The solution is mostly used for financial services.

The solution covers all key pillars of Identity security and governance. It reduces IT team workload by managing employee transitions, allocating rights, implementing least privilege, and ensuring people have only the necessary access rights. The role-based access and secure resource access principles are automated within organizations, especially when integrated with HR systems, enabling quick resource provisioning and decommissioning.

Once the solution is deployed, the customer can immediately see benefits. Typically, the first phase involves securing high-risk areas. Once the protection for privileged access identities is in place, the customer can then focus on securing the rest of the workforce, as well as protecting sensitive communications between machines, endpoints, and workstations. The time to realize value from this solution is quite short because it is a comprehensive solution. As soon as it is implemented, it fundamentally changes how users access systems, providing immediate security benefits. In summary, the value becomes apparent right away.

CyberArk Identity offers Single Sign-On, Adaptive MFA, Web Password Manager, and Secure Web Sessions for recording sessions from web applications. It also provides federated services, Directory Service integration with popular IDPs, and management of joiners, leavers, and movers in an organization.

They have been working to improve areas such as Identity Governance and Assurance (IGA), but integration with new acquisitions into a single stack could be enhanced. While CyberArk Identity is a leader in Identity Security, the integration of multiple components could be improved.

I would suggest focusing on the integration of the multiple components. Currently, we have a unified platform, but with the recent acquisitions, I would like to see more seamless integration of those new entities. Additionally, I’m curious to see how the recent acquisition by Palo Alto will play out. I am interested in understanding how both companies can benefit from each other moving forward.

Additional improvements could include more out-of-the-box plugins for key systems. Though they are the largest privileged access company with numerous integrations, coverage could be expanded for certain database clients and other systems.

I have been using CyberArk Identity for a year and a half.

Their support is very good, with a huge community. I would rate it as a nine out of ten.

Positive

The subscription licensing model, which provides identity features within the privileged access license, is quite affordable for most customers. The full stack available through one subscription license works particularly for customers in Africa, where the acquiring rate remains healthy.

I would rate CyberArk Identity an eight out of ten.

We are using CyberArk Identity for user provisioning, and we have integrated multiple applications, most of them being SAML-based authentication ones. 

We are also provisioning users to target applications and using CyberArk Identity as an authentication method for two-factor authentication.

I have worked on multiple projects where we have integrated external IdPs with CyberArk Identity. We have also implemented AD integration to get users from Active Directory to CyberArk Identity. We are using the reporting functionality and role-based access control. 

We have created several roles for one client where I was working. It was an all-suite ISPS model that CyberArk has where CyberArk Identity, Privileged Cloud, and all those applications were present. In this case, we were using roles from CyberArk Identity to grant users access to their respective safes in the Privileged Cloud.

The UI is very simplified, and the documentation of CyberArk Identity is very crisp and clear. The support of CyberArk Identity is also really good. 

From the support perspective, there is an excellent feature for identity verification. 

When someone calls with identity issues, CyberArk Identity has provided one of the best features where we can use MFA verification. It sends a code to the user and validates the caller.

CyberArk Identity can be integrated with applications such as Secure Hub, Secrets Hub, Conjur, and Privileged Cloud. However, getting usage reports for specific applications is difficult. Tracking user activity across different integrated applications is challenging as the logs don't provide detailed information about which application users accessed.

The reporting functionality is somewhat complicated. While I would rate CyberArk Identity and Okta on the same level, Okta's reporting is crisper and clearer. For CyberArk Identity, you need knowledge of their scripting language to pull different sets of reports. 

Though the out-of-the-box reports are good, they should simplify the reporting process to make it easier to pull all reports. The documentation for the reporting functionality is not very clear, which creates conflicts. 

Additionally, CyberArk Identity needs to enhance features such as import scheduling and document clarity for new aspects such as Flows.

I have been using CyberArk Identity in my career for almost four years.

As part of maintenance, we haven't faced any downtime with CyberArk Identity. If there are any outages, CyberArk is responsible, and they usually address them very quickly. The services were operational 24/7. 

Previously, we faced some issues where when users were provisioned and we tried to delete them, the entry was deleted from the back end, however, a ghost entry still existed in CyberArk Identity. We did not have an option to delete that particular user, which caused issues when trying to provision the same user again from AD.

The quality of support is really good. They respond immediately when requests are raised, and they are always available for priority one tickets. The only requirement is having access to their community portal to raise cases. The support is comparable to other SaaS products such as Okta.

The initial deployment was straightforward. CyberArk provides the tenant, and the documentation for integrating with Active Directory is clear. You need to build the server and set up the agent. The AD integration itself takes about ten minutes, but the complete process, including server build and approvals, takes a couple of days. If all resources are ready, the actual integration is very straightforward and takes only five to ten minutes.

We are partners providing services to other clients. I am an implementation engineer responsible for designing, architecting, and deploying solutions for clients.

I am not certain about CyberArk Identity's exact pricing model. For comparison, Okta was around five dollars per user. CyberArk Identity offers good discounts to some clients, which influences their decision to choose the solution.

Okta is a more mature product compared to CyberArk Identity. Policies and customization are easier with Okta. Integration with different applications through the Okta Integration Network is straightforward, with clear guides and steps. CyberArk Identity could improve in these areas. The main difference is in the UI and some features. 

The reporting functionality in Okta is superior. In Okta, you can control imports and manually import users from AD, applications, or CSV files. These options and the ability to schedule periodic imports are not available in CyberArk Identity.

Comparing CyberArk Identity with products such as Ping, Okta, and RSA, CyberArk Identity still needs product development, as Okta offers additional features. Some features of CyberArk Identity are excellent, however, Okta is more user-friendly. The reporting functionality and Flows are areas for improvement. Since Flows is a new product, it needs to mature. They should conduct training, educate people, and provide clear documentation for better utilization.

In the Identity user portal, you can create secure notes, upload passwords or keys, and create bookmark applications. We have encountered some glitches when sharing applications with others, where users face issues despite having correct permissions.

I rate CyberArk Identity eight out of ten.

My use case for CyberArk Identity involves multiple reasons: for identity to gain access to the clients' environments, to provision on-demand access, and to provide services via the Access Manager.

I find the CyberArk Identity portal quite intuitive; it has changed a lot over the last year and a half. 

If you think logically and understand your environment, it is easy to establish a suitable setup for yourself and all your vendors. I did see an impact on operational efficiency with CyberArk Identity. 

If you look at all the technical requirements to set up a VPN or an access management tool, where you need to integrate four, five, or six different services with the CyberArk side, it is significantly easier. You provision a server on the inside and simply assign the services allowed from the outside by ticking a box to grant access. The person can then either scan a QR code or receive an email to log in.

CyberArk Identity has indeed helped reduce the mean time to detect; it has also aided in troubleshooting by allowing logs to be extracted and sent to a correlation engine, such as QRadar, for notifications or alerts. It also helps in preventing attacks, as someone trying multiple times to log in, and the trigger on whatever login is used aids in maintaining a quick view of what is happening.

Room for improvement for CyberArk Identity might be on the support side, as they constantly improve with new features and remove redundant ones, integrating multiple steps into a single one for easier use; however, this is not just CyberArk Identity, as many vendors start with basic troubleshooting services without recognizing that knowledgeable users often reach out after exhausting those options.

I have been working with CyberArk Identity for coming on four years now.

The solution's stability depends on your connectivity most of the time, so if you've got a bad network, it will not be stable, but with a stable network, due to the redundant data centers across the globe, it is a lot easier to use as a SaaS solution.

CyberArk Identity is definitely a scalable solution; it all depends on the money that you have, as with anything else.

I would rate technical support from CyberArk a nine out of ten; there's always space for improvement.

After implementing CyberArk Identity, in a big implementation, it took about four months for my organization to see time to value, while in a smaller implementation, it was a month.

My experience with the pricing of CyberArk Identity has been good, as we've got a good relationship with the team, whether in South Africa, where I am or globally; we maintain a strong relationship and have been competitive against any other identity solutions.

My experience of working with CyberArk solutions is quite extensive. With CyberArk tools, I have experience working with Privileged Access, Identity Access, and Secrets Manager, although with Secrets Manager not as much, but the other two quite extensively.

My relationship with CyberArk is as a partner. I purchased CyberArk Identity through both the vendor and AWS Marketplace, as it depends on what the client wants: through the vendor for purely bespoke installation or architecture and AWS for ease of use.

I would rate CyberArk Identity a nine out of ten overall. 

I understand that different people have different requirements, which might mean they don't experience it the same way as I do.

CyberArk Identity is mainly used for accessing servers, partition management, and rotating passwords, especially in sensitive sectors such as banking and to protect patient data. It's crucial for complying with regulations and ensuring that administrative tasks such as encryption key management are streamlined.

CyberArk Identity provides an easy identity portal, single console, log capture for GRC compliance, and efficiently rotates passwords unknown to users, enhancing security. These features aid in reducing the attack surface by blocking unauthorized access and preventing exposure of internal solutions in sectors such as banking.

Some areas experience slowness based on the workload. There's a need to enhance network performance despite the good user experience with access management.

We have been working with CyberArk Identity for more than five years. Previously, I worked with other PAM management tools. Currently, most customers are choosing it as a premier product, which is why we are focusing more on CyberArk Identity.

They charge reasonable money for the features they provide. The price is reasonable for the product.

Positive

While Arkon PAM is a competitor, that product is not as good nowadays. CyberArk Identity is at the top. When it comes to premium products, CyberArk Identity stands alone.

The setup process for CyberArk Identity is singular, but it differs for all customers. Customers provide the data for implementation, based on which we receive payment. From a product perspective, it's easy, but we need to gather customer data and implement according to their requirements.

Other vendors include CrowdStrike and SentinelOne.

Customers in the banking sector don't expose what solutions they have inside their systems for security reasons. My overall rating for CyberArk Identity is nine out of ten.

We use it to protect our login credentials within the computers and tablets that we provide to our team for field tasks.

Being able to integrate CyberArk Identity with Microsoft Defender is valuable. This integration feature is integral to maximizing the security benefits we get from the system.

To enhance the product, they can consider improving the user interface of the software and possibly the customer support team. Sometimes, there is a delay in handling my inquiries via email, which could be addressed for better service.

I have used the solution for one year and a half.

We have never experienced downtime or crashing. I have not encountered such issues.

The solution can be scaled. If we have subscribed, we are able to use it on different laptops and tablets. It does not limit us, even if I have ten or more devices. We can use it on different phones and computers, demonstrating its scalability.

There are times when there is a delay in handling my inquiries via email. I would rate them an eight out of ten.

Positive

We have not used other solutions. This is the first software that we are using to protect our data and access information within the organization.

It was very easy because after we developed an interest, we went through the training on how to install it best, so while installing, we found things very easy.

It took us one day for us to become familiar with everything. We were able to realize its benefits immediately after the deployment. 

It does not require any maintenance.

We had three people involved in the deployment.

The pricing is acceptable. It is worth considering what we are protecting with the amount charged.

A simple advice would be to have an IT person on the team for the software installation.

Overall, I would rate CyberArk Identity a nine out of ten.

I work with Direct Identity. I was studying CyberArk, and I have used it a few times. Then I switched to a new project. I have some experience with CyberArk Identity.

What I like most about CyberArk Identity is the model that is in place. It is very good. It is the most powerful access management system. There is a lot of security - especially when you have to onboard and allow access for new users for the corporate and new applications. It's wonderful.

We saw results very quickly. I saw the power of identity management almost right away. It's one of the best in the industry. It competes very well against other solutions and Active Directory. It's very low cost in comparison to Microsoft solutions. 

Something they could improve is the management of multifactor authentication. When you translate the page from one language to another, it can be a difficult process. The translation isn't always good, and it may have a completely different name. I've noticed this in the English to Spanish translation.

The implementation can be difficult. They have so many laws and filters that it can be overwhelming.

A few months, or maybe two months ago, was the last time I used the product. I managed different multifactor accesses for users. When using you must sign in with corporate credentials to authenticate the users. The authentication can go through the phone or email. 

It's a very stable solution. When you have it in the cloud, you have CyberArk every time you need it. In the time I have been here, I have not experienced a fall in the service of CyberArk. There is no risk in the stability.

I have contacted technical support. We used their help with virtual machines that CyberArk gives. I had one machine that I could not use due to an invalid token. They resolved the problem immediately after I reported it, on the same day, within one hour. It was a very good experience.

Positive

A different solution can be, for example, Microsoft Azure Active Directory. It is a very powerful identity management system and very good for a company that needs to improve constantly. Another good solution instead of CyberArk can be SailPoint, which has been making significant strides in recent years.

The solution can be deployed on cloud or on-premises. CyberArk is more on the cloud than on local hardware. 

The deployment is initially quite difficult. That said, when you are doing the implementation of CyberArk, there are so many tutorials that make the learning process very easy. The only complaint could be the language barrier. It's difficult if you don't have a very good level of English. Otherwise, it is very easy.

You can have it set up within three months without much difficulty. It's hard to get started, however, once you get going, it gets easier. A full deployment takes half a year or less.

There is some maintenance necessary. A company is constantly hiring and letting go of employees. The access is always changing, so access must always be adjusted. Or, if we need another law of filter, we would need to add those, or even take them away. That's another aspect of maintenance. 

We do not use a third party for implementing CyberArk. We can contact CyberArk directly if we have questions.

Regarding pricing, it can be quite a lot for small companies. For national companies, like a medium-sized company with 1,000 employees, it can be very good.

It is also a very necessary solution. Every company needs identity management for security within the corporation. It is essential to prevent unauthorized access and maintain strong barriers against hackers.

A different solution can be, for example, Microsoft Azure Active Directory. It is a very powerful identity management system and very good for a company that needs to improve constantly. Another good solution instead of CyberArk can be SailPoint, which has been making significant strides in recent years.

Out of everything, I will rate it nine out of ten. 

It can be a language barrier, however, not necessarily if you understand English quite well. There is complexity in understanding the multifactor access, however the CyberArk interface is wonderful. I like it. It gives the user a very good, simple way to access different features of the CyberArk product.

I have no relationship with CyberArk. I've only worked with the product.

I use the solution in my company for its vaults.

The features that I personally find most effective in terms of security stem from the fact that it is easy to integrate and also the adoption is faster.

At the moment CyberArk needs to enrich Conjur and it needs to be made more viable so that its adoption can be made much faster.

I have been using CyberArk Identity for three years. Our company has a partnership with CyberArk.

Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution a nine out of ten.

As my company has a partnership with CyberArk, we don't face any challenges with the support part. I rate the technical support a ten out of ten.

Positive

In our company, we haven't faced any such challenges with the product's initial setup phase because our requirements were pretty clean and clear.

The solution is deployed on an on-premises model.

The solution can be deployed in two weeks, and it includes every area because my company has a complex environment.

Cost savings have been possible since my company has not had to pay any penalties after using the product. The product has also secured our company's environment.

I think it is a fairly priced tool. I rate the tool between six and seven on a scale of one to ten where one is expensive, and ten is cheap.

Against CyberArk Identity, my company tried other products like Norton and some other tools, which were not up to the mark.

My company doesn't use the tool for the multi-factor authentication feature.

I recommend the product to those who plan to use it.

The vendor maintains the solution automatically.

I rate the overall tool an eight out of ten.

CyberArk Identity's main use case is protecting privileged accounts. Although they've expanded into identity and access management, most of their business comes from privilege account management.

The tool is a very strong and valuable enterprise solution, particularly in ensuring the continuity of service. 

The product is not cheap, especially if you opt for an on-premise deployment requiring a complex server infrastructure. On the other hand, choosing the software as a service version simplifies infrastructure requirements but necessitates being online all the time.

I rate the tool's stability a nine out of ten. 

I rate the product's scalability a nine out of ten. 

Setting up CyberArk Identity is not straightforward. Typically, for the on-premise version, you need to install at least three servers that work together, although installing four servers is more common. However, if you opt for the software as a service version in the cloud, it's simpler to set up.

I rate the overall solution an eight out of ten. The recommendation is as follows: CyberArk Identity is the right product for you if you're an enterprise company. However, if you're a small or medium-sized company, you may face challenges with the on-premise solution from CyberArk Identity, and cheaper options may be available from other vendors.

Nevertheless, the tool is a strong and stable product. If you can afford it, opting for the software as a service (SaaS) solution would provide you with the best privilege account management tool.

My role involved installing agents on Linux servers, specifically utilizing a single sign-on. This implementation streamlined access for Linux and Unix administrators, allowing them to log in to any server using a single password.

The solution helps with auditing, and monitoring, and integrates with Splunk for log analysis. User activity logs are captured in CyberArk Identity and sent to external tools like Splunk for analysis and monitoring.

It is integrated with tools like Splunk and Dynatrace for the analysis of risk behavior and user activity. The pushing teams receive automated reports to assess factors such as login times and server activity in the last 60 days. 

The licensing for IAM and PAM tools is based on headcount and usage. Users who are not actively utilizing the resources may have their access revoked. This approach helps manage budgeting and reduces the risk impact on the organization by implementing protocols to mitigate threats.

The product needs to leverage the cloud more, especially in the financial sector, where cloud adoption might be limited. Proper reporting within the cloud is essential. The tool should be more user-friendly to expedite access for users. The current agent-based system poses challenges if a user loses access to the server, making tasks difficult to perform. It should also improve technical support. 

I rate the tool's stability a seven out of ten. 

I rate CyberArk Identity's scalability a nine out of ten. 

CyberArk Identity's deployment is easy. For deployment, the timeline depends on the number of applications a company has. For instance, if there are around 100 applications, the deployment process is expected to take no more than two weeks. For larger organizations, it can take one month to complete. The entire IT process for creating rules and user entitlements for each application can take at least a month. For large organizations with 500 or more applications, at least 20 people are needed to manage the product daily. 

The solution is cheap and I rate its pricing an eight out of ten. 

I rate thee overall product an eight out of ten. 

CyberArk offers multiple products, including PAN, LRO for vendor remote access, and Identity. Some clients in the entertainment and tourism industry prefer using CyberArk Identity on the cloud as a Software as a Service (SaaS) solution. Their teams are typically small and prefer not to manage the infrastructure. They opt for this approach because they want to avoid investing significant time and money in larger products like SailPoint. However, it's important to note that such clients are relatively rare, with perhaps just one or two out of every hundred.

Regarding identity management, it's worth noting that onboarding users from various sources is a straightforward process with CyberArk SaaS. The user identification is simplified, and managing user privileges, whether adding or revoking them, is also quite straightforward when utilizing CyberArk SaaS.

On the PAM side, one of their notable strengths lies in safeguarding the keys and users for privileged accounts. They've implemented a robust security approach that is superior to many other solutions in terms of protecting privileged users and their keys.

In terms of a governance platform, it's worth noting that CyberArk doesn't offer a particularly strong one. They struggle with identifying risk scores efficiently because their risk scoring relies on the manual entry of access data. In contrast, SailPoint excels in this aspect and can detect and provide superior governance scores more effectively.

To be equitable, one notable aspect is that CyberArk is gradually moving away from on-premises components and migrating them to the cloud. However, from my perspective, they should consider retaining some on-premises components instead of entirely removing them. I understand that this decision might be related to cost and future prospects. Nonetheless, considering the global trend of securing and controlling data, offering everything solely in the cloud could become problematic for many organizations.

I have been working with it for more than two and a half years.

In terms of stability, I would rate it an eight. It's important to consider that a comprehensive solution requires a minimum of nine servers, which can pose challenges in terms of management and overall stability due to the substantial number of components involved.

When it comes to scalability, there are two distinct aspects to consider with CyberArk. License scalability is notably straightforward and perhaps the easiest compared to other solutions. However, architectural scalability can be quite complex and challenging.

I would rate it a nine out of ten.

To be completely frank, among my ten clients, a minimum of six express concerns or confusion regarding CyberArk. I'm not certain whether it's linked to the clients' skill levels or understanding, but I suspect that the support ecosystem is not adequately developed.

It's a straightforward process if you have skilled resources on hand. However, if your resources lack the necessary expertise, they might face challenges.

If we're looking at a comparison once more, it's important to acknowledge the crowded nature of the market. With so many players, including Arcon, BeyondTrust, WarLX, and others, the field is diverse. However, when focusing on the top products, I'd highlight BeyondTrust, CyberArk, Delinea, and Arcon. In terms of pricing, BeyondTrust and CyberArk tend to be more expensive, with CyberArk receiving an eight out of ten, in this regard.

In the realm of identity management, SailPoint is the leader due to its extensive features and customization capabilities, making a direct comparison with CyberArk somewhat unfair as SailPoint tends to excel. However, among CyberArk's competitors, Ping Identity stands as a strong contender. Ping Identity has been involved in the identity space for a longer period than CyberArk. Furthermore, there have been mergers in this space, such as FosRoc and BeyondTrust. This has reshaped the landscape, and the competition should now primarily be between Arcon, Ping Identity, and SailPoint, as other products tend to be smaller, like Micro Focus. Comparing them with Micro Focus wouldn't be suitable.

Enterprises generally have the resources to handle the compute and storage requirements and can allocate additional resources for CyberArk management without significant issues. However, medium-sized companies need to exercise caution as they might need to hire dedicated resources for solution management, which can increase maintenance costs. Small organizations, on the other hand, are likely to face numerous challenges during upgrades, migrations, and maintenance due to their limited resources. CyberArk is best suited for larger enterprises.

Overall I would rate it an eight out of ten.