We performed a comparison between Azure Active Directory and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Azure Active Directory is the more popular solution because its deployment is easier and it has a free version.
"The ability to develop and deploy applications with no stored secrets is very valuable."
"It is a robust product."
"Right off the bat, the most valuable feature is the DNA scan. It gives us the ability to scan our environment and find the accounts that we're going to need to take under control."
"Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials."
"All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information."
"You can gradually implement CyberArk, starting with more easily attainable goals."
"On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need."
"I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes that can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors."
"We can have an audit and we can easily audit logs."
"Don't delay implementing this solution, it's the best thing you can do for your identity protection."
"We have about 80 users in the Azure Active Directory right now, however, we know that if it was necessary to scale it for hundreds or thousands of users, it wouldn't be a problem."
"Multi-factor authentication really secures our environments and gives us the flexibility to use location-based policies. Azure AD also gives us a lot of flexibility in our scope of integration."
"Application integration is easy. MFA and password self-service have reduced most of the supportive work of IT. We use multi-factor authentication. Every access from a user is through multi-factor authentication. There is no legacy authentication. We have blocked legacy authentication methods. For people who use the MDM on mobile, we push our application through Intune. In a hybrid environment, users can work from anywhere. With Intune, we can push policies and secure the data."
"Single sign-on is the reason we use AD."
"The features around permissions are excellent."
"The most valuable feature is the factor identification. I find that it is natural integration, and it is just a natural step. I do not need to do anything else."
"The current user interface is a little dated. However, I hear there are changes coming in the next version."
"We need a bit more education for our user community because they are not using it to its capabilities."
"As they grow, the technical support is having growing pains. One of the things is just being able to get somebody on the phone sometimes."
"We would like to expand the usage of the auto discovery accounts feed, then on our end, tie in the REST API for automation."
"The one place where we found that this product really needs to improve is the cloud. Simple integrations don't exist, even today. We don't have anything specific on CyberArk for managing, SaaS products, SaaS vendors, SaaS credentials. I understand it's a vendor-based thing and that they have to coordinate with the other vendors to be able to do that, and there are integrations coming. But these are the major places where CyberArk definitely needs to invest some more time."
"There were a lot of manual steps in the initial setup which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5."
"The solution needs better features for end users to manage their own whitelisting for API retrieval."
"CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well."
"It would be good to have more clarity around licensing."
"Microsoft should work on enhancing its machine-learning algorithm to prevent unnecessary lockouts of users."
"In terms of connecting the web application, there is technology for single sign-on. When we use it, the solution opens very slowly. It might be a bandwidth issue, and some content will not work on that portal."
"The cost of licensing always has room for improvement."
"If somebody is using an IdP or an identity solution other than Active Directory, that's where you have to start jumping through some hoops... I don't think the solution is quite as third-party-centric as Okta or Auth0."
"If Microsoft can give us a way to see where this product is running, from a backend perspective, then it would be great."
"Compatibility features for legacy system integration with new features will be challenging at times."
"Microsoft Entra ID should improve workload identities. It should set conditional access."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews while Microsoft Entra ID is ranked 1st in Access Management with 190 reviews. CyberArk Privileged Access Manager is rated 8.8, while Microsoft Entra ID is rated 8.6. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Microsoft Entra ID writes "Allows users to authenticate from home and has excellent integrations in a simple, stable solution". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and Zscaler Internet Access, whereas Microsoft Entra ID is most compared with Microsoft Intune, Google Cloud Identity, Yubico YubiKey, Cisco Duo and Auth0. See our CyberArk Privileged Access Manager vs. Microsoft Entra ID report.
See our list of best Access Management vendors.
We monitor all Access Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
