We performed a comparison between CyberArk Privileged Access Manager, One Identity Manager, and UserLock based on real PeerSpot user reviews.
Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM)."The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used)."
"We are utilizing CyberArk to secure applications, credentials, and endpoints."
"The most valuable feature of CyberArk Privileged Access Manager is the vault. I am satisfied with the interface and the documentation."
"I appreciate the ease of use for support analysts."
"Ensures accounts are managed according to corporate policies."
"On the EBB user side, we were able to secure all the server root passwords and admin for Windows. This was a big win for us."
"Increased our insight into how privileged accounts are being used and distributed within our footprint."
"Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials."
"The product helps minimize gaps in governance coverage."
"Business roles are one way to help companies to identify job codes and position codes. It enables the grouping and automating of certain types of access for certain departments... Doing that in One Identity Manager is a very simple task and it is very well organized."
"The most valuable feature of One Identity Manager is it simplifies user-account provisioning and administration. One Identity offers a comprehensive range of solutions that cater to almost every aspect of the identity and access management domain."
"For the recertification and segregation of duties, it's easier to know all the information about our employees. If we need to delete some information, we can do it from a central point, then it can be deleted on all our searches. This is very good for GDPR."
"We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%."
"One Identity Manager connects SAP accounts to employee identities under governance. The connector from One Identity for SAP is the most powerful one in the market. This connector can touch all the levels of the objects in SAP. It can not only be connected to SAP ERP but also to SAP HANA, GRC, etc. One of the strengths of One Identity Manager is the SAP connector. You can touch a lot of the SAP environment and also have deep granularity."
"The connection with multiple systems is what makes it flexible. We can create the accounts flexibly, enabling access to other systems. In addition to Active Directory, it can extend to SAP, to Salesforce, to Office 365, etc."
"It is easy to extend the product for custom purposes."
"We mainly implemented UserLock for multi-factor authentication, but the user login insights are also nice."
"The most valuable features are two-factor authentication and real-time logon monitoring."
"Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use."
"The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA."
"There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution."
"When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time."
"The support services could act faster when people reach out to resolve issues."
"Many of the infrastructure folks who use the product dislike it because it complicates their workflow. They get a little less control, and they have to go through a specific solution. It proactively logs in for them, which obfuscates some of the issues that they may be troubleshooting."
"The usual workload is sometimes delayed by the solution."
"The admin interface of the Password Vault Web Access (PVWA) is moving from an old style (the classic interface) to a new style (the v10 interface) and unfortunately, this process is quite slow."
"The customization process should be simplified."
"In the update processes for hotfixes need improvement."
"Having new features for web developers in the One Identity Manager shop is an area for improvement. Another area for improvement in the tool is its ServiceNow connection as ServiceNow is a major ITSM system player, but the current out-of-the-box feature proposed by One Identity Manager can only make simple incident requests to the system. My company is now in full ICL design, so it prefers for all concerns or requests to be sent properly to ServiceNow, so my company can have better control over the incident requests and be able to sort those out. The tool fits all my needs today, except for the ServiceNow connector. That's the only additional feature I'd like to see in the next release of One Identity Manager."
"I would like to have more advanced features and reporting added to One Identity Manager."
"The initial setup was complex. It is an extremely complicated thing to replace an entire self-built solution."
"It would be nice to have more functionality in terms of connecting SAP systems, provisioning user accounts through SAP systems, and provisioning additional attributes."
"There are several smaller parts of the tool that have room for improvement."
"I would like it to have an easier integration with phones."
"I would like to see UserLock add the ability to automatically create a group policy in Active Directory. That might streamline the setup process."
"The product and service are already great as it is but if I could add one feature, I guess it would be nice to have another factor of authentication (two additional factors) like your phone and a token for example, for when people forget their phone at home."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
Earn 20 points