We performed a comparison between CyberArk Privileged Access Manager and One Identity Safeguard based on real PeerSpot user reviews.
Find out in this report how the two Privileged Access Management (PAM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We also use CyberArk’s Secrets Manager. Because AWS is the biggest area for us, we have accounts in AWS that are being rotated by CyberArk. We also have a manual process for the most sensitive of our AWS accounts, like root accounts. We've used Secrets Manager on those and that has resulted in a significant risk reduction, as well."
"The integrations are the most valuable aspect of CyberArk Privileged Access Manager. The software offers pre-built integrations, and our team can also create custom connectors. This flexibility allows us to integrate with systems that we previously didn't consider integrating with, making it a significant advantage for us."
"CyberArk is not just an IT security or cybersecurity tool. It's also an administrator tool. I had a fair number of systems where the passwords were not fully managed by CyberArk yet, and they were expiring every 30 or 45 days. I was able to get management turned on for those accounts. From an administrator perspective, I didn't have to go back into those systems and manually change those passwords anymore. CyberArk... lightened the load on our administrative work."
"I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes that can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors."
"Provides improved security around having your credentials locked down and rotated regularly."
"It is very simple to use."
"Increased our insight into how privileged accounts are being used and distributed within our footprint."
"On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need."
"The most unique and valuable features are the upstream and downstream throughput capacities; the Safeguard platform provides agile integration. In actuality, all the features are valuable. They're good, user-friendly."
"I like the discovery functionality and the change password feature through the check-in. I also like the bulk import with the help of templates that come with it out of the box. With the help of these few features, my tasks are made easier."
"We don't need to use VPN for remote access."
"All the features are promising, but we love the reporting feature because we can get each and every report. That's a major compliance requirement. Its reporting is really amazing, and it has made life a lot easier."
"The transparent mode for privileged sessions is a very good solution."
"We deployed it into our company for controlling a client's behavior in our data center. It is very useful to control their connections, such as RDP."
"It's a good solution for managing identities under OneFile for authorization."
"The monitoring system is very good."
"The usual workload is sometimes delayed by the solution."
"This is probably a common thing, but they do ask for a lot of log files, a lot of information. They ask you to provide a lot of information to them before they're willing to give you anything at all upfront. It would be better if they were a little more give-and-take upfront: "Why don't you try these couple of things while we take your log files and stuff and go research them?" A little bit of that might be more helpful."
"Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge."
"Sometimes the infrastructure team is hesitant to provide more resources."
"More than the product itself, there is room for improvement in the documentation. The documentation should be very detailed and very structured. It has a lot of good information, on one level, but I feel that it could be more elaborate and more structured."
"The authentication port is available in CyberArk Alero but not Fortinet products."
"The documentation is rather basic and it is missing many use cases."
"I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides."
"We have issues using Safeguard to connect to and record from the cloud. Currently, they don't have a mechanism to record this type of connection."
"The automated change of the passwords, which is now integrated, could be improved to be more flexible regarding different systems."
"We currently have a problem with the Active Directory integrations on Windows. Some of our users need to be logged with Active Directory, but we are having communication issues between One Identity and Active Directory. It seems that Active Directory is not well-integrated."
"Some of the out-of-the-box reporting isn't that rich. We spoke to our Safeguard reps who have acknowledged that some of the reporting features can certainly be improved and that we're not the only customer who has cited this. There are very little out-of-the-box reporting capabilities. You have to build the queries and the report. I believe in the next release they're going to be addressing this."
"The high availability function of the box requires a long time to switch over from one appliance to another."
"The product uses a lot of resources in current sessions."
"Some of our users find the functionality a bit complex, and it could be made more user-friendly."
"The SPS could be a lot easier to administrate and the parts should be unified, from a design perspective, so that I can recognize the systems as being part of the same package. They feel like they have been forced together."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews while One Identity Safeguard is ranked 5th in Privileged Access Management (PAM) with 38 reviews. CyberArk Privileged Access Manager is rated 8.8, while One Identity Safeguard is rated 8.2. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of One Identity Safeguard writes "Provides us with centralized storage of secrets and credentials, and visibility into the use of privileged access". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and Zscaler Internet Access, whereas One Identity Safeguard is most compared with WALLIX Bastion, Delinea Secret Server, BeyondTrust Privileged Remote Access, Fudo PAM and ObserveIT. See our CyberArk Privileged Access Manager vs. One Identity Safeguard report.
See our list of best Privileged Access Management (PAM) vendors.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hello Avinash, it all depends on the timeline and urgency of the project. If you need to deploy a PAM tool that focuses on standing privileges, stopping lateral movement, and incorporating Zero Standing Privileges as part of Zero Trust, then please consider looking at Remediant. I've worked for BeyondTrust and have gone up against the other big players such as Delinea, Centrify, CyberArk, and HashiCorp. They more or less all offer similar solutions, but looking at your current requirements, Remediant really excels in delivering a simple, yet very effective tool in a matter of days and weeks, not months and years.