The main use cases for CyberArk Identity help us to strengthen security to protect sensitive data centers and systems. We can store sensitive credentials, user credentials, and privileged accounts inside our CyberArk PAM tool. This helps us rotate passwords for privileged account credentials and monitor sessions. It is very useful for audit purposes. If there are any unsuspected activities happening, we can review the log files and identify where issues are occurring. It is very helpful for monitoring and strengthening security levels.
CyberArk Workforce Identity
CyberArkExternal reviews
144 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Has strengthened privileged access control and improved audit visibility through session monitoring and password rotation
What is our primary use case?
What is most valuable?
The best features in CyberArk Identity that I appreciate most are the recent updates that have added features in the cloud privilege environment. In the SAS solutions, they have added connectors. Except for PSM and CPM, they have included SIA, Secure Infrastructure Access, Secure Cloud Access, and Secure Web Sessions. These are additional features I have seen in the recent updates.
For multi-factor authentication, we use CyberArk Identity's multi-factor authentication integrations, LDAP integration and SSO, Azure SSO, LDAP and SIM. These authentication mechanisms we implement. Mostly, we use LDAP and Azure SSO.
Just-in-time access, also called ephemeral access, is especially beneficial, particularly with SIA and SCA features. The recent updates from CyberArk Identity have been impressive. If a requester needs access to a platform, such as Windows, Linux, or any database, the request goes to the approval level for a particular time period. The approver can approve the request within that set time frame, granting just-in-time access to the end user.
Session monitoring is beneficial as it detects if the user is trying to log in and records all activities stored in the vault. It gives us more insights into what activities are happening inside. If there are any breaches or issues arise, I can go back to the log report and check all those activities that are captured, where it failed exactly, and what the issue was. From there, I can find and fix it.
What needs improvement?
On the identity product side, it is awesome. However, they can improve in the documentation parts. For example, if there is a migration process, I can see the maximum customers are moving from self-hosted to on-premises or from on-premises to the cloud. It would be helpful if they released a generalized document for processes such as migration. A clear overview document would assist us in understanding more about the tool, configurations, and automations to enhance our security.
Regarding the initial setup of CyberArk Identity, I faced some challenges. At some points, I could not find proper documentation for deploying, enhancing, or integrating with other components. I could not find the proper documentation in the community portal.
For how long have I used the solution?
I have been working with the identity product using CyberArk PAM tool for more than two years.
What do I think about the stability of the solution?
When it comes to performance and stability, I find it very reliable.
What do I think about the scalability of the solution?
CyberArk Identity is highly scalable as there are many things to learn. There is no limitation. When delving deep into the concepts, there is a lot to address and learn, especially when facing real-time scenarios. It may seem simple at first glance but once you get into the depth of the concepts, you realize how much there is to learn and there are no limitations in that regard.
How are customer service and support?
My experience with technical support has been very good. When I reached out to them, I received prompt responses and support, which I would rate as very good.
How would you rate customer service and support?
Positive
How was the initial setup?
I faced some challenges during the initial setup of CyberArk Identity. At some points, I could not find proper documentation for deploying, enhancing, or integrating with other components. I could not find the proper documentation in the community portal.
What other advice do I have?
If I can share advice or recommendations for other companies considering CyberArk Identity, I would highlight the most powerful features in CyberArk PAM such as password rotation, session recordings, and just-in-time access as the best aspects of this product. On a scale of one to ten, I would rate this solution an eight.
Have increased security by regenerating credentials after each use and gained confidence through session oversight
What is our primary use case?
It's not being purchased through AWS, but we're using CyberArk Identity as a SaaS solution. I think it's running on AWS, but we bought it directly from CyberArk.
What is most valuable?
The straight-through approach of CyberArk Identity is very easy to start with. After you start with it, you can very easily onboard your privileged accounts. From there on, you can advance further and make it more and more secure. I think that the easy way to start with CyberArk Identity is one of the benefits of using it.
The best feature for us is the regeneration of passwords after every use that we have implemented with CyberArk Identity. The two-factor authentication is very important, but the fact that every account is being regenerated every time we use it is the most important security feature for us.
Session monitoring with CyberArk Identity is helping in making us feel secure with our vendors. We're also using the vendor implementation. The fact that we know that we can look back and that we tell that to our vendors gives us a good secure feeling. We haven't really found it necessary to look back, but the fact that we know that we can makes us feel secure.
What needs improvement?
We do not specifically use the password vaulting feature of CyberArk Identity.
The centralized user dashboard of CyberArk Identity has not been that important for us.
If it would be possible to share accounts between vaults in CyberArk Identity, that would be very beneficial. Account sharing between vaults is one of the most important aspects for us.
It was pretty complex to implement CyberArk Identity. We had some help from a partner, and that helped a lot. But even for the partner, it was really difficult to streamline the process of implementing. We had sometimes an issue that really took days during the implementation to fix. That was something that I did not appreciate about the whole implementation. It should be much more straightforward, specifically because you're doing a SaaS implementation.
I rate it a seven because vendor support is difficult to get. Basically, you have to go through a partner to get support with CyberArk Identity. That's another thing that they could improve.
For how long have I used the solution?
This is the second time I'm implementing CyberArk Identity. The first time was for a different customer. With the current customer, we're using it for about nine months now.
What do I think about the stability of the solution?
I rate the stability of CyberArk Identity regarding downtime, bugs, and glitches a 10. We haven't had any downtime or any problems with availability.
What do I think about the scalability of the solution?
I would consider CyberArk Identity to be just as scalable as you want to be. You can scale it out pretty easily, and you can implement it very small. I would rate it a nine.
What about the implementation team?
I'm not an end-user or a partner. I'm just an independent consultant helping with the implementation.
Which other solutions did I evaluate?
We've compared CyberArk Identity for our other customer and did a real peer review between BeyondTrust and CyberArk Identity. It was very close. In the end, CyberArk Identity had a better offer for us and was a little bit cheaper. That's why we decided to go with CyberArk Identity at the other customer. This customer already decided they wanted CyberArk Identity because it's a government agency and they've got a lot of other governments using CyberArk Identity. There was a lot of trust in CyberArk Identity, and there wasn't very much experience with BeyondTrust. It was a very quick choice to use CyberArk Identity for them.
What other advice do I have?
The feature of just-in-time access in managing privileged accounts and security is going to be important, but not right now because we're only using CyberArk Identity for nine months. We're still in the phase of onboarding all the privileged accounts and making sure that everybody is on board. After that, we're going to decrease the amount of rights that each account has and we're going to use named accounts instead of personal accounts. That's when we're going to implement just-in-time.
I don't think CyberArk Identity is cheap, but if you look at the security advantages that you get, I think it's the right price.
My clients are medium and enterprise, not small.
I would definitely recommend CyberArk Identity to other users because even though the implementation is difficult, the fact that you get so much more security is really a no-brainer for me. I think that everybody with multiple privileged accounts should implement at least a PAM solution CyberArk Identity, and CyberArk Identity is very good.
I would rate CyberArk Identity overall an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Gaining access and provisioning on-demand has become intuitive and efficient
What is our primary use case?
My use case for CyberArk Identity involves multiple reasons: for identity to gain access to the clients' environments, to provision on-demand access, and to provide services via the Access Manager.
What is most valuable?
I find the CyberArk Identity portal quite intuitive; it has changed a lot over the last year and a half.
If you think logically and understand your environment, it is easy to establish a suitable setup for yourself and all your vendors. I did see an impact on operational efficiency with CyberArk Identity.
If you look at all the technical requirements to set up a VPN or an access management tool, where you need to integrate four, five, or six different services with the CyberArk side, it is significantly easier. You provision a server on the inside and simply assign the services allowed from the outside by ticking a box to grant access. The person can then either scan a QR code or receive an email to log in.
CyberArk Identity has indeed helped reduce the mean time to detect; it has also aided in troubleshooting by allowing logs to be extracted and sent to a correlation engine, such as QRadar, for notifications or alerts. It also helps in preventing attacks, as someone trying multiple times to log in, and the trigger on whatever login is used aids in maintaining a quick view of what is happening.
What needs improvement?
Room for improvement for CyberArk Identity might be on the support side, as they constantly improve with new features and remove redundant ones, integrating multiple steps into a single one for easier use; however, this is not just CyberArk Identity, as many vendors start with basic troubleshooting services without recognizing that knowledgeable users often reach out after exhausting those options.
For how long have I used the solution?
I have been working with CyberArk Identity for coming on four years now.
What do I think about the stability of the solution?
The solution's stability depends on your connectivity most of the time, so if you've got a bad network, it will not be stable, but with a stable network, due to the redundant data centers across the globe, it is a lot easier to use as a SaaS solution.
What do I think about the scalability of the solution?
CyberArk Identity is definitely a scalable solution; it all depends on the money that you have, as with anything else.
How are customer service and support?
I would rate technical support from CyberArk a nine out of ten; there's always space for improvement.
How would you rate customer service and support?
How was the initial setup?
After implementing CyberArk Identity, in a big implementation, it took about four months for my organization to see time to value, while in a smaller implementation, it was a month.
What's my experience with pricing, setup cost, and licensing?
My experience with the pricing of CyberArk Identity has been good, as we've got a good relationship with the team, whether in South Africa, where I am or globally; we maintain a strong relationship and have been competitive against any other identity solutions.
What other advice do I have?
My experience of working with CyberArk solutions is quite extensive. With CyberArk tools, I have experience working with Privileged Access, Identity Access, and Secrets Manager, although with Secrets Manager not as much, but the other two quite extensively.
My relationship with CyberArk is as a partner. I purchased CyberArk Identity through both the vendor and AWS Marketplace, as it depends on what the client wants: through the vendor for purely bespoke installation or architecture and AWS for ease of use.
I would rate CyberArk Identity a nine out of ten overall.
I understand that different people have different requirements, which might mean they don't experience it the same way as I do.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Eases regulatory compliance and streamlines administrative tasks with efficient identity and password management in sensitive sectors
What is our primary use case?
CyberArk Identity is mainly used for accessing servers, partition management, and rotating passwords, especially in sensitive sectors such as banking and to protect patient data. It's crucial for complying with regulations and ensuring that administrative tasks such as encryption key management are streamlined.
What is most valuable?
CyberArk Identity provides an easy identity portal, single console, log capture for GRC compliance, and efficiently rotates passwords unknown to users, enhancing security. These features aid in reducing the attack surface by blocking unauthorized access and preventing exposure of internal solutions in sectors such as banking.
What needs improvement?
Some areas experience slowness based on the workload. There's a need to enhance network performance despite the good user experience with access management.
For how long have I used the solution?
We have been working with CyberArk Identity for more than five years. Previously, I worked with other PAM management tools. Currently, most customers are choosing it as a premier product, which is why we are focusing more on CyberArk Identity.
How are customer service and support?
They charge reasonable money for the features they provide. The price is reasonable for the product.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
While Arkon PAM is a competitor, that product is not as good nowadays. CyberArk Identity is at the top. When it comes to premium products, CyberArk Identity stands alone.
How was the initial setup?
The setup process for CyberArk Identity is singular, but it differs for all customers. Customers provide the data for implementation, based on which we receive payment. From a product perspective, it's easy, but we need to gather customer data and implement according to their requirements.
Which other solutions did I evaluate?
Other vendors include CrowdStrike and SentinelOne.
What other advice do I have?
Customers in the banking sector don't expose what solutions they have inside their systems for security reasons. My overall rating for CyberArk Identity is nine out of ten.
showing 1 - 4