My role involved installing agents on Linux servers, specifically utilizing a single sign-on. This implementation streamlined access for Linux and Unix administrators, allowing them to log in to any server using a single password.

The solution helps with auditing, and monitoring, and integrates with Splunk for log analysis. User activity logs are captured in CyberArk Identity and sent to external tools like Splunk for analysis and monitoring.

It is integrated with tools like Splunk and Dynatrace for the analysis of risk behavior and user activity. The pushing teams receive automated reports to assess factors such as login times and server activity in the last 60 days. 

The licensing for IAM and PAM tools is based on headcount and usage. Users who are not actively utilizing the resources may have their access revoked. This approach helps manage budgeting and reduces the risk impact on the organization by implementing protocols to mitigate threats.

The product needs to leverage the cloud more, especially in the financial sector, where cloud adoption might be limited. Proper reporting within the cloud is essential. The tool should be more user-friendly to expedite access for users. The current agent-based system poses challenges if a user loses access to the server, making tasks difficult to perform. It should also improve technical support. 

I rate the tool's stability a seven out of ten. 

I rate CyberArk Identity's scalability a nine out of ten. 

CyberArk Identity's deployment is easy. For deployment, the timeline depends on the number of applications a company has. For instance, if there are around 100 applications, the deployment process is expected to take no more than two weeks. For larger organizations, it can take one month to complete. The entire IT process for creating rules and user entitlements for each application can take at least a month. For large organizations with 500 or more applications, at least 20 people are needed to manage the product daily. 

The solution is cheap and I rate its pricing an eight out of ten. 

I rate thee overall product an eight out of ten. 

The integration capabilities, and ability to integrate CyberArk into the overall IBB strategy of our current clients.

In terms of general user feedback, the more security you put in front of a user, the more they complain. So usability and the user experience are always a challenge. So there's always room for improvement.

I have been using CyberArk Identity for ten years. 

I would I'd rate it probably seven and a half to eight.

The technical support is good. 

Positive

Their pricing is obviously a lot higher than many vendors in the marketplace but their service is also unmatched. 

I think maturity and overall coverage, CyberArk, obviously, has a lot more experience than many other vendors in this field. And, therefore, they have more wider range of tools and capabilities. But sometimes that's also a disadvantage that the newer vendors in the space often are more agile and more adaptable, especially to cloud environments and to, sort of, technologies that are more sort of, you know, cloud enabled. But overall, I would say CyberArk still has more maturity and more coverage in less than this.

I rate the overall solution a seven out of ten. 

For CyberArk Identity, a typical scenario involves using it with a federation, like Active Directory or Azure AD, to manage user identities. Since CyberArk Identity is a SaaS offering (not installable on-premise), identity connectors bridge the gap between the customer's directory (Azure AD or Active Directory) and CyberArk Identity.

These connectors essentially synchronize the two systems. For example, disabling an account in the customer's directory (either Azure AD or Active Directory) automatically disables the corresponding account in CyberArk Identity if the identity connector is present.

However, if you manage accounts manually within CyberArk Identity, you don't necessarily need a connector. This specific connector is called the CyberArk Identity Connector.

We can manage user access and permissions through CyberArk Identity. To fully manage it, we need a connector and whatever changes we want to make to user access or entitlements, if we do it in the CyberArk Identity end, the same will reflect in the customer's AD (Active Directory) also if you have the Identity Connector.

We use CyberArk Identity for multiple applications, like, for a single sign-on across multiple applications.

Some customers use it for managing server privileges through the SaaS version. In this case, CyberArk Identity facilitates the connection by federating the customer's Active Directory or Azure AD with the CyberArk SaaS environment. However, they only utilize a few features of CyberArk Identity, not its full potential.

I like the RBAC (Role-Based Access Control). This feature is quite common in other identity tools as well. It basically involves defining various roles, and then simply assigning those roles to users.

That's the RBAC feature that I find most valuable for security.

Moreover, CyberArk Identity offers multi-factor authentication, but I haven't configured this feature yet. 

For instance, if the customer wants multi-factor authentication (MFA) or single sign-on (SSO), they usually prefer their own Azure MFA or Azure AD as a base or anything that is already integrated with their environment, so they don't have to subscribe to CyberArk SSO. But it's possible.

CyberArk Identity could improve by allowing federation directly or seamlessly, without the need for an Identity Connector. Instead of building separate Azure Connectors, if they could just federate, that would be nice.

However, for this kind of feature to work, the customer's environment would need specific configurations.

Basically, they could improve the federation capabilities to handle multiple domains separately, instead of just one. Right now, if you're working with one domain, it's okay. But for multiple domains, it becomes a bit complicated.

In the on-premises version, you can curate more than one domain seamlessly. However, the SaaS version of CyberArk Identity requires more configuration.

Moreover, CyberArk Identity is relatively new. They haven't been in the market for more than two or three years. They're still under development and not yet a fully-fledged product. 

They're constantly adding features, but they haven't yet achieved complete account management capabilities for all types of accounts, which is likely due to their competition. 

So, while they are actively promoting it, not many customers are using CyberArk Identity yet.

I have been using it for two years. CyberArk Identity is a relatively new offering specifically designed for the SaaS environment, their cloud offering.

CyberArk also offers a self-hosted version and the SaaS option. So, if customers choose a SaaS environment, then CyberArk Identity comes into play for identity and access management (IAM).

CyberArk is now pushing CyberArk Identity because it can manage various other aspects, including directories, which is why they are actively promoting it.

The SaaS version is quite stable. It's a stable version because they are promoting it heavily and even proposing migration from self-hosted on-premises versions to the SaaS version. So, it's quite reliable. However, as with any cloud service, there's always a possibility of issues.

The only thing to consider is the number of zones in different regions. For example, in the US, UK, or Asia-Pacific regions, they should have more zones for the vault or cloud components. In the UK, for instance, they only have two or three zones.

So, the overall stability is good. However, I would like to see them offer a solution where high-volume customers using their SaaS service can have a customized dashboard showing real-time availability (what's up and what's down). 

Currently, customers have to manually select their instance and check its status. If we could get a real-time status of the running services and components, that would be nice.

In terms of stability,  CyberArk Identity has a high SLA (Service Level Agreement); an SLA of 99.9%. So, it should be reliable.

I would rate the scalability an eight out of ten. It's close to ten, but it's not quite perfect. There's a slight complexity because, for some license increases, you need purchase orders (POs) and approvals.

However, technically, it's very simple. They just need End-to-End Orchestration (EON) for the license, which means something is added on their back end in the SaaS offering. The customer doesn't have to do anything. You just pay the money, and they attach the license.

So, it's scalable vertically or horizontally. If you need more storage space for recordings (because CyberArk has a recording feature), or if you want to keep the audit logs longer than a year, they can do that too, and it's not that expensive.

Considering everything, I'd rate its overall scalability an eight out of ten.

Basically, it can be used by all sizes of companies because the licensing is flexible. It can be for 50 users, 100 users, 4,000 users, 12,000 users, even 20,000 users. So, it's good for modularizing or setting up for small enterprises, and it's also suitable for medium and large enterprises.  

There is room for improvement in customer service and support. Since I started with CyberArk products about seven years ago, the support hasn't significantly improved. They haven't necessarily enhanced the organization, updates, or handovers, which should be addressed.

Since this is a SaaS (Software-as-a-Service) offering, the vendor handles most of the things, around 75%. 

CyberArk does have good documentation, but there is room for improvement, maybe about 5%. 

The documentation could be more specific about the changes needed to achieve specific goals.

For example, in my recent project, we encountered an issue. User accounts and groups weren't showing up in CyberArk Identity when trying to pull them from the customer directory. We had to troubleshoot extensively, and the documentation didn't provide the necessary guidance. Thankfully, with CyberArk's help, we resolved the issue.

So, an improvement they could make is to clarify in the documentation the specific configuration changes needed for different customer goals. For instance, pulling user accounts, security groups, and user server security groups requires specific configurations that weren't clearly outlined in the documentation. This is the 5% area they can improve on.

Integrating CyberArk Identity with other IT infrastructure is not simple, it is a bit complex. You need to bring multiple domains together and ensure various networks connect. 

It's not just about the cloud environment; you also need firewalls and configurations, making it a management challenge. So, it's not easy, but it is not overly complex either, maybe moderate with some complexities.

It's a one-time setup. If you do it correctly the first time, then it runs smoothly.

It's not that affordable compared to Delinea or other products. They're less expensive and allow more customization. For the cost, it is expensive.

It's like choosing between Volkswagen and Mercedes-Benz. Both might have good safety features, but Mercedes offers more features and is considered bulletproof initially. They have standard pricing, so you get everything. It's like choosing a car you don't need daily protection for versus one that requires constant defense.

So, there's still value in CyberArk, and they are improving.

Overall, I would rate the solution a seven out of ten because there is still room for improvement. 

We use CyberArk Identity to handle the identity of an Active Directory, to handle Linux and other systems, and for API configurations that can handle even database accesses and third-party IDB accesses.

CyberArk Identity is a mature product.

The solution's difficulty in gaining skill sets should be improved because it's a vertical product. We would expect a better and easier operational service from CyberArk Identity.

CyberArk Identity is a stable solution.

Approximately, 55 customers are using CyberArk Identity.

Usually, the solution's technical support team responds, but the skill set of the first engineer is not ideal. You need to keep pressing in order to have the appropriate person to help you with the support.

The solution's initial setup is quite complex because it has its individual way of doing things.

CyberArk Identity is an expensive solution.

We recommend CyberArk Identity to our customers.

Overall, I rate CyberArk Identity a six or six and a half out of ten.

CyberArk offers multiple products, including PAN, LRO for vendor remote access, and Identity. Some clients in the entertainment and tourism industry prefer using CyberArk Identity on the cloud as a Software as a Service (SaaS) solution. Their teams are typically small and prefer not to manage the infrastructure. They opt for this approach because they want to avoid investing significant time and money in larger products like SailPoint. However, it's important to note that such clients are relatively rare, with perhaps just one or two out of every hundred.

Regarding identity management, it's worth noting that onboarding users from various sources is a straightforward process with CyberArk SaaS. The user identification is simplified, and managing user privileges, whether adding or revoking them, is also quite straightforward when utilizing CyberArk SaaS.

On the PAM side, one of their notable strengths lies in safeguarding the keys and users for privileged accounts. They've implemented a robust security approach that is superior to many other solutions in terms of protecting privileged users and their keys.

In terms of a governance platform, it's worth noting that CyberArk doesn't offer a particularly strong one. They struggle with identifying risk scores efficiently because their risk scoring relies on the manual entry of access data. In contrast, SailPoint excels in this aspect and can detect and provide superior governance scores more effectively.

To be equitable, one notable aspect is that CyberArk is gradually moving away from on-premises components and migrating them to the cloud. However, from my perspective, they should consider retaining some on-premises components instead of entirely removing them. I understand that this decision might be related to cost and future prospects. Nonetheless, considering the global trend of securing and controlling data, offering everything solely in the cloud could become problematic for many organizations.

I have been working with it for more than two and a half years.

In terms of stability, I would rate it an eight. It's important to consider that a comprehensive solution requires a minimum of nine servers, which can pose challenges in terms of management and overall stability due to the substantial number of components involved.

When it comes to scalability, there are two distinct aspects to consider with CyberArk. License scalability is notably straightforward and perhaps the easiest compared to other solutions. However, architectural scalability can be quite complex and challenging.

I would rate it a nine out of ten.

To be completely frank, among my ten clients, a minimum of six express concerns or confusion regarding CyberArk. I'm not certain whether it's linked to the clients' skill levels or understanding, but I suspect that the support ecosystem is not adequately developed.

It's a straightforward process if you have skilled resources on hand. However, if your resources lack the necessary expertise, they might face challenges.

If we're looking at a comparison once more, it's important to acknowledge the crowded nature of the market. With so many players, including Arcon, BeyondTrust, WarLX, and others, the field is diverse. However, when focusing on the top products, I'd highlight BeyondTrust, CyberArk, Delinea, and Arcon. In terms of pricing, BeyondTrust and CyberArk tend to be more expensive, with CyberArk receiving an eight out of ten, in this regard.

In the realm of identity management, SailPoint is the leader due to its extensive features and customization capabilities, making a direct comparison with CyberArk somewhat unfair as SailPoint tends to excel. However, among CyberArk's competitors, Ping Identity stands as a strong contender. Ping Identity has been involved in the identity space for a longer period than CyberArk. Furthermore, there have been mergers in this space, such as FosRoc and BeyondTrust. This has reshaped the landscape, and the competition should now primarily be between Arcon, Ping Identity, and SailPoint, as other products tend to be smaller, like Micro Focus. Comparing them with Micro Focus wouldn't be suitable.

Enterprises generally have the resources to handle the compute and storage requirements and can allocate additional resources for CyberArk management without significant issues. However, medium-sized companies need to exercise caution as they might need to hire dedicated resources for solution management, which can increase maintenance costs. Small organizations, on the other hand, are likely to face numerous challenges during upgrades, migrations, and maintenance due to their limited resources. CyberArk is best suited for larger enterprises.

Overall I would rate it an eight out of ten.

My company uses CyberArk Identity for password vault, password management, and session management.

CyberArk Identity is the best PAM solution in town. Even though there are a lot of competitors of CyberArk Identity in the market, most of them do not have the market domination like CyberArk Identity.

CyberArk Identity's GUI is an area with certain shortcomings that need improvement.

I have been using CyberArk Identity for two years. I use the solution's latest version.

It is a very stable solution. Stability-wise, I rate the solution an eight out of ten.

It is a scalable solution. Scalability-wise, I rate the solution a nine out of ten. If you scale it up too much, then the solution lags performance-wise, causing it to slow down.

My company deals with its clients, and based on my current workplace, I have seen 300 users of the solution.

There are no plans to increase the number of users.

CyberArk Identity's technical support needs to know its own product well enough before telling others how it works. The support team should be more knowledgeable.

The initial setup of CyberArk Identity was straightforward.

The solution is deployed on the cloud.

The solution could be deployed in a week.

For the deployment process, we need to get your networking right and make sure you download the correct version of the solution, after which you can deploy the solution after ensuring that you have all the required infrastructure.

A manager and a senior engineer are required for the deployment and maintenance.

You can do the installation with the help of an integrator or consultant. The installation can be done in-house with the help of the product's documentation.

CyberArk Identity is a good investment. Once you deploy, I would say that you can use it for a long time.

Speaking about the price, I can only say that the solution is used by all the top-tier companies worldwide. There could be some additional costs apart from the licensing costs of the solution when you want to develop connectors in CyberArk Identity.

I recommend the solution to those planning to use it.

I recommend the solution to those planning to use it. The solution's potential users should ensure that you scale it properly and don't scale it beyond what is required because its performance lags.

I rate the overall solution an eight out of ten.

We are using CyberArk Identity to consolidate all the applications and demo tenants that we have in the same panel and to apply features, such as MFA and single sign-on.

CyberArk Identity has helped me a lot to optimize processes and provide access.

The most valuable feature of CyberArk Identity is the adaptive interface.

The OpenID features could improve in CyberArk Identity.

I have been using CyberArk Identity for approximately two years.

CyberArk Identity is a stable solution.

I rate the stability of CyberArk Identity a nine out of ten.

The scalability of CyberArk Identity is great. It is built with scalability in mind.

I plan to increase the usage of the solution.

I rate the scalability of CyberArk Identity a nine out of ten.

I rate the support of CyberArk Identity a seven out of ten.

Neutral

The initial setup of CyberArk Identity is straightforward. After 20 to 30 hours we finished the process.

I have received a good return on investment using CyberArk Identity.

The pricing of CyberArk Identity is competitive.

I rate the price of CyberArk Identity a ten out of ten.

I rate CyberArk Identity an eight out of ten.