Sold by: CyberArk
Deployed on AWS
Protect from credential-based threats and securely store, manage and share business application passwords.
4.1
Overview
CyberArk Workforce Password Management is an enterprise-focused password management solution that helps companies overcome the unique user authentication and auditing challenges presented by business apps requiring an individual username and password credentials. With Workforce Password Management, users can add applications to a centralized web portal, access apps with a a single click, and securely share credentials and secured items with internal teams. Behind the scenes, passwords are securely stored in the CyberArk Identity Cloud or CyberArk Vault providing security teams granular control and visibility.
Highlights
- Control how credentials are managed, stored and shared across your organization. Restrict which users can view, edit or share credentials and specify the duration of shared access. Automatically transfer ownership when the primary owner leaves the organization.
- Audit activity and demonstrate compliance with visibility and reporting. Built-in reports simplify audits and provide a comprehensive history of credential updates and access events.
- Reduce friction for end-users and as a result, reduce risk for your organization. Simplify how users access business apps and reduce password fatigue and bad password hygiene for your employees. Workforce Password Management easily captures credentials when new accounts are created and autofills fields at login.
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Workforce Password Mgmt | Workforce Password Mgmt - 200 users | $14,400.00 |
Vendor refund policy
For refund policy, visit <www.cyberark.com/terms-service-saas/ >
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Ensuring your CyberArk Workforce Password Management is up to date and running efficiently is a priority. If you encounter a technical problem, contact CyberArk support 24x7, using our ticketing system at https://cyberark-customers.force.com - Phone and email support are also available. Further details are available at <www.cyberark.com/customer-support/#contact-supportContact >
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By CyberArk
By BeyondTrust Corporation
By Barracuda Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Centralized Credential Storage
Passwords are securely stored in the CyberArk Identity Cloud or CyberArk Vault with centralized management across the organization.
Access Control and Permission Management
Granular control to restrict which users can view, edit or share credentials and specify the duration of shared access with automatic ownership transfer.
Credential Sharing and Collaboration
Secure sharing of credentials and secured items with internal teams through a centralized web portal.
Audit and Compliance Reporting
Built-in reports provide comprehensive history of credential updates and access events for audit trails and compliance demonstration.
Automated Credential Capture and Autofill
Automatic capture of credentials when new accounts are created and autofill functionality at login to reduce manual password entry.
Centralized Identity and Access Visibility
Provides centralized view of identities, accounts, entitlements, and privileged access across IT estate with threat detection capabilities for compromised identities and privileged access misuse
Privileged Credential Management
Manages privileged passwords, accounts, credentials, secrets, and sessions for human and machine identities with complete control and security enforcement
Privileged Remote Access Control
Enables granular control, management, and auditing of remote privileged access for employees, vendors, developers, and cloud operations engineers with zero trust enforcement
Endpoint Privilege Management
Enforces least privilege on Windows, macOS, and Linux systems by removing local admin rights, replacing sudo with centrally managed solutions, and preventing malware and phishing attacks
Threat Detection and Analytics
Delivers advanced discovery, intelligence, and deep contextual analytics to detect threats across entire identity estate and identify hidden attack paths
Zero Trust Access Model
Implements rule-based and condition-based access control requiring continuous verification of user and device identity and trust before granting access to resources
Multi-Cloud and Hybrid Infrastructure Support
Provides secure remote access across AWS workloads, on-premises resources, and other cloud environments without requiring VPN
Conditional and Contextual Access Control
Delivers remote conditional and contextual access to resources with capability to reduce overprivileged access and associated third-party risks
Device and Endpoint Management
Supports instant provisioning of company-owned devices, employee-owned devices, and unmanaged contractor endpoints for remote access
Seamless Access Provisioning
Enables instant provisioning and seamless access experience for remote workers without requiring awareness of underlying zero trust security implementation
Standard contract
No
No
No
Customer reviews
Hariharan Thangasamy
Has strengthened privileged access control and improved audit visibility through session monitoring and password rotation
Reviewed on Oct 10, 2025
Review from a verified AWS customer
What is our primary use case?
The main use cases for CyberArk Identity help us to strengthen security to protect sensitive data centers and systems. We can store sensitive credentials, user credentials, and privileged accounts inside our CyberArk PAM tool. This helps us rotate passwords for privileged account credentials and monitor sessions. It is very useful for audit purposes. If there are any unsuspected activities happening, we can review the log files and identify where issues are occurring. It is very helpful for monitoring and strengthening security levels.
What is most valuable?
The best features in CyberArk Identity that I appreciate most are the recent updates that have added features in the cloud privilege environment. In the SAS solutions, they have added connectors. Except for PSM and CPM� , they have included SIA, Secure Infrastructure Access, Secure Cloud Access, and Secure Web Sessions. These are additional features I have seen in the recent updates.
For multi-factor authentication, we use CyberArk Identity's multi-factor authentication integrations, LDAP integration and SSO , Azure SSO , LDAP and SIM. These authentication mechanisms we implement. Mostly, we use LDAP and Azure SSO.
Just-in-time access, also called ephemeral access, is especially beneficial, particularly with SIA and SCA features. The recent updates from CyberArk Identity have been impressive. If a requester needs access to a platform, such as Windows, Linux, or any database, the request goes to the approval level for a particular time period. The approver can approve the request within that set time frame, granting just-in-time access to the end user.
Session monitoring is beneficial as it detects if the user is trying to log in and records all activities stored in the vault. It gives us more insights into what activities are happening inside. If there are any breaches or issues arise, I can go back to the log report and check all those activities that are captured, where it failed exactly, and what the issue was. From there, I can find and fix it.
What needs improvement?
On the identity product side, it is awesome. However, they can improve in the documentation parts. For example, if there is a migration process, I can see the maximum customers are moving from self-hosted to on-premises or from on-premises to the cloud. It would be helpful if they released a generalized document for processes such as migration. A clear overview document would assist us in understanding more about the tool, configurations, and automations to enhance our security.
Regarding the initial setup of CyberArk Identity, I faced some challenges. At some points, I could not find proper documentation for deploying, enhancing, or integrating with other components. I could not find the proper documentation in the community portal.
For how long have I used the solution?
I have been working with the identity product using CyberArk PAM tool for more than two years.
What do I think about the stability of the solution?
When it comes to performance and stability, I find it very reliable.
What do I think about the scalability of the solution?
CyberArk Identity is highly scalable as there are many things to learn. There is no limitation. When delving deep into the concepts, there is a lot to address and learn, especially when facing real-time scenarios. It may seem simple at first glance but once you get into the depth of the concepts, you realize how much there is to learn and there are no limitations in that regard.
How are customer service and support?
My experience with technical support has been very good. When I reached out to them, I received prompt responses and support, which I would rate as very good.
How was the initial setup?
I faced some challenges during the initial setup of CyberArk Identity. At some points, I could not find proper documentation for deploying, enhancing, or integrating with other components. I could not find the proper documentation in the community portal.
What other advice do I have?
If I can share advice or recommendations for other companies considering CyberArk Identity, I would highlight the most powerful features in CyberArk PAM such as password rotation, session recordings, and just-in-time access as the best aspects of this product. On a scale of one to ten, I would rate this solution an eight.
Giovanni Perini
Have increased security by regenerating credentials after each use and gained confidence through session oversight
Reviewed on Oct 06, 2025
Review from a verified AWS customer
What is our primary use case?
It's not being purchased through AWS , but we're using CyberArk Identity as a SaaS solution. I think it's running on AWS , but we bought it directly from CyberArk.
What is most valuable?
The straight-through approach of CyberArk Identity is very easy to start with. After you start with it, you can very easily onboard your privileged accounts. From there on, you can advance further and make it more and more secure. I think that the easy way to start with CyberArk Identity is one of the benefits of using it.
The best feature for us is the regeneration of passwords after every use that we have implemented with CyberArk Identity. The two-factor authentication is very important, but the fact that every account is being regenerated every time we use it is the most important security feature for us.
Session monitoring with CyberArk Identity is helping in making us feel secure with our vendors. We're also using the vendor implementation. The fact that we know that we can look back and that we tell that to our vendors gives us a good secure feeling. We haven't really found it necessary to look back, but the fact that we know that we can makes us feel secure.
What needs improvement?
We do not specifically use the password vaulting feature of CyberArk Identity.
The centralized user dashboard of CyberArk Identity has not been that important for us.
If it would be possible to share accounts between vaults in CyberArk Identity, that would be very beneficial. Account sharing between vaults is one of the most important aspects for us.
It was pretty complex to implement CyberArk Identity. We had some help from a partner, and that helped a lot. But even for the partner, it was really difficult to streamline the process of implementing. We had sometimes an issue that really took days during the implementation to fix. That was something that I did not appreciate about the whole implementation. It should be much more straightforward, specifically because you're doing a SaaS implementation.
I rate it a seven because vendor support is difficult to get. Basically, you have to go through a partner to get support with CyberArk Identity. That's another thing that they could improve.
For how long have I used the solution?
This is the second time I'm implementing CyberArk Identity. The first time was for a different customer. With the current customer, we're using it for about nine months now.
What do I think about the stability of the solution?
I rate the stability of CyberArk Identity regarding downtime, bugs, and glitches a 10. We haven't had any downtime or any problems with availability.
What do I think about the scalability of the solution?
I would consider CyberArk Identity to be just as scalable as you want to be. You can scale it out pretty easily, and you can implement it very small. I would rate it a nine.
What about the implementation team?
I'm not an end-user or a partner. I'm just an independent consultant helping with the implementation.
Which other solutions did I evaluate?
We've compared CyberArk Identity for our other customer and did a real peer review between BeyondTrust and CyberArk Identity. It was very close. In the end, CyberArk Identity had a better offer for us and was a little bit cheaper. That's why we decided to go with CyberArk Identity at the other customer. This customer already decided they wanted CyberArk Identity because it's a government agency and they've got a lot of other governments using CyberArk Identity. There was a lot of trust in CyberArk Identity, and there wasn't very much experience with BeyondTrust. It was a very quick choice to use CyberArk Identity for them.
What other advice do I have?
The feature of just-in-time access in managing privileged accounts and security is going to be important, but not right now because we're only using CyberArk Identity for nine months. We're still in the phase of onboarding all the privileged accounts and making sure that everybody is on board. After that, we're going to decrease the amount of rights that each account has and we're going to use named accounts instead of personal accounts. That's when we're going to implement just-in-time.
I don't think CyberArk Identity is cheap, but if you look at the security advantages that you get, I think it's the right price.
My clients are medium and enterprise, not small.
I would definitely recommend CyberArk Identity to other users because even though the implementation is difficult, the fact that you get so much more security is really a no-brainer for me. I think that everybody with multiple privileged accounts should implement at least a PAM solution CyberArk Identity, and CyberArk Identity is very good.
I would rate CyberArk Identity overall an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
DerrickAkankwasa
Reduces IT team's workload while offering comprehensive identity security features
Reviewed on Sep 09, 2025
Review provided by PeerSpot
What is our primary use case?
The solution is mostly used for financial services.
How has it helped my organization?
The solution covers all key pillars of Identity security and governance. It reduces IT team workload by managing employee transitions, allocating rights, implementing least privilege, and ensuring people have only the necessary access rights. The role-based access and secure resource access principles are automated within organizations, especially when integrated with HR systems, enabling quick resource provisioning and decommissioning.
Once the solution is deployed, the customer can immediately see benefits. Typically, the first phase involves securing high-risk areas. Once the protection for privileged access identities is in place, the customer can then focus on securing the rest of the workforce, as well as protecting sensitive communications between machines, endpoints, and workstations. The time to realize value from this solution is quite short because it is a comprehensive solution. As soon as it is implemented, it fundamentally changes how users access systems, providing immediate security benefits. In summary, the value becomes apparent right away.
What is most valuable?
CyberArk Identity offers Single Sign-On , Adaptive MFA, Web Password Manager, and Secure Web Sessions for recording sessions from web applications. It also provides federated services, Directory Service integration with popular IDPs, and management of joiners, leavers, and movers in an organization.
What needs improvement?
They have been working to improve areas such as Identity Governance and Assurance (IGA ), but integration with new acquisitions into a single stack could be enhanced. While CyberArk Identity is a leader in Identity Security, the integration of multiple components could be improved.
I would suggest focusing on the integration of the multiple components. Currently, we have a unified platform, but with the recent acquisitions, I would like to see more seamless integration of those new entities. Additionally, I’m curious to see how the recent acquisition by Palo Alto will play out. I am interested in understanding how both companies can benefit from each other moving forward.
Additional improvements could include more out-of-the-box plugins for key systems. Though they are the largest privileged access company with numerous integrations, coverage could be expanded for certain database clients and other systems.
For how long have I used the solution?
I have been using CyberArk Identity for a year and a half.
How are customer service and support?
Their support is very good, with a huge community. I would rate it as a nine out of ten.
What's my experience with pricing, setup cost, and licensing?
The subscription licensing model, which provides identity features within the privileged access license, is quite affordable for most customers. The full stack available through one subscription license works particularly for customers in Africa, where the acquiring rate remains healthy.
What other advice do I have?
I would rate CyberArk Identity an eight out of ten.
VishalPawar
UI simplification and robust support enhance user provisioning and authentication efficiency
Reviewed on Aug 29, 2025
Review provided by PeerSpot
What is our primary use case?
We are using CyberArk Identity for user provisioning, and we have integrated multiple applications, most of them being SAML-based authentication ones.
We are also provisioning users to target applications and using CyberArk Identity as an authentication method for two-factor authentication.
I have worked on multiple projects where we have integrated external IdPs with CyberArk Identity. We have also implemented AD integration to get users from Active Directory to CyberArk Identity. We are using the reporting functionality and role-based access control.
We have created several roles for one client where I was working. It was an all-suite ISPS model that CyberArk has where CyberArk Identity, Privileged Cloud, and all those applications were present. In this case, we were using roles from CyberArk Identity to grant users access to their respective safes in the Privileged Cloud.
What is most valuable?
The UI is very simplified, and the documentation of CyberArk Identity is very crisp and clear. The support of CyberArk Identity is also really good.
From the support perspective, there is an excellent feature for identity verification.
When someone calls with identity issues, CyberArk Identity has provided one of the best features where we can use MFA verification. It sends a code to the user and validates the caller.
CyberArk Identity can be integrated with applications such as Secure Hub, Secrets Hub, Conjur, and Privileged Cloud. However, getting usage reports for specific applications is difficult. Tracking user activity across different integrated applications is challenging as the logs don't provide detailed information about which application users accessed.
What needs improvement?
The reporting functionality is somewhat complicated. While I would rate CyberArk Identity and Okta on the same level, Okta's reporting is crisper and clearer. For CyberArk Identity, you need knowledge of their scripting language to pull different sets of reports.
Though the out-of-the-box reports are good, they should simplify the reporting process to make it easier to pull all reports. The documentation for the reporting functionality is not very clear, which creates conflicts.
Additionally, CyberArk Identity needs to enhance features such as import scheduling and document clarity for new aspects such as Flows.
For how long have I used the solution?
I have been using CyberArk Identity in my career for almost four years.
What do I think about the stability of the solution?
As part of maintenance, we haven't faced any downtime with CyberArk Identity. If there are any outages, CyberArk is responsible, and they usually address them very quickly. The services were operational 24/7.
Previously, we faced some issues where when users were provisioned and we tried to delete them, the entry was deleted from the back end, however, a ghost entry still existed in CyberArk Identity. We did not have an option to delete that particular user, which caused issues when trying to provision the same user again from AD.
How are customer service and support?
The quality of support is really good. They respond immediately when requests are raised, and they are always available for priority one tickets. The only requirement is having access to their community portal to raise cases. The support is comparable to other SaaS products such as Okta.
How was the initial setup?
The initial deployment was straightforward. CyberArk provides the tenant, and the documentation for integrating with Active Directory is clear. You need to build the server and set up the agent. The AD integration itself takes about ten minutes, but the complete process, including server build and approvals, takes a couple of days. If all resources are ready, the actual integration is very straightforward and takes only five to ten minutes.
What about the implementation team?
We are partners providing services to other clients. I am an implementation engineer responsible for designing, architecting, and deploying solutions for clients.
What's my experience with pricing, setup cost, and licensing?
I am not certain about CyberArk Identity's exact pricing model. For comparison, Okta was around five dollars per user. CyberArk Identity offers good discounts to some clients, which influences their decision to choose the solution.
Which other solutions did I evaluate?
Okta is a more mature product compared to CyberArk Identity. Policies and customization are easier with Okta. Integration with different applications through the Okta Integration Network is straightforward, with clear guides and steps. CyberArk Identity could improve in these areas. The main difference is in the UI and some features.
The reporting functionality in Okta is superior. In Okta, you can control imports and manually import users from AD, applications, or CSV files. These options and the ability to schedule periodic imports are not available in CyberArk Identity.
What other advice do I have?
Comparing CyberArk Identity with products such as Ping, Okta, and RSA, CyberArk Identity still needs product development, as Okta offers additional features. Some features of CyberArk Identity are excellent, however, Okta is more user-friendly. The reporting functionality and Flows are areas for improvement. Since Flows is a new product, it needs to mature. They should conduct training, educate people, and provide clear documentation for better utilization.
In the Identity user portal, you can create secure notes, upload passwords or keys, and create bookmark applications. We have encountered some glitches when sharing applications with others, where users face issues despite having correct permissions.
I rate CyberArk Identity eight out of ten.
RiaanDu Preez
Gaining access and provisioning on-demand has become intuitive and efficient
Reviewed on Aug 27, 2025
Review from a verified AWS customer
What is our primary use case?
My use case for CyberArk Identity involves multiple reasons: for identity to gain access to the clients' environments, to provision on-demand access, and to provide services via the Access Manager.
What is most valuable?
I find the CyberArk Identity portal quite intuitive; it has changed a lot over the last year and a half.
If you think logically and understand your environment, it is easy to establish a suitable setup for yourself and all your vendors. I did see an impact on operational efficiency with CyberArk Identity.
If you look at all the technical requirements to set up a VPN or an access management tool, where you need to integrate four, five, or six different services with the CyberArk side, it is significantly easier. You provision a server on the inside and simply assign the services allowed from the outside by ticking a box to grant access. The person can then either scan a QR code or receive an email to log in.
CyberArk Identity has indeed helped reduce the mean time to detect; it has also aided in troubleshooting by allowing logs to be extracted and sent to a correlation engine, such as QRadar, for notifications or alerts. It also helps in preventing attacks, as someone trying multiple times to log in, and the trigger on whatever login is used aids in maintaining a quick view of what is happening.
What needs improvement?
Room for improvement for CyberArk Identity might be on the support side, as they constantly improve with new features and remove redundant ones, integrating multiple steps into a single one for easier use; however, this is not just CyberArk Identity, as many vendors start with basic troubleshooting services without recognizing that knowledgeable users often reach out after exhausting those options.
For how long have I used the solution?
I have been working with CyberArk Identity for coming on four years now.
What do I think about the stability of the solution?
The solution's stability depends on your connectivity most of the time, so if you've got a bad network, it will not be stable, but with a stable network, due to the redundant data centers across the globe, it is a lot easier to use as a SaaS solution.
What do I think about the scalability of the solution?
CyberArk Identity is definitely a scalable solution; it all depends on the money that you have, as with anything else.
How are customer service and support?
I would rate technical support from CyberArk a nine out of ten; there's always space for improvement.
How would you rate customer service and support?
How was the initial setup?
After implementing CyberArk Identity, in a big implementation, it took about four months for my organization to see time to value, while in a smaller implementation, it was a month.
What's my experience with pricing, setup cost, and licensing?
My experience with the pricing of CyberArk Identity has been good, as we've got a good relationship with the team, whether in South Africa, where I am or globally; we maintain a strong relationship and have been competitive against any other identity solutions.
What other advice do I have?
My experience of working with CyberArk solutions is quite extensive. With CyberArk tools, I have experience working with Privileged Access, Identity Access, and Secrets Manager, although with Secrets Manager not as much, but the other two quite extensively.
My relationship with CyberArk is as a partner. I purchased CyberArk Identity through both the vendor and AWS Marketplace , as it depends on what the client wants: through the vendor for purely bespoke installation or architecture and AWS for ease of use.
I would rate CyberArk Identity a nine out of ten overall.
I understand that different people have different requirements, which might mean they don't experience it the same way as I do.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)