I work with Direct Identity. I was studying CyberArk, and I have used it a few times. Then I switched to a new project. I have some experience with CyberArk Identity.

What I like most about CyberArk Identity is the model that is in place. It is very good. It is the most powerful access management system. There is a lot of security - especially when you have to onboard and allow access for new users for the corporate and new applications. It's wonderful.

We saw results very quickly. I saw the power of identity management almost right away. It's one of the best in the industry. It competes very well against other solutions and Active Directory. It's very low cost in comparison to Microsoft solutions. 

Something they could improve is the management of multifactor authentication. When you translate the page from one language to another, it can be a difficult process. The translation isn't always good, and it may have a completely different name. I've noticed this in the English to Spanish translation.

The implementation can be difficult. They have so many laws and filters that it can be overwhelming.

A few months, or maybe two months ago, was the last time I used the product. I managed different multifactor accesses for users. When using you must sign in with corporate credentials to authenticate the users. The authentication can go through the phone or email. 

It's a very stable solution. When you have it in the cloud, you have CyberArk every time you need it. In the time I have been here, I have not experienced a fall in the service of CyberArk. There is no risk in the stability.

I have contacted technical support. We used their help with virtual machines that CyberArk gives. I had one machine that I could not use due to an invalid token. They resolved the problem immediately after I reported it, on the same day, within one hour. It was a very good experience.

Positive

A different solution can be, for example, Microsoft Azure Active Directory. It is a very powerful identity management system and very good for a company that needs to improve constantly. Another good solution instead of CyberArk can be SailPoint, which has been making significant strides in recent years.

The solution can be deployed on cloud or on-premises. CyberArk is more on the cloud than on local hardware. 

The deployment is initially quite difficult. That said, when you are doing the implementation of CyberArk, there are so many tutorials that make the learning process very easy. The only complaint could be the language barrier. It's difficult if you don't have a very good level of English. Otherwise, it is very easy.

You can have it set up within three months without much difficulty. It's hard to get started, however, once you get going, it gets easier. A full deployment takes half a year or less.

There is some maintenance necessary. A company is constantly hiring and letting go of employees. The access is always changing, so access must always be adjusted. Or, if we need another law of filter, we would need to add those, or even take them away. That's another aspect of maintenance. 

We do not use a third party for implementing CyberArk. We can contact CyberArk directly if we have questions.

Regarding pricing, it can be quite a lot for small companies. For national companies, like a medium-sized company with 1,000 employees, it can be very good.

It is also a very necessary solution. Every company needs identity management for security within the corporation. It is essential to prevent unauthorized access and maintain strong barriers against hackers.

A different solution can be, for example, Microsoft Azure Active Directory. It is a very powerful identity management system and very good for a company that needs to improve constantly. Another good solution instead of CyberArk can be SailPoint, which has been making significant strides in recent years.

Out of everything, I will rate it nine out of ten. 

It can be a language barrier, however, not necessarily if you understand English quite well. There is complexity in understanding the multifactor access, however the CyberArk interface is wonderful. I like it. It gives the user a very good, simple way to access different features of the CyberArk product.

I have no relationship with CyberArk. I've only worked with the product.

I use the solution in my company for its vaults.

The features that I personally find most effective in terms of security stem from the fact that it is easy to integrate and also the adoption is faster.

At the moment CyberArk needs to enrich Conjur and it needs to be made more viable so that its adoption can be made much faster.

I have been using CyberArk Identity for three years. Our company has a partnership with CyberArk.

Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution a nine out of ten.

As my company has a partnership with CyberArk, we don't face any challenges with the support part. I rate the technical support a ten out of ten.

Positive

In our company, we haven't faced any such challenges with the product's initial setup phase because our requirements were pretty clean and clear.

The solution is deployed on an on-premises model.

The solution can be deployed in two weeks, and it includes every area because my company has a complex environment.

Cost savings have been possible since my company has not had to pay any penalties after using the product. The product has also secured our company's environment.

I think it is a fairly priced tool. I rate the tool between six and seven on a scale of one to ten where one is expensive, and ten is cheap.

Against CyberArk Identity, my company tried other products like Norton and some other tools, which were not up to the mark.

My company doesn't use the tool for the multi-factor authentication feature.

I recommend the product to those who plan to use it.

The vendor maintains the solution automatically.

I rate the overall tool an eight out of ten.

CyberArk Identity's main use case is protecting privileged accounts. Although they've expanded into identity and access management, most of their business comes from privilege account management.

The tool is a very strong and valuable enterprise solution, particularly in ensuring the continuity of service. 

The product is not cheap, especially if you opt for an on-premise deployment requiring a complex server infrastructure. On the other hand, choosing the software as a service version simplifies infrastructure requirements but necessitates being online all the time.

I rate the tool's stability a nine out of ten. 

I rate the product's scalability a nine out of ten. 

Setting up CyberArk Identity is not straightforward. Typically, for the on-premise version, you need to install at least three servers that work together, although installing four servers is more common. However, if you opt for the software as a service version in the cloud, it's simpler to set up.

I rate the overall solution an eight out of ten. The recommendation is as follows: CyberArk Identity is the right product for you if you're an enterprise company. However, if you're a small or medium-sized company, you may face challenges with the on-premise solution from CyberArk Identity, and cheaper options may be available from other vendors.

Nevertheless, the tool is a strong and stable product. If you can afford it, opting for the software as a service (SaaS) solution would provide you with the best privilege account management tool.

My role involved installing agents on Linux servers, specifically utilizing a single sign-on. This implementation streamlined access for Linux and Unix administrators, allowing them to log in to any server using a single password.

The solution helps with auditing, and monitoring, and integrates with Splunk for log analysis. User activity logs are captured in CyberArk Identity and sent to external tools like Splunk for analysis and monitoring.

It is integrated with tools like Splunk and Dynatrace for the analysis of risk behavior and user activity. The pushing teams receive automated reports to assess factors such as login times and server activity in the last 60 days. 

The licensing for IAM and PAM tools is based on headcount and usage. Users who are not actively utilizing the resources may have their access revoked. This approach helps manage budgeting and reduces the risk impact on the organization by implementing protocols to mitigate threats.

The product needs to leverage the cloud more, especially in the financial sector, where cloud adoption might be limited. Proper reporting within the cloud is essential. The tool should be more user-friendly to expedite access for users. The current agent-based system poses challenges if a user loses access to the server, making tasks difficult to perform. It should also improve technical support. 

I rate the tool's stability a seven out of ten. 

I rate CyberArk Identity's scalability a nine out of ten. 

CyberArk Identity's deployment is easy. For deployment, the timeline depends on the number of applications a company has. For instance, if there are around 100 applications, the deployment process is expected to take no more than two weeks. For larger organizations, it can take one month to complete. The entire IT process for creating rules and user entitlements for each application can take at least a month. For large organizations with 500 or more applications, at least 20 people are needed to manage the product daily. 

The solution is cheap and I rate its pricing an eight out of ten. 

I rate thee overall product an eight out of ten. 

The integration capabilities, and ability to integrate CyberArk into the overall IBB strategy of our current clients.

In terms of general user feedback, the more security you put in front of a user, the more they complain. So usability and the user experience are always a challenge. So there's always room for improvement.

I have been using CyberArk Identity for ten years. 

I would I'd rate it probably seven and a half to eight.

The technical support is good. 

Positive

Their pricing is obviously a lot higher than many vendors in the marketplace but their service is also unmatched. 

I think maturity and overall coverage, CyberArk, obviously, has a lot more experience than many other vendors in this field. And, therefore, they have more wider range of tools and capabilities. But sometimes that's also a disadvantage that the newer vendors in the space often are more agile and more adaptable, especially to cloud environments and to, sort of, technologies that are more sort of, you know, cloud enabled. But overall, I would say CyberArk still has more maturity and more coverage in less than this.

I rate the overall solution a seven out of ten. 

For CyberArk Identity, a typical scenario involves using it with a federation, like Active Directory or Azure AD, to manage user identities. Since CyberArk Identity is a SaaS offering (not installable on-premise), identity connectors bridge the gap between the customer's directory (Azure AD or Active Directory) and CyberArk Identity.

These connectors essentially synchronize the two systems. For example, disabling an account in the customer's directory (either Azure AD or Active Directory) automatically disables the corresponding account in CyberArk Identity if the identity connector is present.

However, if you manage accounts manually within CyberArk Identity, you don't necessarily need a connector. This specific connector is called the CyberArk Identity Connector.

We can manage user access and permissions through CyberArk Identity. To fully manage it, we need a connector and whatever changes we want to make to user access or entitlements, if we do it in the CyberArk Identity end, the same will reflect in the customer's AD (Active Directory) also if you have the Identity Connector.

We use CyberArk Identity for multiple applications, like, for a single sign-on across multiple applications.

Some customers use it for managing server privileges through the SaaS version. In this case, CyberArk Identity facilitates the connection by federating the customer's Active Directory or Azure AD with the CyberArk SaaS environment. However, they only utilize a few features of CyberArk Identity, not its full potential.

I like the RBAC (Role-Based Access Control). This feature is quite common in other identity tools as well. It basically involves defining various roles, and then simply assigning those roles to users.

That's the RBAC feature that I find most valuable for security.

Moreover, CyberArk Identity offers multi-factor authentication, but I haven't configured this feature yet. 

For instance, if the customer wants multi-factor authentication (MFA) or single sign-on (SSO), they usually prefer their own Azure MFA or Azure AD as a base or anything that is already integrated with their environment, so they don't have to subscribe to CyberArk SSO. But it's possible.

CyberArk Identity could improve by allowing federation directly or seamlessly, without the need for an Identity Connector. Instead of building separate Azure Connectors, if they could just federate, that would be nice.

However, for this kind of feature to work, the customer's environment would need specific configurations.

Basically, they could improve the federation capabilities to handle multiple domains separately, instead of just one. Right now, if you're working with one domain, it's okay. But for multiple domains, it becomes a bit complicated.

In the on-premises version, you can curate more than one domain seamlessly. However, the SaaS version of CyberArk Identity requires more configuration.

Moreover, CyberArk Identity is relatively new. They haven't been in the market for more than two or three years. They're still under development and not yet a fully-fledged product. 

They're constantly adding features, but they haven't yet achieved complete account management capabilities for all types of accounts, which is likely due to their competition. 

So, while they are actively promoting it, not many customers are using CyberArk Identity yet.

I have been using it for two years. CyberArk Identity is a relatively new offering specifically designed for the SaaS environment, their cloud offering.

CyberArk also offers a self-hosted version and the SaaS option. So, if customers choose a SaaS environment, then CyberArk Identity comes into play for identity and access management (IAM).

CyberArk is now pushing CyberArk Identity because it can manage various other aspects, including directories, which is why they are actively promoting it.

The SaaS version is quite stable. It's a stable version because they are promoting it heavily and even proposing migration from self-hosted on-premises versions to the SaaS version. So, it's quite reliable. However, as with any cloud service, there's always a possibility of issues.

The only thing to consider is the number of zones in different regions. For example, in the US, UK, or Asia-Pacific regions, they should have more zones for the vault or cloud components. In the UK, for instance, they only have two or three zones.

So, the overall stability is good. However, I would like to see them offer a solution where high-volume customers using their SaaS service can have a customized dashboard showing real-time availability (what's up and what's down). 

Currently, customers have to manually select their instance and check its status. If we could get a real-time status of the running services and components, that would be nice.

In terms of stability,  CyberArk Identity has a high SLA (Service Level Agreement); an SLA of 99.9%. So, it should be reliable.

I would rate the scalability an eight out of ten. It's close to ten, but it's not quite perfect. There's a slight complexity because, for some license increases, you need purchase orders (POs) and approvals.

However, technically, it's very simple. They just need End-to-End Orchestration (EON) for the license, which means something is added on their back end in the SaaS offering. The customer doesn't have to do anything. You just pay the money, and they attach the license.

So, it's scalable vertically or horizontally. If you need more storage space for recordings (because CyberArk has a recording feature), or if you want to keep the audit logs longer than a year, they can do that too, and it's not that expensive.

Considering everything, I'd rate its overall scalability an eight out of ten.

Basically, it can be used by all sizes of companies because the licensing is flexible. It can be for 50 users, 100 users, 4,000 users, 12,000 users, even 20,000 users. So, it's good for modularizing or setting up for small enterprises, and it's also suitable for medium and large enterprises.  

There is room for improvement in customer service and support. Since I started with CyberArk products about seven years ago, the support hasn't significantly improved. They haven't necessarily enhanced the organization, updates, or handovers, which should be addressed.

Since this is a SaaS (Software-as-a-Service) offering, the vendor handles most of the things, around 75%. 

CyberArk does have good documentation, but there is room for improvement, maybe about 5%. 

The documentation could be more specific about the changes needed to achieve specific goals.

For example, in my recent project, we encountered an issue. User accounts and groups weren't showing up in CyberArk Identity when trying to pull them from the customer directory. We had to troubleshoot extensively, and the documentation didn't provide the necessary guidance. Thankfully, with CyberArk's help, we resolved the issue.

So, an improvement they could make is to clarify in the documentation the specific configuration changes needed for different customer goals. For instance, pulling user accounts, security groups, and user server security groups requires specific configurations that weren't clearly outlined in the documentation. This is the 5% area they can improve on.

Integrating CyberArk Identity with other IT infrastructure is not simple, it is a bit complex. You need to bring multiple domains together and ensure various networks connect. 

It's not just about the cloud environment; you also need firewalls and configurations, making it a management challenge. So, it's not easy, but it is not overly complex either, maybe moderate with some complexities.

It's a one-time setup. If you do it correctly the first time, then it runs smoothly.

It's not that affordable compared to Delinea or other products. They're less expensive and allow more customization. For the cost, it is expensive.

It's like choosing between Volkswagen and Mercedes-Benz. Both might have good safety features, but Mercedes offers more features and is considered bulletproof initially. They have standard pricing, so you get everything. It's like choosing a car you don't need daily protection for versus one that requires constant defense.

So, there's still value in CyberArk, and they are improving.

Overall, I would rate the solution a seven out of ten because there is still room for improvement. 

We use CyberArk Identity to handle the identity of an Active Directory, to handle Linux and other systems, and for API configurations that can handle even database accesses and third-party IDB accesses.

CyberArk Identity is a mature product.

The solution's difficulty in gaining skill sets should be improved because it's a vertical product. We would expect a better and easier operational service from CyberArk Identity.

CyberArk Identity is a stable solution.

Approximately, 55 customers are using CyberArk Identity.

Usually, the solution's technical support team responds, but the skill set of the first engineer is not ideal. You need to keep pressing in order to have the appropriate person to help you with the support.

The solution's initial setup is quite complex because it has its individual way of doing things.

CyberArk Identity is an expensive solution.

We recommend CyberArk Identity to our customers.

Overall, I rate CyberArk Identity a six or six and a half out of ten.

CyberArk offers multiple products, including PAN, LRO for vendor remote access, and Identity. Some clients in the entertainment and tourism industry prefer using CyberArk Identity on the cloud as a Software as a Service (SaaS) solution. Their teams are typically small and prefer not to manage the infrastructure. They opt for this approach because they want to avoid investing significant time and money in larger products like SailPoint. However, it's important to note that such clients are relatively rare, with perhaps just one or two out of every hundred.

Regarding identity management, it's worth noting that onboarding users from various sources is a straightforward process with CyberArk SaaS. The user identification is simplified, and managing user privileges, whether adding or revoking them, is also quite straightforward when utilizing CyberArk SaaS.

On the PAM side, one of their notable strengths lies in safeguarding the keys and users for privileged accounts. They've implemented a robust security approach that is superior to many other solutions in terms of protecting privileged users and their keys.

In terms of a governance platform, it's worth noting that CyberArk doesn't offer a particularly strong one. They struggle with identifying risk scores efficiently because their risk scoring relies on the manual entry of access data. In contrast, SailPoint excels in this aspect and can detect and provide superior governance scores more effectively.

To be equitable, one notable aspect is that CyberArk is gradually moving away from on-premises components and migrating them to the cloud. However, from my perspective, they should consider retaining some on-premises components instead of entirely removing them. I understand that this decision might be related to cost and future prospects. Nonetheless, considering the global trend of securing and controlling data, offering everything solely in the cloud could become problematic for many organizations.

I have been working with it for more than two and a half years.

In terms of stability, I would rate it an eight. It's important to consider that a comprehensive solution requires a minimum of nine servers, which can pose challenges in terms of management and overall stability due to the substantial number of components involved.

When it comes to scalability, there are two distinct aspects to consider with CyberArk. License scalability is notably straightforward and perhaps the easiest compared to other solutions. However, architectural scalability can be quite complex and challenging.

I would rate it a nine out of ten.

To be completely frank, among my ten clients, a minimum of six express concerns or confusion regarding CyberArk. I'm not certain whether it's linked to the clients' skill levels or understanding, but I suspect that the support ecosystem is not adequately developed.

It's a straightforward process if you have skilled resources on hand. However, if your resources lack the necessary expertise, they might face challenges.

If we're looking at a comparison once more, it's important to acknowledge the crowded nature of the market. With so many players, including Arcon, BeyondTrust, WarLX, and others, the field is diverse. However, when focusing on the top products, I'd highlight BeyondTrust, CyberArk, Delinea, and Arcon. In terms of pricing, BeyondTrust and CyberArk tend to be more expensive, with CyberArk receiving an eight out of ten, in this regard.

In the realm of identity management, SailPoint is the leader due to its extensive features and customization capabilities, making a direct comparison with CyberArk somewhat unfair as SailPoint tends to excel. However, among CyberArk's competitors, Ping Identity stands as a strong contender. Ping Identity has been involved in the identity space for a longer period than CyberArk. Furthermore, there have been mergers in this space, such as FosRoc and BeyondTrust. This has reshaped the landscape, and the competition should now primarily be between Arcon, Ping Identity, and SailPoint, as other products tend to be smaller, like Micro Focus. Comparing them with Micro Focus wouldn't be suitable.

Enterprises generally have the resources to handle the compute and storage requirements and can allocate additional resources for CyberArk management without significant issues. However, medium-sized companies need to exercise caution as they might need to hire dedicated resources for solution management, which can increase maintenance costs. Small organizations, on the other hand, are likely to face numerous challenges during upgrades, migrations, and maintenance due to their limited resources. CyberArk is best suited for larger enterprises.

Overall I would rate it an eight out of ten.