We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.
"Right off the bat, the most valuable feature is the DNA scan. It gives us the ability to scan our environment and find the accounts that we're going to need to take under control."
"It is very simple to use."
"The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task."
"The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution."
"It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."
"The threat analytics is an important feature."
"What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users."
"All access to our servers by both staff and vendors is monitored and recorded."
"The visibility and control for permission management are excellent."
"The user management groups are valuable. It is a pretty basic product, but user management, in general, is valuable with the ability to differentiate between business lines and add different policies, group-based management, and dynamic user groups."
"It has things like conditional access. For example, if someone is accessing sensitive information, then we could force them to do multi-factor authentication. Therefore, we can stop access if it is coming from a location that we did not expect."
"With Azure Active Directory we were able to manage with different options the access for different users."
"If you want to replicate a website at the frontend in Azure, it's very easy to do it globally."
"This product is easy to use."
"It's a very scalable solution."
"Being able to easily authenticate yourself on the MSA app is valuable. It is easy to use. Rather than receiving a code in an SMS, you can just verify that it is you. You don't have to punch in any password or any six-digit code. That's the feature that I like the most."
"We had an issue with the Copy feature... Apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it."
"Areas the product could be improved are in some of the reporting capabilities and how the reports are configured."
"More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet."
"CyberArk has to continue to evolve with that threat landscape to make sure that they're still protecting those credentials that are owned by those that have privileged accounts in the firms."
"We would, of course, always prefer it if the pricing was cheaper."
"It needs better documentation with more examples for the configuration files and API/REST integration"
"Sometimes the infrastructure team is hesitant to provide more resources."
"Performance of PIM could be better and intended for usability as well as security."
"The technical support has room for improvement."
"Adding a new account can be tricky."
"They can improve how people manage their accounts. They can simplify and provide more information about adding or updating a phone number or email id in the MSA account. A lot of time users do get confused about where to go. For example, if I've changed my mobile number, where do I go and change my mobile number in the MSA account? A lot of time, employees think if they change the phone number in the HR database, it'll automatically get changed on the MSA account, which is not the case. Microsoft can simplify that and add these questions in the FAQ documents as well."
"Sometimes, the notifications and alerts are not delivered properly, and we end up missing them. Also, the overall graphical user interface needs to be improved."
"When you fix the rules and permissions, working directly on the manifest, you really need to have in-depth knowledge. If there were a graphical user interface to update the manifest, that would be good."
"The only issue with Azure AD is that it doesn't have control over the wifi network. You have to do something more to have a secure wifi network. To have it working, you need an active directory server on-premises to take care of the networks."
"The onboarding process for new users can be improved. It can be made simpler for people who have never registered to Azure AD previously and need to create an account and enable the MFA. The initial setup can be made simpler for non-IT people. It should be a bit simpler to use. Unless you get certifications, such as AZ-300 and AZ-301, it is not a simple thing to use at the enterprise scale."
"Having more training would be quite helpful."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 144 reviews while Microsoft Entra ID is ranked 1st in Access Management with 190 reviews. CyberArk Privileged Access Manager is rated 8.8, while Microsoft Entra ID is rated 8.6. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Microsoft Entra ID writes "Saves us time and money and features Conditional Access policies, SSPR, and MFA". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and ManageEngine PAM360, whereas Microsoft Entra ID is most compared with Microsoft Intune, Google Cloud Identity, Okta Workforce Identity, Cisco Duo and Yubico YubiKey. See our CyberArk Privileged Access Manager vs. Microsoft Entra ID report.
See our list of best Access Management vendors.
We monitor all Access Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.