We performed a comparison between CyberArk Privileged Access Manager and SailPoint IdentityIQ based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions received high marks from users. CyberArk Privileged Access Manager has an edge over SailPoint IdentityIQ due to its advanced monitoring and reporting abilities.
"CyberArk has allowed us to get the credentials and passwords out of hard-coded property files."
"We've written over a hundred custom connectors ourselves that allow us to do all types of privileged session management for various applications. On top of that, the rest of the API-based central credential providers allow us to get away from credentials that may be hard-coded in the script or some application."
"CyberArk is a very stable product and it's a stable product because it has a simple design and a simple architecture that allows you to leverage the economies of scale across the base of your infrastructure that you already have implemented. It doesn't really introduce any new complex pieces of infrastructure that would make it that much more difficult to scale."
"We found the initial setup to be easy."
"It has helped from an auditing perspective identify who has access to privileged accounts."
"On the EBB user side, we were able to secure all the server root passwords and admin for Windows. This was a big win for us."
"The product is an important security measure against credential theft. It ensures session isolation and password rotation including pushing passwords to the endpoints."
"It is a central repository. Therefore, if someone needs to access a server, then they go through CyberArk PAM. It provides a secure way to do this and CyberArk PAM records everything. For example, if you are connecting to a Linux server, then once you get into the Linux server and if it is integrated with CyberArk, it will automatically start recording everything that is being done. In most banks, seeing the recordings is very useful. If there are any gaps or something has happened which shouldn't have happened, then we can check the logs and videos. So, it gives security, in a robust manner, to the organization."
"SailPoint IdentityIQ has more enriched out-of-box connectors than the others."
"The level of customization for data imports and role modeling, because it helps to integrate faster, support easier and let it reuse the organization role structure."
"SailPoint IdentityIQ has a good and straightforward user interface. They also have a lot of resources and documentation available to understand the process."
"Provides good authorization and authentication system functionality."
"It is a scalable product."
"The solution’s stability and performance are good."
"We are happy with the SailPoint IdentityIQ’s stability."
"The Certification and Provisioning features are most valuable."
"Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together."
"Initial setup is complex. Lots of architecture, lots of planning, and lots of education and training are needed."
"I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs.""
"They need to provide better training for the System Integrator."
"The tool’s pricing and scalability can be better."
"One thing that could be improved is to create of a better alternative for fixing group policy fees. We currently use Microsoft, but they have introduced new policies that may not be compatible."
"There is a lot of room for improvement in the report section. I also work on other tools, such as Thycotic, which allows you to create customized reports for your organization's needs. In CyberArk, there are limited reports, whereas in Thycotic or some of the other PAM tools, because the database is different, you can customize the report based on your needs through SQL queries."
"It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile."
"Compared to at least one other product some of the administrative tasks could be easier or more intuitive."
"One needs to understand that SailPoint is into full-fledged IAM practice with a long-term vision, and customers will get a quick ROI with best practices implementation."
"The mover process for this solution could be improved."
"The connectors should be improved."
"SailPoint IdentityIQ needs to improve its customization. It should also incorporate some standardized tools for implementation."
"Scalability is hard, especially when you are doing it in real time."
"I would like for the next release to have a more user-friendly interface."
"Some setups should be done in the interface and in the code, and could be made simpler."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
More SailPoint Identity Security Cloud Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 144 reviews while SailPoint Identity Security Cloud is ranked 1st in User Provisioning Software with 62 reviews. CyberArk Privileged Access Manager is rated 8.8, while SailPoint Identity Security Cloud is rated 8.2. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of SailPoint Identity Security Cloud writes "Flexible, easy to customize, and not too difficult to set up". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and ARCON Privileged Access Management, whereas SailPoint Identity Security Cloud is most compared with Saviynt, One Identity Manager, Microsoft Entra ID, ForgeRock and Omada Identity.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The two products are actually complimentary. Both companies have been very good about staying in their lanes and are their respective market leaders.
CyberArk's PAM solution is aimed at protecting privileged accounts by providing features like vaulting, credential rotation, session monitoring and recording. They also have solutions for DevOps and Secrets management.
SailPoint is an Identity Governance solution and actually manages CyberArk as an application the same way it manages accounts and privileges in SAP, AD, AAD and over 100 more applications. For CyberArk, it can add/change/delete users as well as create safes and assign users to those safes. At a user account certification time, it will show the CyberArk users and their associated privileges and allow the user's manager or other appropriate people to approve or revoke the privileged access.
SailPoint creates an Identity warehouse so that a user's accounts and entitlements are gathered, managed and reported on in a centralized manner. See Youtube for a quick explanation - SailPoint Identity Governance Integrates with CyberAek Privileged Access Security.
SailPoint does not provide the vault and session management functions that CyberArk does.
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the management of user identities, systems, data, and cloud services. It works great for Identity Access Management, specifically for cleaning up inactive and orphaned accounts. It has the joiner-mover-leaver feature.
One of the features we like is the large availability of connectors for different applications and platforms. You can also recertify an account, which is very useful. It is well suited for large companies with lots of users and applications. However, for small companies, it might be a bit of an overkill.
Sailpoint has a steep learning curve, so it is not for inexperienced users. Moreover, it doesn’t offer a lot of supporting documentation. It also doesn’t integrate well with other solutions.
We chose CyberArk despite the cost because it works great for password management. CyberArk helps manage privileged accounts and service accounts, for example, when users need to connect remotely into systems. It is especially useful for IT staff to access their privileged accounts without having to remember the passwords every time - individually and even as a group.
What we like the most about CyberArk is the ease of use and effectiveness in managing privileged accounts. For instance, it automatically changes the passwords for privileged accounts and reconciles and verifies passwords. New users can obtain secure credentials with minimal time and effort.
The initial cost is high, which can be a bit of a stretch for small organizations. It also has high requirements for the initial setup and is difficult to customize. The performance could be faster.
Conclusions
While Sailpoint IdentityIQ is a very good privileged account solution, CyberArk is better suited for us because of its ease of use and efficiency in password management.