We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.
"The combination of CPM and PSM resolves a lot of use cases."
"We like it for the ability to automatically change passwords. At least for my group, that's the best thing."
"The product is an important security measure against credential theft. It ensures session isolation and password rotation including pushing passwords to the endpoints."
"The most important feature is managing the credentials and implementing those policies which rotate the credentials. Session Manager is also key in not letting the users have access to those credentials. Instead, CyberArk actually manages everything by itself."
"Our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage."
"It has the ability to scale out. We have scaled out quite a bit with our product and use of it to get to multiple locations and businesses, so it has the breadth to do that."
"On the EBB user side, we were able to secure all the server root passwords and admin for Windows. This was a big win for us."
"Allows secure, logged access to highly sensitive servers and services."
"The most valuable feature is that it is very easy to implement, you don't need a lot of effort to set up the solution. This is the most advantageous point, that you can do anything on Azure without taking too much time."
"The single sign-on across multiple platforms is really the true advantage here. That gives you one ID and password for access to all your systems. You don't need to manage a plethora of different user IDs and passwords to all the systems that you're going to access."
"The most valuable feature is the conditional access policies. This gives us the ability to restrict who can access which applications or the portal in specific ways."
"The solution allows users to authenticate from home, and the Office 360 integration is advantageous."
"What I like is that I can go anywhere, at any time, and to any client premise, and I can simply log in to the admin panel and can serve any of my clients."
"It is very simple. The Active Directory functions are very easy for us. Its integration with anything is very easy. We can easily do third-party multifactor authentication."
"I would say that Azure AD's pricing is very reasonable because of the structure and in terms of the solution."
"It is cloud based so it is always updated,"
"It's hard to find competent resellers/support."
"CyberArk Privileged Access Manager could improve the integration with other solutions and ease of use. Additionally, there should be a feature to have remote connections without a VPN."
"In the beginning, CyberArk Privileged Access Manager didn't have a multifactor authentication feature, so that was an area for improvement, but now it's part of the solution. Having just one console for two CyberArk products would be good, particularly for the CyberArk Privileged Access Manager and the CyberArk Endpoint Privilege Manager, with the latter being a product for endpoint management that supports the workstations and allows you to manage workstations. In the next update of CyberArk Privileged Access Manager, it would be good to have a local agent where you can manage all users and processes, and have an agent on the servers such as Linux and Windows."
"I would like to see is the policy export and import. When we expend, we do not want to just hand do a policy."
"Areas the product could be improved are in some of the reporting capabilities and how the reports are configured."
"The web access piece needs improvement. We have version 9.5 or 9.9.5, and now we have to upgrade to version 10."
"CyberArk PAM is a very broad product as everyone's requirements for implementation are different. In our particular case, the initial implementation was planned and developed by people who didn't know our specific network requirements, so the initial implementation needed to be tweaked over time. While this is normal, at the time all these "major" changes required CyberArk professional services to come in-plant and "assist" with the changes."
"It's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers."
"It would be ideal if the solution moved to a passwordless type of environment. It's the future of authentification. It's also more secure and convenient."
"The integration between the Azure active directory and the traditional active directory could be improved upon."
"The product could be more cost-effective."
"The role-based access control can be improved. Normally, the role-based access control has different privileges. Each role, such as administrator or user, has different privileges, and the setup rules for them should be defined automatically rather than doing it manually."
"The downside of using a single password to access the entire system is that if those credentials are compromised, the hacker will have full access."
"I would like it if Intune could manage MacOS or iOS directly. Right now, we have to use a third-party solution."
"I would like them to improve the dashboard by presenting the raw data in a more visual way for the logs and events. That would help us understand the reports better."
"We have a custom solution now running to tie all those Azure ADs together. We use the B2B functionality for that. Improvements are already on the roadmap for Azure AD in that area. I think they will make it easier to work together between two different tenants in Azure AD, because normally one tenant is a security boundary. For example, company one has a tenant and company two has a tenant, and then you can do B2B collaboration between those, but it is still quite limited. For our use case, it is enough currently. However, if we want to extend the collaboration even further, then we need an easier way to collaborate between two tenants, but I think that is already on the roadmap of Azure AD anyway."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews while Microsoft Entra ID is ranked 1st in Access Management with 190 reviews. CyberArk Privileged Access Manager is rated 8.8, while Microsoft Entra ID is rated 8.6. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Microsoft Entra ID writes "Allows users to authenticate from home and has excellent integrations in a simple, stable solution". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and Zscaler Internet Access, whereas Microsoft Entra ID is most compared with Microsoft Intune, Google Cloud Identity, Yubico YubiKey, Cisco Duo and Auth0. See our CyberArk Privileged Access Manager vs. Microsoft Entra ID report.
See our list of best Access Management vendors.
We monitor all Access Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.