CyberArk Workforce Password Management

The use case for CyberArk Identity  is for getting the solution for privileged access security, with single sign-on functionality enabled, multi-factor authentication for our applications and devices deployed across various locations, identifying the lifecycle and provisioning for our devices, and compliance and audit purposes.

CyberArk Identity has improved our organization by enhancing our security posture and making compliance and audits much easier, plus it works for our hybrid and on-premises environments; we consider CyberArk Identity a great solution for privileged access management and complete identity lifecycle management.

CyberArk Identity has helped free up time for other projects and tasks, improving organization time by 25% to 30% because the people working on security tasks have moved to other tasks, resulting in saved man hours.

For compliance requirements related to financial services after implementing CyberArk Identity, we typically save around 15% to 20%.

CyberArk Identity has improved network performance by taking care of our network configuration and traffic loads, clearing blockages, and optimizing network performance.

For safeguarding our financial services infrastructure, CyberArk Identity is essential because financial transactions and user details are critical; it protects us from third-party attackers, ransomware, phishing, and information theft.

CyberArk Identity helps meet compliance and regulatory requirements and being fully compliant with regulations such as HIPAA and GDPR. It supports configurable policies. 

CyberArk Identity has reduced the mean time to detect and resolve issues, saving our overall time by 15% to 20% in the first year and a 20% to 25% reduction in overall time in the following two to three years.

CyberArk Identity aligns with our zero trust security strategy because it secures our environment, ensuring that no financial or user information leaks occur, with features that restrict access to authorized personnel only. CyberArk Identity protects us through its multifunctional authentication and other features that restrict users without the appropriate permissions from logging into the environment. This ensures compliance with the zero trust framework. In other words, it does not allow unauthenticated logins into the application.

CyberArk Identity  is a great solution for overall security posture and privileged identity controls because it has a strong base in securing privileged access and managing identities within our environment. Features such as SSO , multi-factor authentication, and storing privileged access secrets as passwords or secret keys, make it highly reliable and a scalable solution I've seen in the industry. 

The initial deployment is complex and requires many users, making it more suitable for larger enterprises. It requires a number of users to get it deployed, particularly for on-premises deployments. This typically involves a lot of initial planning, setup, and configuration.

Another important consideration is the cost. It can be quite expensive, making it more suitable for larger enterprises rather than small businesses or startups.

The learning curve is also significant due to the numerous features and configurations available. Some features necessitate a detailed analysis and understanding to effectively work with this solution.

Additionally, the user interface needs some improvements. It appears outdated compared to the technology we are using in 2025. The UI seems like it's from the early 2000s, making it look considerably behind the times, about 20 to 25 years old.

I have been using CyberArk Identity for three years.

CyberArk Identity is a stable solution; I would rate it nine out of ten because it is a mature system.

CyberArk Identity is scalable as needed, but increasing resources affects overall costs.

We have diverse locations, including India, Asia Pacific, and some parts of Europe. CyberArk Identity is implemented across our whole organization, typically used by 150 to 200 users simultaneously. 

I would rate technical support for CyberArk Identity a nine out of ten because they are professional, knowledgeable, and resolve queries efficiently when needed.

We don't contact them frequently, but whenever we have contacted them, they have resolved our queries in an efficient way.

Positive

It's a bit complex for on-premises deployment. Cloud deployment is quite easy because you just have to enable the services.

It takes four months for on-premises and one month for the cloud.

Once CyberArk Identity is deployed and the initial setups and configurations are complete, anyone takes around two to three months to get comfortable working on this solution.

Maintenance is included in the subscription cost, so it does not require maintenance from our end, as it is fully managed by CyberArk Identity.

We've seen a return on investment of more than 100% over the past two to three years. 

After implementing CyberArk Identity, it took around four to six months to see the value because in the first quarter, we implemented it, and for monitoring, feedback, and analysis, it was useful for the next three months.

It is quite expensive and fits better for large organizations than for smaller firms.

When I compare the legacy or old systems with CyberArk Identity, it is clear that CyberArk Identity is far superior. In terms of features, offerings, and configuration, I can confidently say that CyberArk is a great solution compared to the legacy systems and other solutions available in the market.

We found it much more compatible and useful than Okta and Microsoft Entra ID in our AWS  environment. It also integrates better with other CyberArk products. We use multiple products from CyberArk, including privileged access management and enterprise privilege management solutions. We want to create a cloud environment that is suitable for all of these CyberArk solutions.

Microsoft Entra ID is more integrated with Azure, and Okta is better suited for Azure and Google Cloud Platform (GCP). However, there are some limitations in the features offered by Okta. We have identified these limitations in relation to features available in CyberArk.

CyberArk Identity portal is moderate in terms of the ease of use. It's not very technical, nor is it overly complex. Before starting to work with this solution, some initial training is required. You can go through their product documentation and consulting solutions to get any kind of help you need. Then, you can start working on it.

For integration with AWS  and enterprise applications, it requires some technical analysis and knowledge. 

I would like to recommend CyberArk Identity, but if they are from large enterprises, then it is a good option because it is quite expensive. If they follow all the regulations, whether they are from finance, healthcare, government, energy, or utilities, and ensure compliance with standards like GDPR, HIPAA, and any other relevant protocols, it is suitable for them.

Organizations that have both on-premises and cloud environments will find it to be a good solution. Additionally, companies with a dedicated DevOps team to manage this solution will find it ideal for their needs.

Overall, I would rate CyberArk Identity a nine out of ten.

My use cases are mainly for the single signing option, which provides multiple factor authentications.

What I appreciate the most about CyberArk Identity  is the security effectiveness, the feature called SSO  and MFA, and the adoption, which reduces password-related incident significance. 

The phishing resistance has technically improved for pushing the authentication. The initial deployment for CyberArk Identity  was easy. I was involved in the deployment part, and the initial integration was smooth. It took approximately two days, and the work was completed fairly.

The UI can be more modern. I can tell more about my experience with the user interface; it is fine, but for modern needs, while the security system is adequate, the use cases are a bit complex. The front-end design for users has an outdated feel, so that can be improved.

I have been using CyberArk Identity for one year, 10 to 12 months.

I have not experienced any lagging, crashing, or issues; the stability is good.

CyberArk Identity is scalable, especially for organizations that are in a cloud environment or organizations using Okta, which is a similar platform. They can explore the alternatives because it's really good. The setup we did earlier in the first phase was straightforward. 

I was previously familiar with the concepts of IMA, which is basically the pre-built integration tool with the popular app share itself. There were no complexities, so scalability is possible at any organizational level.

It took two to three days to fully deploy CyberArk Identity. A single person was required for deployment.

CyberArk Identity does not require any maintenance on my end. It's a subscription-based platform, so the tool owner takes care of all these things.

I definitely recommend CyberArk Identity. If organizations have any jobs in the cloud environment, they should try this particular tool.

I would rate this solution overall for everything as eight and a half out of ten.

The solution is mostly used for financial services.

The solution covers all key pillars of Identity security and governance. It reduces IT team workload by managing employee transitions, allocating rights, implementing least privilege, and ensuring people have only the necessary access rights. The role-based access and secure resource access principles are automated within organizations, especially when integrated with HR systems, enabling quick resource provisioning and decommissioning.

Once the solution is deployed, the customer can immediately see benefits. Typically, the first phase involves securing high-risk areas. Once the protection for privileged access identities is in place, the customer can then focus on securing the rest of the workforce, as well as protecting sensitive communications between machines, endpoints, and workstations. The time to realize value from this solution is quite short because it is a comprehensive solution. As soon as it is implemented, it fundamentally changes how users access systems, providing immediate security benefits. In summary, the value becomes apparent right away.

CyberArk Identity  offers Single Sign-On , Adaptive MFA, Web Password Manager, and Secure Web Sessions for recording sessions from web applications. It also provides federated services, Directory Service integration with popular IDPs, and management of joiners, leavers, and movers in an organization.

They have been working to improve areas such as Identity Governance  and Assurance (IGA ), but integration with new acquisitions into a single stack could be enhanced. While CyberArk Identity  is a leader in Identity Security, the integration of multiple components could be improved.

I would suggest focusing on the integration of the multiple components. Currently, we have a unified platform, but with the recent acquisitions, I would like to see more seamless integration of those new entities. Additionally, I’m curious to see how the recent acquisition by Palo Alto will play out. I am interested in understanding how both companies can benefit from each other moving forward.

Additional improvements could include more out-of-the-box plugins for key systems. Though they are the largest privileged access company with numerous integrations, coverage could be expanded for certain database clients and other systems.

I have been using CyberArk Identity for a year and a half.

Their support is very good, with a huge community. I would rate it as a nine out of ten.

Positive

The subscription licensing model, which provides identity features within the privileged access license, is quite affordable for most customers. The full stack available through one subscription license works particularly for customers in Africa, where the acquiring rate remains healthy.

I would rate CyberArk Identity an eight out of ten.

We are using CyberArk Identity  for user provisioning, and we have integrated multiple applications, most of them being SAML-based authentication ones. 

We are also provisioning users to target applications and using CyberArk Identity  as an authentication method for two-factor authentication.

I have worked on multiple projects where we have integrated external IdPs with CyberArk Identity. We have also implemented AD integration to get users from Active Directory to CyberArk Identity. We are using the reporting functionality and role-based access control. 

We have created several roles for one client where I was working. It was an all-suite ISPS model that CyberArk has where CyberArk Identity, Privileged Cloud, and all those applications were present. In this case, we were using roles from CyberArk Identity to grant users access to their respective safes in the Privileged Cloud.

The UI is very simplified, and the documentation of CyberArk Identity is very crisp and clear. The support of CyberArk Identity is also really good. 

From the support perspective, there is an excellent feature for identity verification. 

When someone calls with identity issues, CyberArk Identity has provided one of the best features where we can use MFA verification. It sends a code to the user and validates the caller.

CyberArk Identity can be integrated with applications such as Secure Hub, Secrets Hub, Conjur, and Privileged Cloud. However, getting usage reports for specific applications is difficult. Tracking user activity across different integrated applications is challenging as the logs don't provide detailed information about which application users accessed.

The reporting functionality is somewhat complicated. While I would rate CyberArk Identity and Okta on the same level, Okta's reporting is crisper and clearer. For CyberArk Identity, you need knowledge of their scripting language to pull different sets of reports. 

Though the out-of-the-box reports are good, they should simplify the reporting process to make it easier to pull all reports. The documentation for the reporting functionality is not very clear, which creates conflicts. 

Additionally, CyberArk Identity needs to enhance features such as import scheduling and document clarity for new aspects such as Flows.

I have been using CyberArk Identity in my career for almost four years.

As part of maintenance, we haven't faced any downtime with CyberArk Identity. If there are any outages, CyberArk is responsible, and they usually address them very quickly. The services were operational 24/7. 

Previously, we faced some issues where when users were provisioned and we tried to delete them, the entry was deleted from the back end, however, a ghost entry still existed in CyberArk Identity. We did not have an option to delete that particular user, which caused issues when trying to provision the same user again from AD.

The quality of support is really good. They respond immediately when requests are raised, and they are always available for priority one tickets. The only requirement is having access to their community portal to raise cases. The support is comparable to other SaaS products such as Okta.

The initial deployment was straightforward. CyberArk provides the tenant, and the documentation for integrating with Active Directory is clear. You need to build the server and set up the agent. The AD integration itself takes about ten minutes, but the complete process, including server build and approvals, takes a couple of days. If all resources are ready, the actual integration is very straightforward and takes only five to ten minutes.

We are partners providing services to other clients. I am an implementation engineer responsible for designing, architecting, and deploying solutions for clients.

I am not certain about CyberArk Identity's exact pricing model. For comparison, Okta was around five dollars per user. CyberArk Identity offers good discounts to some clients, which influences their decision to choose the solution.

Okta is a more mature product compared to CyberArk Identity. Policies and customization are easier with Okta. Integration with different applications through the Okta Integration Network is straightforward, with clear guides and steps. CyberArk Identity could improve in these areas. The main difference is in the UI and some features. 

The reporting functionality in Okta is superior. In Okta, you can control imports and manually import users from AD, applications, or CSV files. These options and the ability to schedule periodic imports are not available in CyberArk Identity.

Comparing CyberArk Identity with products such as Ping, Okta, and RSA, CyberArk Identity still needs product development, as Okta offers additional features. Some features of CyberArk Identity are excellent, however, Okta is more user-friendly. The reporting functionality and Flows are areas for improvement. Since Flows is a new product, it needs to mature. They should conduct training, educate people, and provide clear documentation for better utilization.

In the Identity user portal, you can create secure notes, upload passwords or keys, and create bookmark applications. We have encountered some glitches when sharing applications with others, where users face issues despite having correct permissions.

I rate CyberArk Identity eight out of ten.

My use case for CyberArk Identity  involves multiple reasons: for identity to gain access to the clients' environments, to provision on-demand access, and to provide services via the Access Manager.

I find the CyberArk Identity  portal quite intuitive; it has changed a lot over the last year and a half. 

If you think logically and understand your environment, it is easy to establish a suitable setup for yourself and all your vendors. I did see an impact on operational efficiency with CyberArk Identity. 

If you look at all the technical requirements to set up a VPN or an access management tool, where you need to integrate four, five, or six different services with the CyberArk side, it is significantly easier. You provision a server on the inside and simply assign the services allowed from the outside by ticking a box to grant access. The person can then either scan a QR code or receive an email to log in.

CyberArk Identity has indeed helped reduce the mean time to detect; it has also aided in troubleshooting by allowing logs to be extracted and sent to a correlation engine, such as QRadar, for notifications or alerts. It also helps in preventing attacks, as someone trying multiple times to log in, and the trigger on whatever login is used aids in maintaining a quick view of what is happening.

Room for improvement for CyberArk Identity might be on the support side, as they constantly improve with new features and remove redundant ones, integrating multiple steps into a single one for easier use; however, this is not just CyberArk Identity, as many vendors start with basic troubleshooting services without recognizing that knowledgeable users often reach out after exhausting those options.

I have been working with CyberArk Identity for coming on four years now.

The solution's stability depends on your connectivity most of the time, so if you've got a bad network, it will not be stable, but with a stable network, due to the redundant data centers across the globe, it is a lot easier to use as a SaaS solution.

CyberArk Identity is definitely a scalable solution; it all depends on the money that you have, as with anything else.

I would rate technical support from CyberArk a nine out of ten; there's always space for improvement.

After implementing CyberArk Identity, in a big implementation, it took about four months for my organization to see time to value, while in a smaller implementation, it was a month.

My experience with the pricing of CyberArk Identity has been good, as we've got a good relationship with the team, whether in South Africa, where I am or globally; we maintain a strong relationship and have been competitive against any other identity solutions.

My experience of working with CyberArk solutions is quite extensive. With CyberArk tools, I have experience working with Privileged Access, Identity Access, and Secrets Manager, although with Secrets Manager not as much, but the other two quite extensively.

My relationship with CyberArk is as a partner. I purchased CyberArk Identity through both the vendor and AWS Marketplace , as it depends on what the client wants: through the vendor for purely bespoke installation or architecture and AWS  for ease of use.

I would rate CyberArk Identity a nine out of ten overall. 

I understand that different people have different requirements, which might mean they don't experience it the same way as I do.