CyberArk Endpoint Privilege Manager vs One Identity Safeguard comparison

CyberArk and One Identity are both solutions in the Privileged Access Management (PAM) category. CyberArk is ranked #3 with an average rating of 8.4, while One Identity is ranked #4 with an average rating of 7.2. CyberArk holds a 3.6% mindshare in PAM, compared to One Identity’s 4.2% mindshare. Additionally, 85% of CyberArk users are willing to recommend the solution, compared to 93% of One Identity users who would recommend it.

CyberArk Endpoint Privilege...

Read 36 CyberArk Endpoint Privilege Manager reviews

1,343 Views
946 Comparison Views

85% willing to recommend

One Identity Safeguard

Read 40 One Identity Safeguard reviews

2,991 Views
1,201 Comparison Views

93% willing to recommend

CyberArk Endpoint Privilege...

One Identity Safeguard

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 6, 2024

CyberArk Endpoint Privilege Manager and One Identity Safeguard are leading solutions in the endpoint security sector. CyberArk appears to have the upper hand in user satisfaction, particularly in pricing and support, whereas One Identity Safeguard is valued for its rich features that justify its higher cost.

Features: Users identify CyberArk Endpoint Privilege Manager for its integration capabilities, effective privilege management, and streamlined user controls. One Identity Safeguard stands out with its comprehensive session management, scalability, and robust security features.

Room for Improvement: CyberArk users suggest enhancements in reporting capabilities, simplified update processes, and more user-friendly interfaces. For One Identity Safeguard, improvements in response time, configuration simplicity, and user documentation are highlighted.

Ease of Deployment and Customer Service: CyberArk Endpoint Privilege Manager offers straightforward deployment and responsive customer service, making it a good fit for fast implementation. One Identity Safeguard, despite requiring more complex setup, provides a comprehensive support framework appreciated by users.

Pricing and ROI: CyberArk Endpoint Privilege Manager is seen as cost-effective with its competitive setup costs and quick ROI. One Identity Safeguard, although higher in upfront costs, provides long-term value due to its extensive features, offering a justified investment for many organizations.

To learn more, read our detailed CyberArk Endpoint Privilege Manager vs. One Identity Safeguard Report (Updated: January 2025).

Buyer's Guide

CyberArk Endpoint Privilege Manager vs. One Identity Safeguard

January 2025

Download the complete report

Helped 838,713 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

CyberArk Endpoint Privilege...

Ranking in Privileged Access Management (PAM)

3rd

Average Rating

8.2

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

Endpoint Compliance (4th), Anti-Malware Tools (5th), Application Control (5th), Ransomware Protection (6th)

One Identity Safeguard

Ranking in Privileged Access Management (PAM)

4th

Average Rating

8.0

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

User Entity Behavior Analytics (UEBA) (6th)

Mindshare comparison

As of February 2025, in the Privileged Access Management (PAM) category, the mindshare of CyberArk Endpoint Privilege Manager is 3.6%, up from 3.6% compared to the previous year. The mindshare of One Identity Safeguard is 4.2%, down from 5.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Privileged Access Management (PAM)

Featured Reviews

Sumit Chavan

Lead Consultant at Aujas Networks Pvt Ltd

Helps secure the infrastructure and control users with admin rights

There are many features that are currently missing. A customization option is required for certain policies. For instance, if we need to stop PowerShell scripting, we have to create a different policy for that. Being able to create a sub-level policy within a top-level policy would be good. Currently, no user-based policy option is available inside the EPM console. We can only create computer-based policies. The database is available, but there is a drawback in not being able to create local groups on the EPM console. We only have to depend on Active Directory. This limits infrastructure security as we depend on the Active Directory team to manage user groups. If they remove any users, we lose control. If we could create groups locally and block them or set specific policies, we would have more control. Local endpoint management is missing from the EPM site. Moreover, there is an issue with policies not running as expected when we make enhancements. We have to find multiple ways to whitelist applications or enhance policies.

Read full review

Tor Nordhagen

Executive Director at Semaphore

Transparent mode for privileged sessions will greatly simplify our client's administrative situation

We're introducing the solution's transparent mode for privileged sessions. This is part of what the client hasn't used before. It will simplify their administrative situation greatly. So far, the rollout of this feature has been a seamless process, but we're still in the midst of rolling it out. The benefits will be on the risk side. Right now, the way accounts are managed, you don't necessarily know who is using an account. There's a shared admin account, and that's not a good thing. And those accounts are shared in wallets by several people. One of the real benefits of safeguarding here is that the client will have an absolute audit of who is using an administrative interface, whether it's server or network.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We were able to reduce the number of privileged accounts by 50%, which helped to simplify our privileged access management environment."

"I have always found that CyberArk is a very tight, foolproof product compared to most other products available."

"CyberArk Endpoint Privilege Manager (EPM) 's most valuable feature is its ability to manage user application privileges and protect against ransomware attacks by controlling access to specific files and applications."

"The password rotation and the session recording are the most valuable features."

"The product is stable."

"The most valuable feature is that it does lifecycle management and that it will change to whatever the end target is."

"We can do both server and endpoint protection."

"CyberArk Endpoint Privilege Manager enhances computer security by providing minimal access, effectively preventing ransomware attacks."

More CyberArk Endpoint Privilege Manager pros

"The Transparent Mode is the number one advantage of the product."

"It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage."

"We use the solution’s “transparent mode” feature for privileged sessions. It is very easy because it is only a simple configuration for our users. We don't have to modify our network. We install it, configure it, and it works. So, it is super easy. The rollout for our users is seamless."

"One of the real benefits of safeguarding here is that the client will have an absolute audit of who is using an administrative interface, whether it's server or network."

"One Identity Safeguard is stable and provides great performance."

"All sessions are audited and they are indexed/searchable through the GUI."

"Safeguard has the ability to record and retrieve in the full-video format."

"The customer service and technical support are very good."

More One Identity Safeguard pros

Cons

"The CyberArk team is working on a feature to identify devices without the Endpoint Privilege Manager running, which is currently missing."

"CyberArk Endpoint Privilege Manager could be improved by simplifying the administration process, specifically when setting up policies and applications."

"The management of Privilege Access is not satisfactory."

"CyberArk Endpoint Privilege Manager is not suitable for the current situation because when you compare it to OTP, OTP is the strongest password solution. You can use it as a one-time password, but you have to log into the password manager itself and if you don't change your password, it will be the weakest link in the security. In OTP, you don't have that weakest link."

"Performance could be better. We have a couple of problems with CyberArk right now. One of the problems is performance in our environment. Support also takes a long time to respond. If the user already has local admin rights, then I can't collect any events in the console from this device. There are also some options in CyberArk that are not working properly, and are not helpful in this case. I can't collect any information to create a proper policy for the device. I have to investigate everything manually, or even disable the local admin from the device. I can collect the events only after this, and it's very time consuming. In my case, it's a waste of resources."

"My recommendation for improvement is to add functionality for when users request access to an application. There's a pop-up UI, but it's not very customizable. I suggest creating a UI where we can write scripts or use SDKs to enhance it. This could automatically create tickets in a system like ServiceNow when users request an application. If a manager approves, we could automatically push policies to those users."

"Technical support is slow to respond when we run into issues."

"The solution is very expensive."

More CyberArk Endpoint Privilege Manager cons

"The interface is better now, but it still could be improved a lot. It needs more organization, menus, automatic refresh of information, and Web 2.0."

"One Identity's support is not appropriately structured, and it has a lot of room to improve."

"The high availability function of the box requires a long time to switch over from one appliance to another."

"Support for One Identity Safeguard could be improved because sometimes the support team doesn't have an answer or solution for some bugs. A feature I found in a competitor would make One Identity Safeguard better, and that is the ability to load balance the traffic in the target."

"From a usability perspective, what we are finding out is that our privileged domain admin users, in particular, want functionality for extending a checkout session. So we are working with One Identity support to see if there's an enhancement that can be made to the product."

"One Identity Safeguard can improve by having more integration with multiple devices."

"Our experience with technical support has been disappointing. We require more prompt and faster response times. We require answers to our questions right away but we haven't received that level of support."

"Transparent mode was too cumbersome, so I don't foresee us being able to use it. On paper when we were initially talking about it, it was definitely going to be the preferred method until we realized the burden it would be on our network guys. Then, we had to step back and reevaluate what we wanted to do. That's when we changed our approach to use the RD Gateway feature."

More One Identity Safeguard cons

Pricing and Cost Advice

"The cost for CyberArk is very high."

"The solution requires an annual license to use it. There can be some extra costs in some cases."

"The price of CyberArk Endpoint Privilege Manager is expensive. The solution is priced based on the number of accounts onboarded and the number of concurrent sessions. Everyone else is included in the price, such as support."

"The price of CyberArk Endpoint Privilege Manager is expensive."

"CyberArk Endpoint Privilege Manager has a very high price, so it's a one out of ten for me in terms of pricing."

"CyberArk has saved us 15% of our costs. They offer discounts due to trusted partnerships. We have been in the system for a long time."

"The product's license is easy to procure."

"CyberArk Endpoint Privilege Manager is slightly expensive, but costs can be negotiated to become more competitive."

More CyberArk Endpoint Privilege Manager pricing and cost advice

"One Identity Safeguard is expensive and the cost goes up as we scale."

"It is a bit on the pricey side, but you get what you pay for. You don't want to get anything too cheap because then you get cheap stuff and cheap support. That really never helps anybody."

"It was definitely cheaper than the other two products that we evaluated."

"Its subscription cost is too much, and sometimes, it is very difficult to pitch the solution to the management for cost approval. If the cost is reduced a little bit, it would be easier. If its cost was less, many other organizations that currently cannot afford it would be able to use this technology. I'm sure many organizations around the globe are having issues with identity management, and it is a very difficult task for IT to manage privileged accounts."

"Our licensing costs are on a yearly basis."

"The pricing depends on our perspective, our budget, and, of course, the competitors we are taking into account."

"They offer a fair price for a robust solution."

"Setup cost, pricing and licensing are all very expensive."

More One Identity Safeguard pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Privileged Access Management (PAM) solutions are best for your needs.

See recommendations

838,713 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

15%

Computer Software Company

14%

Manufacturing Company

11%

Government

Computer Software Company

23%

Financial Services Firm

12%

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Looking for recommendations and a pros/cons template for software to detect insider threats

This is an inside-out --- outside-in --- inside-in question, as an insider can be an outsider as well. There is no short answer other than a blend of a PAM tool with Behavioral Analytics and Endpo...

See all answers

What do you like most about CyberArk Endpoint Privilege Manager?

The most valuable feature of the solution is its performance.

See all answers

What is your experience regarding pricing and costs for CyberArk Endpoint Privilege Manager?

CyberArk Endpoint Privilege Manager is slightly expensive, but costs can be negotiated to become more competitive.

See all answers

What do you like most about One Identity Safeguard?

The identity discovery is good, and the performance is pretty good value.

See all answers

What is your experience regarding pricing and costs for One Identity Safeguard?

One Identity Safeguard is expensive. The license is around $3,000 per month.

See all answers

What needs improvement with One Identity Safeguard?

One Identity's support is not appropriately structured, and it has a lot of room to improve.

See all answers

Comparisons

CrowdStrike Falcon vs CyberArk Endpoint Privilege Manager

Compared 24% of the time

Microsoft Defender for Endpoint vs CyberArk Endpoint Privilege Manager

Compared 18% of the time

BeyondTrust Endpoint Privilege Management vs CyberArk Endpoint Privilege Manager

Compared 15% of the time

CyberArk Privileged Access Manager vs CyberArk Endpoint Privilege Manager

Compared 9% of the time

Tanium vs CyberArk Endpoint Privilege Manager

Compared 5% of the time

More CyberArk Endpoint Privilege Manager Competitors

CyberArk Privileged Access Manager vs One Identity Safeguard

Compared 37% of the time

WALLIX Bastion vs One Identity Safeguard

Compared 14% of the time

Delinea Secret Server vs One Identity Safeguard

Compared 10% of the time

SailPoint Identity Security Cloud vs One Identity Safeguard

Compared 8% of the time

BeyondTrust Privileged Remote Access vs One Identity Safeguard

Compared 8% of the time

More One Identity Safeguard Competitors

Product Reports

Buyer's Guide

CyberArk Endpoint Privilege Manager

February 2025

CyberArk Endpoint Privilege Manager report

Download CyberArk Endpoint Privilege Manager product report

Buyer's Guide

One Identity Safeguard

February 2025

Download One Identity Safeguard product report

Also Known As

Viewfinity

No data available

Overview

CyberArk Endpoint Privilege Manager, a critical and foundational endpoint control addresses the underlying weaknesses of endpoint defenses against a privileged attacker and helps enterprises defend against these attacks through removing local admin rights, enforcing least privilege, and implementing foundational endpoint security controls across all Windows, macOS and Linux endpoints from hybrid to cloud environments.

Click here for a free 30 day trial: CyberArk Endpoint Privilege Manager free trial

CyberArk

One Identity Safeguard manages and monitors privileged access, enhancing security with features like automatic session recording, real-time monitoring, and credential rotation. It integrates seamlessly, supports compliance with audit trails, and improves operational efficiency across organizations. This robust platform significantly bolsters security protocols while controlling sensitive operations.

One Identity

Sample Customers

Information Not Available

Cavium

Buyer's Guide

CyberArk Endpoint Privilege Manager vs. One Identity Safeguard

January 2025

Free Report: CyberArk Endpoint Privilege Manager vs. One Identity Safeguard

Find out what your peers are saying about CyberArk Endpoint Privilege Manager vs. One Identity Safeguard and other solutions. Updated: January 2025.

DOWNLOAD NOW

838,713 professionals have used our research since 2012.

See our CyberArk Endpoint Privilege Manager vs. One Identity Safeguard report.

See our list of best Privileged Access Management (PAM) vendors.

We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.