
Overview
Zilla Security delivers an identity security solution focused on comprehensive security and compliance that is automated and easy to use. The platform combines identity governance with cloud security to deliver access visibility, compliance reviews, user lifecycle management, segregation of duties, and policy-based security remediation.
Zilla's no-code integration with SaaS applications like Salesforce, cloud infrastructure like AWS, and cloud databases like Databricks, is unparalleled. Robotic automation enables the platform to monitor and configure all web-based applications, even those that don't have security APIs.
Zilla's self-learning, intelligent automation easily handles cloud scale and dramatically reduces the cost of ownership via a simple user experience that enables collaboration between app owners, IT, security teams, and auditors.
Zilla delivers:
Extensive library of out-of-the-box app Integrations Fast onboarding of any app - no coding or scripting - including custom and legacy apps without APIs Fully automated access reviews campaigns and compliance assessments for multiple reviewer types Simple user experience for frictionless collaboration between stakeholders Continuous and audit-ready compliance with all the supporting evidence in one place Advanced search and reporting for the compliance audit purposes Complete visibility into who has access to what
Highlights
- Automated monitoring and remediation of access - who has access to what and any access risks. Zilla enables organizations to easily monitor all permissions, infrastructure entitlements, and security settings that give users, machines, and APIs access. We deliver insight into critical access risk and then remediate inappropriate access via integration with an organization's ITSM systems for ticketing workflows.
- Comprehensive integrations with Zilla Universal Sync (ZUS) - we haven't met an app we can't support. Zilla makes it easy to integrate the tools, systems, and platforms organizations use every day. The platform includes robotic automation that enables customers to integrate with all applications, including legacy and homegrown apps, and ones that offer no security APIs or file exports for security data.
- Simple, automated User Access Reviews (UAR) - go from months to days for reviews and audits. Zilla automates the entire UAR process and delivers an auditable system of record. The platform generates permissions relevant to a campaign, invites reviewers to complete work, and enables administrators to track reviewer progress. Reviewers can maintain, revoke, change, re-assign, or delegate permissions, while campaign administrators have complete control over the review process.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide

Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/12 months |
|---|---|---|
Comply 500/25 | Zilla Security - Comply for 500 Identities and 25 applications | $45,000.00 |
Comply 2500/100 | Zilla Security - Comply for 2500 identities and 100 applications | $90,000.00 |
Comply additional app | Zilla Security - Comply Additional App | $1,000.00 |
Vendor refund policy
No refunds are available
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
The Zilla Customer Support Team is dedicated to providing you with a best-in-class support experience. Our goal is to exceed your expectations and make you successful. Support@ZillaSecurity.com address
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
Standard contract
Customer reviews
Secure password rotations and monitored sessions have strengthened our daily banking operations
What is our primary use case?
In our day-to-day activities, we use Idira IGA for storing passwords, rotating passwords, and securing connections.
We support users and onboard user accounts, elevated accounts, privileged accounts, and all accounts on Idira IGA . On a daily basis, we rotate them according to company policies.
Apart from password rotations, we store passwords on the web application. According to user requirements, we provide access to users and approvers. Once a user requests a password, the manager must approve it. Then, the user can access the password. We have implemented policies according to Idira IGA policies.
What is most valuable?
The best feature is the secure logins and secure connections. Whenever a user needs to connect to the target machine, they must log in to the web application. From the web application, the user can connect to the target machine with the help of the PSM component. This is a very valuable feature in Idira IGA .
Not only my team, but the entire organization stores recordings with the help of this PSM. Whenever a user wants to connect to the target machine, they must log in to Idira IGA, which is CyberArk. Later, from the web application, the user can connect to the target machine. This allows for secure connection instead of a user directly connecting through RDP.
Apart from this, whenever a user tries to access the target machine and does something wrong, the manager can monitor what the user is doing and has permissions to stop the session whenever needed. Idira IGA has many features in the PSM component.
In my organization, with the help of Idira IGA, we secure our passwords and rotate passwords. This is very helpful for our organization to maintain secure growth.
What needs improvement?
Currently, they are improving significantly, and whenever vulnerabilities arrive, they notify customers. Whenever they upgrade versions, they notify customers. This is very good. Whenever we contact customer support, they provide prompt responses. Everything is good on their end.
For how long have I used the solution?
I have been working in my current field for around ten years, and I have been working in my current organization for three years.
How are customer service and support?
Whenever we contact customer support, they provide prompt responses. Everything is good on their end.
What other advice do I have?
On a daily basis, we rotate passwords automatically. Whenever the user retrieves the password, after settings such as twelve hours or eight hours, the password expires. This means that the user cannot use the same password again. This is very secure. The organization, as I work in the banking sector, finds this very helpful for us and our clients to maintain all applications securely.
I would suggest to them that whenever an issue occurs, with the help of logs, we need to go to Idira IGA community portal and validate that.
Identity governance has strengthened automation and now delivers holistic security insights
What is our primary use case?
My main use case for Idira IGA is mostly for the governance and administration point of view. Normally, we are using a UAR facilities and joiner mover leaver part.
One specific example of how I use Idira IGA for governance and administration is that we align the policy and procedure based on the access request approval workflow, user access review, SOD policies, and provisioning engine.
What is most valuable?
Idira IGA is integrated with privileged access management, and it gives us broader identity security capabilities in a single platform, which is an added advantage.
The best features Idira IGA offers include especially the provisioning engine, which gave us a broader scope and broader identification for security prospects.
Multiple features worth highlighting include adding an identity security platform with PAM, then ITDR capabilities, and Microsoft Entra suite, and how it will integrate with the CyberArk PAM.
Idira IGA has positively impacted my organization by providing good governance and giving us more depth information as an SOC and NOC provisioning, especially since we are already using Office 365 , Entra ID, Intune , and Microsoft Defender.
The depth of information has helped my team by integrating with PAM and giving us a holistic view based on the access management, identity threat detections, and identity governance, providing a very broad umbrella to solve things based on security layers.
The impact of automation on our access reviews is significant, as it reduces the manual work. For example, automation has reduced time and effort for our team, as it correlates with Idira IGA, PAM, and other SOC environments, giving a complete holistic view for troubleshooting and identifying the operation model and security posture compliance, ultimately providing cost structure-wise business agility. The great value comes when moving forward to relative operations in a policy-driven manner, giving us a good output.
What needs improvement?
Idira IGA can be improved in addressing our core pain point of joiner, leaver, and remover, which we identify with SSO , MFA, read admin access, PAM request, and the process holistic view and hierarchy, particularly in the model and the integration part based on the HRM module or JD Edward module.
Integration with JD Edwards, especially with SAML authentication, would be beneficial.
Improvements are needed on the reporting side and integration with the ITSM module for smoother automation and intelligence graph based on department-wise organization. The automated response needs to revoke token, force MFA, and disable accounts more proactively in the reporting side.
Idira IGA's scalability still needs to mature more; over time, it will mature and provide us with a more holistic view and details about the correlation and integration into a single umbrella.
For how long have I used the solution?
I have been using Idira IGA for the past two years.
What do I think about the stability of the solution?
Idira IGA is stable and has been reliable for us so far.
What do I think about the scalability of the solution?
Idira IGA's scalability still needs to mature more; over time, it will mature and provide us with a more holistic view and details about the correlation and integration into a single umbrella.
How are customer service and support?
We have not interacted much with the AI capabilities, but it has very good machine learning behavior analytics and provides good risk scoring, giving us proper graph analytics. However, we want more proactive reporting if it is integrated with multiple solutions such as IGA, PAM, and ITDR , providing us a more holistic view.
Which solution did I use previously and why did I switch?
I did not previously use a different solution; earlier we only used PAM, which is CyberArk, and now we have integrated with the same.
How was the initial setup?
It took five months to deploy Idira IGA from setup to initial go-live as a maturity part. Compared to the past solutions, there is not much difference; I noticed no major differences since the organization level structure designing took almost the same time.
What was our ROI?
I have seen a little return on investment, which is a bit early, but it is time saved and employee savings that one can note.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that it is costly compared to other marketplaces, but based on the utilization, I will see if it is really worthwhile or not.
Which other solutions did I evaluate?
Before choosing Idira IGA, we evaluated other options based on governance and marketplace validation.
What other advice do I have?
My advice to others looking into using Idira IGA is that the correlation and the integration are the added benefits and holistic view, but it needs to work more on the reporting side, and once matured more, we will be able to know because the good features are joiner, mover, and leaver, role mining, access review, and PAM integration, which are key points.
Idira IGA needs to focus on identity maturity and the visibility life cycle, especially with governance automations and business transformation. As I am transforming from on-premises to cloud, I want to see the benefits and level of governance automation we can fetch. I rate this product an eight overall.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Unified identity governance has streamlined automation, compliance, and audit readiness
What is our primary use case?
Idira IGA serves as a unified platform combining IAM , PAM, IGA , and machine identity security within HP. One example of how I use Idira IGA in my day-to-day work is through the PAM capability, where we utilize something called digital workforce within HP. These are Bot IDs used for automations. Whenever we request any new automation to be created, we request a Bot ID with the IGA team within HP, and then it gets onboarded to the PAM solution for automatic credential rotation management on the platform.
Other use cases for Idira IGA include management of specific types of accounts, such as supplemental accounts and service accounts. We also use IGA for onboarding users into many other applications within our organization and providing user access, attaching the roles and permissions necessary. Using this platform, we are able to drive our SOX activities, including segregation of duties and other SOX controls which can occur on any application. Those activities are tracked and maintained on this platform.
What is most valuable?
Idira IGA offers several good features, including integration capabilities that allow it to integrate with many SaaS apps, on-premises apps, and cloud platforms. It also has APIs, which make it useful for integration with different types of downstream and upstream applications. Additionally, it provides a unified identity security platform that functions as a single platform for IGA, PAM, and IAM security, serving as a single control plane for all these platforms and capabilities. It also has native governance for most of these capabilities and inbuilt compliance integrated into the workflows, making it easy for us to meet our regulatory frameworks for SOX.
We rely mostly on the integration features of Idira IGA. For example, PAM is one of the tools we use most from Idira IGA, where we are connecting to privileged accounts and utilizing them for our automations across the organization. This is one of the most heavily used features. We also rely on this platform for our SOX activities to gather all audit-based evidence collections.
My favorite feature is the integration with PAM and the audit governance that it provides, making it truly helpful for us in driving our automations and SOX compliance activities. In terms of agentic capabilities and AI capabilities, it has some, but I believe it could improve in that area. We have not used that feature much, but I believe the combination of integration with agentic capabilities or autonomous agents within the platform could help increase the productivity of the platform.
Governance security on Idira IGA is very tight, providing all necessary requirements to keep data and transactions closely monitored. It has all the logging mechanisms within the platform. In terms of compliance, it aligns with most of the industry standard certifications and can be tightly integrated within our company network for setup. I believe AI readiness is present, with good governance and security measures in place.
Automation has significantly reduced both manual efforts and improved accuracy in our access reviews, which has changed how quickly we complete these processes. For example, we previously onboarded users through a different tool, which took considerable time due to back and forth emails and manual approvals for requests. Now, with this platform, everything is automated, requiring just one form and one approval, making the process much more efficient. What used to take about seven or eight days can now be accomplished within a couple of working days.
What needs improvement?
Idira IGA platform itself is somewhat complex to understand initially, so the UI and user interface could be simplified. This is one pain point I see. Additionally, an agentic layer could be improved on the platform. Instead of filling many forms to onboard any account or get access permissions, we could use the agent, invoke it, and through conversing naturally with the agent, we could get the access and onboarding completed quickly. This would simplify processes for most of our teams, so these two are the primary improvements I feel should be made.
Support is not an issue; however, performance-wise, the application feels somewhat heavyweight. It could possibly be made lighter by improving the underlying backend technology. Adding an additional agentic layer would also help simplify how we interact with the application.
The AI capabilities of Idira IGA are not extensively used by us, but I believe the accuracy of the responses we have utilized is good. However, regarding agentic actions, I think there is room for improvement overall on the platform.
For how long have I used the solution?
I have been working in my current field for almost thirteen years.
What do I think about the stability of the solution?
Idira IGA is quite stable.
How are customer service and support?
Customer support for Idira IGA is good. They are responsive and provide a first response within a few hours, with most issues resolved within a couple of days.
Which solution did I use previously and why did I switch?
We did not have any centralized IGA solution previously, but we had some tools around PAM such as CyberArk. Idira IGA now serves as a comprehensive solution that suits all of our needs.
How was the initial setup?
I believe it took somewhere around six months to go live with our previous IGA solution. Idira IGA deployment took less than a quarter. Compared to past solutions, our Idira deployment was at least 50 percent faster.
What was our ROI?
Currently, the return on investment is mostly reflected in time and effort reductions. We have indeed saved some headcounts as part of this deployment, but the metrics primarily highlight time-saving and accuracy improvements.
What's my experience with pricing, setup cost, and licensing?
Pricing-wise, I find Idira IGA very competitive compared to other IGA tools available in the market.
Which other solutions did I evaluate?
We evaluated options from other vendors, such as BeyondTrust, but Idira IGA suited us better.
What other advice do I have?
I would definitely recommend customers use Idira IGA as a single platform for all governance around PAM, application, and user provisioning. It is definitely recommended for large organization deployments. I provided this review with a rating of nine.
Automation has transformed access reviews and governance across human and non-human identities
What is our primary use case?
CyberArk IGA Powered by Zilla includes automated access reviews and certification. We automate compliance campaigns, reducing manual effort by 80%. It provides pre-approvals that can eliminate over non-required entitlements, streamlining onboarding. We also use it for role changes and off-boarding for employees and contractors. Additionally, it provides comprehensive integration for more than 200 to 300 applications, allowing us to manage all users and entitlements within the Salesforce and Slack applications, as well as managing non-human identities like bots, service accounts, scripts, and workloads, which helps reduce risks in complex hybrid or multi-cloud environments. It is also used for auto-readiness, creating detailed audit trails for compliance reporting, answering questions such as who has done what process or what particular activities have been done for a particular duration. Overall, CyberArk IGA Powered by Zilla helps us automate user access reviews, provisioning, and de-provisioning for both human and machine identities across hybrid and multi-cloud environments.
What is most valuable?
The best feature of CyberArk IGA Powered by Zilla is its rapid integration and deployment. It has a lot of pre-built integrations for SaaS applications as well as cloud-based and on-premise applications, which allows us significantly faster deployment compared to other legacy IGA tools. It also focuses on securing and managing non-human identities, bots, service accounts, and APIs, which often pose high security risks. It is used mostly for robotic automation, connecting applications that lack APIs and enabling automated data collection for governance.
With CyberArk IGA Powered by Zilla, automation impacts our access reviews by allowing us to generate access reviews automatically. It generates entitlement profiles, analyzes access, and suggests approvals or denials based on the service and bot accounts we use. This overall reduces manual effort in access reviews by up to 60%, and it monitors the access reviews for recertification, notifying if a user has not utilized their privileged IDs for an extended period. The AI or automation suggests if this user is no longer using their access, prompting their manager to make a decision whether to approve or deny access.
Previously, we performed manual work repeatedly, creating one-by-one campaigns and triggering them individually. However, with automation, we now employ a group of people for on-demand recertification, and for all privileged IDs, we use time-based recertification that runs every quarter or every 90 days. This significantly reduces our time by about 40 to 60%, and no manual effort is required for these activities.
What needs improvement?
The UI of CyberArk IGA Powered by Zilla is good, but there is room for improvement in the transition from legacy systems. Organizations with highly customized, long-standing legacy IGA tools may face a steep learning curve and complex data migration when moving to this modern AI-driven or cloud-native solution. Another limitation involves integration gaps. While CyberArk IGA Powered by Zilla boasts extensive pre-built connectors, any application not covered requires manual configuration or the deployment of Zilla Universal Sync, which may increase implementation time and could be less effective for legacy applications. However, it can be quite useful for SaaS-based applications, so improvement in customization or configuration for legacy applications is needed.
There is a considerable dependency on data quality. The effectiveness of AI-driven insights, such as entitlement recommendations for approve, deny, or do nothing actions, is entirely reliant on the quality and accuracy of the data ingested from connected applications. This means data quality should not just depend on application integration but also overall user insights regarding usage, such as login activity or MFA utilization.
For how long have I used the solution?
I have been using this newly launched solution, CyberArk IGA Powered by Zilla, since the second quarter of last year in my organization.
What do I think about the stability of the solution?
Regarding stability, I recommend it at nine out of ten.
What do I think about the scalability of the solution?
For scalability, I would also rate it nine out of ten.
How are customer service and support?
I would rate the technical support of CyberArk IGA Powered by Zilla an eight out of ten, considering its time frame and the number of applications it handles.
How was the initial setup?
Implementing CyberArk IGA Powered by Zilla presented challenges as it is a new tool, requiring a steep learning curve initially. However, I found it to be easy to use after I acquired the necessary skills in six months, leading to an overall moderate experience.
What's my experience with pricing, setup cost, and licensing?
In terms of pricing for CyberArk IGA Powered by Zilla, I find it moderate compared to SailPoint, but it is cheaper than Okta Identity Governance.
In terms of maintenance, there is an annual maintenance cost (AMC) package to consider. Daily management of API-related services, customer-related services, and deployment-related services is also necessary, which clients need to purchase.
Which other solutions did I evaluate?
When comparing CyberArk IGA Powered by Zilla to other solutions such as Okta, it is known for its cloud-first approach and managing modern SaaS applications, while SailPoint is a leader in IGA. Entra ID is a newer competitor in this space. If comparing CyberArk IGA Powered by Zilla primarily with SailPoint IQ, I recommend CyberArk IGA Powered by Zilla if a client wants to rapidly govern SaaS applications, employs a lot of AI for automating access reviews, and prefers a modern low-touch SaaS platform. If a client has a large enterprise with complex legacy applications needing extensive customization and governance, then they should choose SailPoint IQ.
What other advice do I have?
My advice for others looking into CyberArk IGA Powered by Zilla is that if a client has a complex number of legacy applications, they should opt for SailPoint or Okta. However, if they prefer to use AI for automating access reviews or want a low-touch SaaS platform for rapid SaaS adoption, they should go for CyberArk IGA Powered by Zilla. I would rate my overall experience with CyberArk IGA Powered by Zilla a nine out of ten.
Identity governance has automated lifecycle management and strengthens compliance workflows
What is our primary use case?
My main use case for CyberArk IGA Powered by Zilla is that it provides the platform which helps to improve our governance and the provisioning technology, and it also strengthens my identity lifecycle and compliance portfolio.
A specific example of how I use CyberArk IGA Powered by Zilla in my daily work is that it has the identity governance modernization which helps to improve my organization, provides user automation, and assists significantly with compliance and audit, least privilege enforcement policies, and automates the joiner or leaver process of particular employees.
What is most valuable?
CyberArk IGA Powered by Zilla offers best features including AI-driven identity governance, automated provisioning and de-provisioning, access review and compliance, cloud-native architecture, and lifecycle management, particularly identity lifecycle management.
The cloud-native architecture and automated provisioning features of CyberArk IGA Powered by Zilla help me a lot, especially to the HR department, when any employee comes into our organization or leaves; it automatically provides the proper access to them depending upon their designation and name, and it also automates the necessary credential management when employees leave.
CyberArk IGA Powered by Zilla has positively impacted my organization through the collection of audit evidence, the compliance workflow, and user access reviews, which helps me significantly.
What needs improvement?
There are no additional improvements needed at this time.
For how long have I used the solution?
I have been working in my current field for two years.
What do I think about the stability of the solution?
CyberArk IGA Powered by Zilla is stable.
What do I think about the scalability of the solution?
For the scalability of CyberArk IGA Powered by Zilla, I would rate it a nine.
How are customer service and support?
I would say the customer support for CyberArk IGA Powered by Zilla is responsive.
I would rate the customer support a nine.
Which solution did I use previously and why did I switch?
I don't have clarity on previous solutions because I came in two years ago, and at that time CyberArk IGA Powered by Zilla was being deployed; as far as I know, there was no software present prior.
We directly went for CyberArk IGA Powered by Zilla.
How was the initial setup?
It took me within three days to deploy CyberArk IGA Powered by Zilla from setup to initial go-live by deploying the base policies, and later on, we modified according to our needs.
The deployment was significantly quicker compared to past solutions.
What about the implementation team?
An example of how automation with CyberArk IGA Powered by Zilla reduced time or effort for my team is that whenever a user is onboarding, it automatically chooses their role and applies the policies-based automation within a fraction of seconds, eliminating the need for manual intervention.
My team spends significantly less time on access reviews and evidence collection compared to before.
What was our ROI?
CyberArk IGA Powered by Zilla has helped me a lot and constitutes a return on investment as well, but I cannot provide more details because I am from the technical department.
What's my experience with pricing, setup cost, and licensing?
The pricing, setup cost, and licensing were taken care of by the administration, so I do not have information about those details.
Which other solutions did I evaluate?
I did not purchase CyberArk IGA Powered by Zilla through the AWS Marketplace .
CyberArk IGA Powered by Zilla is from a different vendor.
What other advice do I have?
So far, everything is working well for me, and anything on the roadmap is definitely always welcome.
There is nothing to advise about CyberArk IGA Powered by Zilla; if you are aware of this particular solution, you have to check it out.
I would rate this review a ten.
