We performed a comparison between CyberArk Privileged Access Manager, IBM Tivoli Access Manager [EOL], and PingID based on real PeerSpot user reviews.
Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM)."What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users."
"It supports lots of requirements in the privileged access management area."
"It is an extremely scalable solution."
"The technical support is good."
"Securely protects our TAP/NUID and privileged access accounts within the company."
"Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment."
"The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task."
"It is one of the best solutions in the market. Ever since I started using this solution, there has not been any compromise when it comes to our lab."
"SAML 2.0."
"OAuth 2 is now the de facto standard for API protection and scoped authorized delegation. IBM TAM now supports OAuth 2 and can act as fully compliant OAuth 2 authorization server."
"Single Sign-On functionality is valuable because the core purpose of the product is to allow universal (or bespoke) SSO for application suites."
"The integration effort with the end application is quite straightforward and easy."
"The Verify feature: A push method which customers are going for."
"It provides ease of connecting all our devices."
"The only feature we were looking for in PingID was SSO integration with our existing web app."
"We use the product to run different reports."
"The solution is stable. We haven't experienced any bugs or glitches."
"I like the self-service feature. The 502 and UBP systems are also excellent. PingID's ability to authenticate with SSH, RDP, and Windows login is pretty handy. It covers the entire spectrum of use."
"I find the auto-discovery feature the most valuable. It helps us automate a lot of things using a single password across applications."
"It is a scalable solution...It is a stable solution."
"What I like best about PingID is that it's very user-friendly. PingID is well-built as a developer tool and regularly upgrades and updates via patches. I also like that PingID has clear documents that will help you integrate it with other solutions."
"Sometimes the infrastructure team is hesitant to provide more resources."
"If you are an administrator or architect, then the solution is kind of complicated, as it is mostly focused on the end user. So, they need to also focus on the people who are implementing it."
"CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well."
"In the beginning, CyberArk Privileged Access Manager didn't have a multifactor authentication feature, so that was an area for improvement, but now it's part of the solution. Having just one console for two CyberArk products would be good, particularly for the CyberArk Privileged Access Manager and the CyberArk Endpoint Privilege Manager, with the latter being a product for endpoint management that supports the workstations and allows you to manage workstations. In the next update of CyberArk Privileged Access Manager, it would be good to have a local agent where you can manage all users and processes, and have an agent on the servers such as Linux and Windows."
"We had an issue with the Copy feature... Apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it."
"The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots."
"I don't know if "failed authentication" is a glitch or if that was an update... However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up. So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended." It doesn't say that anymore."
"I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine."
"Looking at their roadmap, they have a broad grasp of the security features which the industry needs."
"Multi-factor authentication with social integration needs to improve."
"The profiling element is incredibly robust, but also equally as complex, it requires an off-site course to be able to understand the context or the plethora of options available."
"The self-service portal needs improvement."
"An Amazon Machine Image (AMI) for the newer appliance versions for hosting the virtual appliances on AWS will help."
"PingID would benefit from a better user interface for integration."
"We have encountered instances where it is not easy to do authentication."
"If the solution is going to compete with Microsoft, they need to offer more unique functionality to keep their current user base."
"The management console needs to be improved. PingID should revise it."
"In the beginning, the initial setup was very complex."
"They could use some bio-certification. It's just more user-friendly and more convenient than entering the one time passes. That would be an improvement."
"I think that the connection with like Microsoft Word, especially for Office 365, is a weak point that could be improved."
"The product is not customizable."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
More IBM Tivoli Access Manager [EOL] Pricing and Cost Advice →
Earn 20 points
