Overview
CyberArk Workforce Identity is a SaaS-delivered solution designed to simplify identity and access management in enterprises. CyberArk Identity unifies Workforce and B2B Access and Identity Management solutions in a single offering. CyberArk Workforce & B2B Access solutions ensure that the right users have secure access to the right resources at the right times.
Organizations can use CyberArk Workforce solution to authenticate, authorize, and audit access to applications and IT systems, including AWS IAM and AWS SSO, with a security-first mindset. Strengthen security and reduce risk by protecting workforce and customer credentials and tightly controlling access to on-premises and cloud-based applications, services, and IT infrastructure.
CyberArk Workforce Identity solution include:
-CyberArk Single Sign-On: Enables one-click secure access to all the applications and resources including AWS IAM and AWS SSO -CyberArk Adaptive Multi-Factor Authentication: Enable a passwordless user experience with a comprehensive range of user-friendly, context and risk aware authetication methods. -CyberArk Secure Web Sessions: Protect identities beyond the login and gain visibility into every action users take within web applications. -CyberArk Workforce Password Management: Securely store, manage and share business application credentials. -CyberArk B2B Identity: Extends secure and seamless access for your business partners, vendors, and clients. -CyberArk Identity Lifecycle Management and compliance: Streamline identity lifecycle events, orchestrate identity workflows, and automate access reviews and compliance requierments.
For custom orders please contact AWS-Marketplace@cyberark.com
Latest Release notes: https://docs.cyberark.com/identity/latest/en/content/releasenotes/ReleaseNotes-Latest.htm
Highlights
- Identity Security Platform: CyberArk Workforce Identity includes deep integrations with CyberArk PAM, thousands of pre-integrated applications, and comprehensive support for MFA mechanisms, including the newest passwordless factors and technologies.
- Architected for the modern enterprise: Leverages scalable CyberArk Identity Cloud Directory to unify user management across the enterprise, reduce identity silos, and simplify migration to the cloud.
- With Identity Flows and Compliance eliminate manual tasks and processes by automating complex identity management workflows. Ensure all access rights are properly assigned and continually certified across the extended enterprise.
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Buyer guide

Financing for AWS Marketplace purchases
Pricing
Free trial
Dimension | Description | Cost/12 months |
|---|---|---|
Workforce Identity Std. | Workforce Identity users - 100 users | $12,528.00 |
Workforce Password Mgmt | Workforce Password Mgmt - 200 users | $14,400.00 |
Vendor refund policy
For refund policy, visit <www.cyberark.com/terms-service-saas/ >
Custom pricing options
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Ensuring your CyberArk Workforce Identity is up to date and running efficiently is a priority. If you encounter a technical problem, contact CyberArk support 24x7, using our ticketing system at https://cyberark-customers.force.com - Phone and email support are also available. Further details are available at <www.cyberark.com/customer-support/#contact-supportContact >
For support related questions: <www.cyberark.com/customer-support/ >
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

Standard contract
Customer reviews
Modern access controls have streamlined daily MFA use and support complex privileged workflows
What is our primary use case?
I'm working with on-premises solutions. Back in the time there were no other options.
I use multi-factor authentication with Idira Identity . I sell it, I deploy it, so it's something that is really important in the strategy of Idira Identity platform from top to bottom where the MFA part is at the bottom. Every day users should use it every day, and it should be developed in the future.
The password vault, the origin of CyberArk 25 years ago, is still used for some specific use cases. It's still required by privileged access. This is something that customers use, and in my region, I think it's still the most used part of Idira Identity, of CyberArk.
What is most valuable?
The best features in Idira Identity are the modern PAM.
Idira is a new label for CyberArk under Palo Alto. Palo Alto is making it more of a platform approach rather than some independent parts. They are brought together to form a platform. This is something that I observe; platformization is going on, and I would say that platformization is now the coolest part of this transition.
From my perspective, platformization is an advantage because it's an experience that big customers can take advantage of, or the platformization part because it's easier to manage and easier to deploy because of that. It's an advantage. I wouldn't say it's a disadvantage because some disadvantages are that this process took so long.
What needs improvement?
The area that is missing much is about the reporting part.
I would rate Idira Identity in general about eight. It has a good set of features compared to other identity security platforms. It's well-composed on different layers but requires platformization to go further to make it easier to use. You can do many things in it, but you need a lot of knowledge about dependencies of many things, so it requires time and big knowledge, and for the customer, it's a tough task now. It was very bad in the past. Now it's going better, and I expect that this platformization transition will help in succeeding more in the future.
For how long have I used the solution?
I've been involved in this sphere for eight years.
What do I think about the stability of the solution?
Nowadays it doesn't require much time to deploy.
I am actually the person who participates in deployment.
How are customer service and support?
From my experience, the technical support of Idira or Palo Alto is that the first response usually meets the SLA. However, I would say that on the way, it takes a long time to get to the next level. If it's not something that I need from support, such as changing the configuration in the tenant, for example, that I cannot do manually by myself, I need to ask the tenant for that. This is a rather quick option, but sometimes the log analysis and getting more into details of the case, especially in on-premises, takes longer. I would say my experience is that getting beyond the first answer sometimes is quite time-consuming. It takes a long time to get things done.
I would say maybe seven at this moment for support. I remember that when it was a smaller company, the support was a little bit better. Now it became larger, and there is a transition in the support layers. So now we are in the transition part, so for two years, I observe a little bit of the problem with the support going. It takes a long time, and I see a decreasing level of support. However, it's not hard, so it's still quite good according to other vendors.
How was the initial setup?
The basic installation can take a day.
Nowadays it doesn't require much time to deploy.
What other advice do I have?
I would say that customers choose this product based on their current needs.
Idira Identity definitely still has room for growth, especially the integration with Palo Alto systems, particularly the support system, because Palo Alto has a really big support system. This somehow needs to match it. The new CyberArk technology must somehow fit the Palo Alto support system. I expect that this will align somehow, but I don't know which way it will go.
I rated this product an eight overall.
Fast User-Device Linking, Needs Installation Speed Boost
Has strengthened privileged access control and improved audit visibility through session monitoring and password rotation
What is our primary use case?
The main use cases for CyberArk Identity help us to strengthen security to protect sensitive data centers and systems. We can store sensitive credentials, user credentials, and privileged accounts inside our CyberArk PAM tool. This helps us rotate passwords for privileged account credentials and monitor sessions. It is very useful for audit purposes. If there are any unsuspected activities happening, we can review the log files and identify where issues are occurring. It is very helpful for monitoring and strengthening security levels.
What is most valuable?
The best features in CyberArk Identity that I appreciate most are the recent updates that have added features in the cloud privilege environment. In the SAS solutions, they have added connectors. Except for PSM and CPM , they have included SIA, Secure Infrastructure Access, Secure Cloud Access, and Secure Web Sessions. These are additional features I have seen in the recent updates.
For multi-factor authentication, we use CyberArk Identity's multi-factor authentication integrations, LDAP integration and SSO , Azure SSO , LDAP and SIM. These authentication mechanisms we implement. Mostly, we use LDAP and Azure SSO.
Just-in-time access, also called ephemeral access, is especially beneficial, particularly with SIA and SCA features. The recent updates from CyberArk Identity have been impressive. If a requester needs access to a platform, such as Windows, Linux, or any database, the request goes to the approval level for a particular time period. The approver can approve the request within that set time frame, granting just-in-time access to the end user.
Session monitoring is beneficial as it detects if the user is trying to log in and records all activities stored in the vault. It gives us more insights into what activities are happening inside. If there are any breaches or issues arise, I can go back to the log report and check all those activities that are captured, where it failed exactly, and what the issue was. From there, I can find and fix it.
What needs improvement?
On the identity product side, it is awesome. However, they can improve in the documentation parts. For example, if there is a migration process, I can see the maximum customers are moving from self-hosted to on-premises or from on-premises to the cloud. It would be helpful if they released a generalized document for processes such as migration. A clear overview document would assist us in understanding more about the tool, configurations, and automations to enhance our security.
Regarding the initial setup of CyberArk Identity, I faced some challenges. At some points, I could not find proper documentation for deploying, enhancing, or integrating with other components. I could not find the proper documentation in the community portal.
For how long have I used the solution?
I have been working with the identity product using CyberArk PAM tool for more than two years.
What do I think about the stability of the solution?
When it comes to performance and stability, I find it very reliable.
What do I think about the scalability of the solution?
CyberArk Identity is highly scalable as there are many things to learn. There is no limitation. When delving deep into the concepts, there is a lot to address and learn, especially when facing real-time scenarios. It may seem simple at first glance but once you get into the depth of the concepts, you realize how much there is to learn and there are no limitations in that regard.
How are customer service and support?
My experience with technical support has been very good. When I reached out to them, I received prompt responses and support, which I would rate as very good.
How was the initial setup?
I faced some challenges during the initial setup of CyberArk Identity. At some points, I could not find proper documentation for deploying, enhancing, or integrating with other components. I could not find the proper documentation in the community portal.
What other advice do I have?
If I can share advice or recommendations for other companies considering CyberArk Identity, I would highlight the most powerful features in CyberArk PAM such as password rotation, session recordings, and just-in-time access as the best aspects of this product. On a scale of one to ten, I would rate this solution an eight.
Have increased security by regenerating credentials after each use and gained confidence through session oversight
What is our primary use case?
It's not being purchased through AWS , but we're using CyberArk Identity as a SaaS solution. I think it's running on AWS , but we bought it directly from CyberArk.
What is most valuable?
The straight-through approach of CyberArk Identity is very easy to start with. After you start with it, you can very easily onboard your privileged accounts. From there on, you can advance further and make it more and more secure. I think that the easy way to start with CyberArk Identity is one of the benefits of using it.
The best feature for us is the regeneration of passwords after every use that we have implemented with CyberArk Identity. The two-factor authentication is very important, but the fact that every account is being regenerated every time we use it is the most important security feature for us.
Session monitoring with CyberArk Identity is helping in making us feel secure with our vendors. We're also using the vendor implementation. The fact that we know that we can look back and that we tell that to our vendors gives us a good secure feeling. We haven't really found it necessary to look back, but the fact that we know that we can makes us feel secure.
What needs improvement?
We do not specifically use the password vaulting feature of CyberArk Identity.
The centralized user dashboard of CyberArk Identity has not been that important for us.
If it would be possible to share accounts between vaults in CyberArk Identity, that would be very beneficial. Account sharing between vaults is one of the most important aspects for us.
It was pretty complex to implement CyberArk Identity. We had some help from a partner, and that helped a lot. But even for the partner, it was really difficult to streamline the process of implementing. We had sometimes an issue that really took days during the implementation to fix. That was something that I did not appreciate about the whole implementation. It should be much more straightforward, specifically because you're doing a SaaS implementation.
I rate it a seven because vendor support is difficult to get. Basically, you have to go through a partner to get support with CyberArk Identity. That's another thing that they could improve.
For how long have I used the solution?
This is the second time I'm implementing CyberArk Identity. The first time was for a different customer. With the current customer, we're using it for about nine months now.
What do I think about the stability of the solution?
I rate the stability of CyberArk Identity regarding downtime, bugs, and glitches a 10. We haven't had any downtime or any problems with availability.
What do I think about the scalability of the solution?
I would consider CyberArk Identity to be just as scalable as you want to be. You can scale it out pretty easily, and you can implement it very small. I would rate it a nine.
What about the implementation team?
I'm not an end-user or a partner. I'm just an independent consultant helping with the implementation.
Which other solutions did I evaluate?
We've compared CyberArk Identity for our other customer and did a real peer review between BeyondTrust and CyberArk Identity. It was very close. In the end, CyberArk Identity had a better offer for us and was a little bit cheaper. That's why we decided to go with CyberArk Identity at the other customer. This customer already decided they wanted CyberArk Identity because it's a government agency and they've got a lot of other governments using CyberArk Identity. There was a lot of trust in CyberArk Identity, and there wasn't very much experience with BeyondTrust. It was a very quick choice to use CyberArk Identity for them.
What other advice do I have?
The feature of just-in-time access in managing privileged accounts and security is going to be important, but not right now because we're only using CyberArk Identity for nine months. We're still in the phase of onboarding all the privileged accounts and making sure that everybody is on board. After that, we're going to decrease the amount of rights that each account has and we're going to use named accounts instead of personal accounts. That's when we're going to implement just-in-time.
I don't think CyberArk Identity is cheap, but if you look at the security advantages that you get, I think it's the right price.
My clients are medium and enterprise, not small.
I would definitely recommend CyberArk Identity to other users because even though the implementation is difficult, the fact that you get so much more security is really a no-brainer for me. I think that everybody with multiple privileged accounts should implement at least a PAM solution CyberArk Identity, and CyberArk Identity is very good.
I would rate CyberArk Identity overall an eight out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Reduces IT team's workload while offering comprehensive identity security features
What is our primary use case?
The solution is mostly used for financial services.
How has it helped my organization?
The solution covers all key pillars of Identity security and governance. It reduces IT team workload by managing employee transitions, allocating rights, implementing least privilege, and ensuring people have only the necessary access rights. The role-based access and secure resource access principles are automated within organizations, especially when integrated with HR systems, enabling quick resource provisioning and decommissioning.
Once the solution is deployed, the customer can immediately see benefits. Typically, the first phase involves securing high-risk areas. Once the protection for privileged access identities is in place, the customer can then focus on securing the rest of the workforce, as well as protecting sensitive communications between machines, endpoints, and workstations. The time to realize value from this solution is quite short because it is a comprehensive solution. As soon as it is implemented, it fundamentally changes how users access systems, providing immediate security benefits. In summary, the value becomes apparent right away.
What is most valuable?
CyberArk Identity offers Single Sign-On , Adaptive MFA, Web Password Manager, and Secure Web Sessions for recording sessions from web applications. It also provides federated services, Directory Service integration with popular IDPs, and management of joiners, leavers, and movers in an organization.
What needs improvement?
They have been working to improve areas such as Identity Governance and Assurance (IGA ), but integration with new acquisitions into a single stack could be enhanced. While CyberArk Identity is a leader in Identity Security, the integration of multiple components could be improved.
I would suggest focusing on the integration of the multiple components. Currently, we have a unified platform, but with the recent acquisitions, I would like to see more seamless integration of those new entities. Additionally, I’m curious to see how the recent acquisition by Palo Alto will play out. I am interested in understanding how both companies can benefit from each other moving forward.
Additional improvements could include more out-of-the-box plugins for key systems. Though they are the largest privileged access company with numerous integrations, coverage could be expanded for certain database clients and other systems.
For how long have I used the solution?
I have been using CyberArk Identity for a year and a half.
How are customer service and support?
Their support is very good, with a huge community. I would rate it as a nine out of ten.
What's my experience with pricing, setup cost, and licensing?
The subscription licensing model, which provides identity features within the privileged access license, is quite affordable for most customers. The full stack available through one subscription license works particularly for customers in Africa, where the acquiring rate remains healthy.
What other advice do I have?
I would rate CyberArk Identity an eight out of ten.