We performed a comparison between CyberArk Privileged Access Manager, IBM Tivoli Access Manager [EOL], and SailPoint IdentityIQ based on real PeerSpot user reviews.
Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM)."You can easily manage more than 4000 accounts with one PSM."
"We have demoted a lot of domain admins and taken a lot of that away from people, giving it a shared account structure."
"The password management feature is valuable."
"Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment."
"I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault."
"We are utilizing CyberArk to secure applications, credentials, and endpoints."
"There are no issues with scalability. Our clients are very happy to use the product."
"Their legacy of more than 20 years is very valuable. It brings a lot of stability to the product and a wide variety of integration with the ecosystem. Because of these factors, it has also been very successful in deployment. So, the legacy and integration with other technologies make the PAM platform very stable and strong. In terms of features, most of the other vendors are still focusing just on the privileged access management or session recording, but CyberArk has incorporated artificial intelligence to make PAM a more proactive system. They have implemented threat analytics into this, and there is also a lot of focus on domain controller production, Windows Server protection, and stuff like that. They have also further advanced it with the security on the cloud and DevOps systems. They have a bundle licensing model, which really helps. They don't have a complex licensing model. Even though in our market, people say CyberArk is expensive as compared to some of the other products, but in terms of overall value and as a bundling solution, it is an affordable and highly scalable product."
"The integration effort with the end application is quite straightforward and easy."
"SAML 2.0."
"Single Sign-On functionality is valuable because the core purpose of the product is to allow universal (or bespoke) SSO for application suites."
"The Verify feature: A push method which customers are going for."
"OAuth 2 is now the de facto standard for API protection and scoped authorized delegation. IBM TAM now supports OAuth 2 and can act as fully compliant OAuth 2 authorization server."
"Provides good authorization and authentication system functionality."
"I find the built-in connectors, lifecycle management, certification, and recertification features to be the most valuable."
"The solution is stable and reliable."
"SailPoint IdentityIQ has a good and straightforward user interface. They also have a lot of resources and documentation available to understand the process."
"The solution is one of the main security products you need to control access and have visibility into what's happening in your organization. It helps with managing access to applications, ensuring governance, and obtaining certifications."
"The basic concept is most valuable. I like how they have designed the solution. They create an Identity Cube, and then they do all the processes and configuration around the Identity Cube."
"Provides functionalities for various stages, such as joiner, mover, and leaver"
"The Certification and Provisioning features are most valuable."
"When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time."
"The support services could act faster when people reach out to resolve issues."
"I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool."
"This is probably a common thing, but they do ask for a lot of log files, a lot of information. They ask you to provide a lot of information to them before they're willing to give you anything at all upfront. It would be better if they were a little more give-and-take upfront: "Why don't you try these couple of things while we take your log files and stuff and go research them?" A little bit of that might be more helpful."
"Sometimes the infrastructure team is hesitant to provide more resources."
"There should be more models and licensing plans for this software."
"We'd like to see the creation of some kind of memo field for each device account, which could be used, in our network at least, to leave a note about the device for either the security or network engineering team members."
"CyberArk has to continue to evolve with that threat landscape to make sure that they're still protecting those credentials that are owned by those that have privileged accounts in the firms."
"Multi-factor authentication with social integration needs to improve."
"Looking at their roadmap, they have a broad grasp of the security features which the industry needs."
"The self-service portal needs improvement."
"The profiling element is incredibly robust, but also equally as complex, it requires an off-site course to be able to understand the context or the plethora of options available."
"An Amazon Machine Image (AMI) for the newer appliance versions for hosting the virtual appliances on AWS will help."
"The product has poor reporting and analytic capabilities. Reports are not easy to use and its analytic capabilities are limited."
"Competitors are advancing by offering integrated solutions encompassing access and privileged access management in a single unified platform. IdentityIQ's focus has remained primarily on identity and access governance, neglecting to expand its offerings to include these additional functionalities within its existing product. Enhancing their product by incorporating modules for access management, privileged access management, and third-party access governance could address this gap."
"We faced some issues while integrating the solution with a third-party tool."
"The user interface could be slightly improved. It could be made simpler and more user-friendly, however, it is good enough right now."
"In the past, we had a lot of problems with SailPoint IdentityIQ, particularly in providing access and provisioning. There were some gaps in the operation of the solution because they were manual rather than automated, and the users and administrators were given access directly via Active Directory, and it wasn't appropriate for us at the time to use. In terms of integration, we could provide a more automated solution after a minimum number of years, but not in the SailPoint IdentityIQ platform, but there were problems in the registration, for example, with putting information inside ADP, but in general, we were able to solve those problems, and after implementing SailPoint IdentityIQ we had increased evaluations."
"They can work on their strategy for the on-premise version. They have to decide whether and for how long they will support the on-premise version. The new features first appear in the cloud, and after that, they are released for the on-premise version. In the cloud, you have more options and flexibility, which is absolutely normal. They have to have a clear strategy regarding whether they'll support the on-premises version with the same focus. The licensing for on-premise and cloud is a little bit different. They can make it the same."
"Regarding the scope for improvement in the solution, reporting is an area that can be a bit more UI-oriented."
"If you compare Saviynt and Okta Workforce Identity versus SailPoint IdentityIQ, SailPoint IdentityIQ needs to improve its UI."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
More IBM Tivoli Access Manager [EOL] Pricing and Cost Advice →
Earn 20 points