk Privileged Access Manager is rated 8.8, while One Identity Manager is rated 8.0. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of One Identity Manager writes "The JML is customizable but the support team isn't strong". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and One Identity Safeguard, whereas One Identity Manager is most compared with SailPoint Identity Security Cloud, Oracle Identity Governance, EVOLVEUM midPoint, Cisco ISE (Identity Services Engine) and ForgeRock.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.