We performed a comparison between CyberArk Privileged Access Manager and Okta Workforce Identity based on real PeerSpot user reviews.
Find out in this report how the two Access Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Securely protects our TAP/NUID and privileged access accounts within the company."
"It is a central repository. Therefore, if someone needs to access a server, then they go through CyberArk PAM. It provides a secure way to do this and CyberArk PAM records everything. For example, if you are connecting to a Linux server, then once you get into the Linux server and if it is integrated with CyberArk, it will automatically start recording everything that is being done. In most banks, seeing the recordings is very useful. If there are any gaps or something has happened which shouldn't have happened, then we can check the logs and videos. So, it gives security, in a robust manner, to the organization."
"The combination of CPM and PSM resolves a lot of use cases."
"Within the solution, I love the fact that everything is recorded. The configuration capabilities are great, too."
"The password vault and session monitoring are useful."
"The solution is stable."
"The technical support for this solution is very good. If I was to rate it on a scale of one to five, I would give it a five."
"It is very simple to use."
"Enabled MFA to access federated applications as well as increased user satisfaction through improved provisioning times and more reliable processes."
"Having a single sign-on to all our applications."
"Okta integrates well with other solutions. Once you have integrated an application into Okta and onboarded a user, they will be onboarded for just-in-time provisioning."
"I am able to authenticate my users on cloud and SaaS applications such as Workday through Okta workflows."
"The solution so far has been very stable."
"The most valuable aspects of the solution are the integration with external websites one-factor authentication."
"Valuable features include UD, SSO functionality, MFA and Adaptive MFA functionality, ability to link multiple Directory databases with UD."
"They have good push authentications."
"The product is very vaulting-focused. I'd love to see it expanding its capabilities a bit further into areas like just-in-time elevation, and access with non-vaulted credentials."
"The current user interface is a little dated. However, I hear there are changes coming in the next version."
"More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet."
"It's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers."
"Sometimes the infrastructure team is hesitant to provide more resources."
"CyberArk PAM is a very broad product as everyone's requirements for implementation are different. In our particular case, the initial implementation was planned and developed by people who didn't know our specific network requirements, so the initial implementation needed to be tweaked over time. While this is normal, at the time all these "major" changes required CyberArk professional services to come in-plant and "assist" with the changes."
"It needs better documentation with more examples for the configuration files and API/REST integration"
"When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time."
"The initial setup can be complex at first."
"The only aspect in which it can be improved is that the interface could be cleaner. I found this even when I was trying to do my certification exam because the certification is hands-on. You find yourself fumbling around a little bit to find simple things. This happens even when you start to get familiar with the product."
"The guest user access could be improved."
"In some setup cases, there are issues with attributes not going in properly."
"We've not had any problems with Okta."
"There should be automated aggregation and complete classification processes included in it."
"A room for improvement in Okta Workforce Identity is its price. It could be cheaper. The biggest benefit of the solution is that everything works securely without extra steps, so you're saving on your workforce's time and effort because your applications work smoothly and securely, but you'd need to pay some amount of money for that. Another area that could be improved, though not necessarily regarding Okta Workforce Identity, is the SSO applications because so many of the source applications charge extra money to put the SSO to work, which means you have to buy a more expensive license. Nowadays, SSO is a mainstream functionality and it should be out-of-the-box in those applications because it's so easy to set up."
"The product does not offer enough integration capabilities."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 143 reviews while Okta Workforce Identity is ranked 3rd in Access Management with 58 reviews. CyberArk Privileged Access Manager is rated 8.8, while Okta Workforce Identity is rated 8.4. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Okta Workforce Identity writes "Extremely easy to work with, simple to set up, and reasonably priced ". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and One Identity Safeguard, whereas Okta Workforce Identity is most compared with Microsoft Entra ID, Google Cloud Identity, SailPoint IdentityIQ, Saviynt and Cisco Duo. See our CyberArk Privileged Access Manager vs. Okta Workforce Identity report.
See our list of best Access Management vendors.
We monitor all Access Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.