We have the identity provider for all the authentication processes. However, sometimes, we need access to different applications for customers or clients that are not integrated into the identity provider. For these, we need to store a password to gain access. For example, we use the CyberArk Password Vault for third-party services. This vault needs to be shared with many people in our company. This allows us to store passwords and create privileged access for some users without them needing to know the password. The system inputs the password into the endpoint URLs they use for authentication, but the users never see the password. This is crucial because people may leave the company, posing a high risk. If we had integrated it into the identity provider, we would have policies for active directory users but not for users outside the company. For example, our development teams need to connect to databases, systems, and cloud services during development. The developers don’t get access to third-party services. We use the solution to manage this access. The application being developed and deployed integrates with CyberArk Password Vault services.
My company uses CyberArk Enterprise Password Vault for our servers and when our IT partners try to access our mission critical systems. We have also integrated the product with software tools used for authentication purposes. Our company's IT uses LDAP credentials to log in to the PVWA application while also being able to use granted privileges on one or more servers.
I use the solution for administration. If the customer requires Alero or HTML, we will deploy the solution in that particular environment. Otherwise, if the end users are accessing the solution via VPN or from inside the network, we will not deploy Alero or HTML. We will instead focus on CyberArk's core PAM, which includes the vault password rotation component, the web interface component, the jump server, and PPA. These are CyberArk's four main components which we deploy for every customer.
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
The most common use case is when you need to hide the management for the servers, switches, routers, et cetera. You can use privileged access for remote use cases.
We use the solution as a vault for whatever passwords we use for connecting to an API or job services. The admin passwords we store in Password Vault. Via CyberArk, we have made a use case where we can track the session, keep a record, and log it, to whoever is logging into the servers.
Information Security Engineer II at a healthcare company with 1,001-5,000 employees
Real User
2022-03-23T00:30:37Z
Mar 23, 2022
Our use case for CyberArk Enterprise Password Vault is managing privileged accounts. These are local accounts, e.g. local desktops, laptops, or servers. They have a built-in administration account, so part of the solution is to ensure that that account's username and password are stored in the vault and managed by CyberArk Enterprise Password Vault.
Companies often have an enormous amount of admin credentials out there. They want to find out how many they have, start cleaning them up, and ensure they're all kept in an encrypted vault. Password Vault is probably the top product in that space, and it's a monster to implement, but CyberArk is great at what they do.
Senior Presale - BU Information Security at a tech services company with 51-200 employees
Real User
2021-09-29T02:43:42Z
Sep 29, 2021
We implement this solution for our customers. We are system integrators, not end-users. The main use case is for secure access, and monitoring the access by IT administrators.
Technical Lead IMSS at a computer software company with 1,001-5,000 employees
Real User
2020-11-23T14:40:53Z
Nov 23, 2020
We use it for storing and rotating passwords. Within our organization, a lot of people are using this solution for a lot of projects. We have already implemented CyberArk as a SaaS solution. We are not using the core parts, but we are using the software as a service for a project. At my previous job, there was a team of seven people who were in charge of maintenance. Mostly analysts, senior analysts, and a technical lead used this solution.
I'm an integrator and we identify and provide performance discovery, and we select the best product for our clients. We have users that are administrators in the environment, and we convert them into a shared account model. Many of the organizations have two accounts. One is a regular user account and the other gives them administrative rights. CyberArk allows for a higher degree of segregation of duties, although CyberArk itself doesn't do that. You have to have knowledge of role-based access control and least privilege principles. It supports it, but you have to implement it. There is also service recording, service accounts on Windows Systems, and Linux systems, to rotate their passwords. You will find service accounts with passwords that are 5,000 to 8,000 days old, but not with CyberArk. It creates a very strong service to prevent attacks. When passwords don't change it makes them very vulnerable and allows attackers significant lateral mobility within an organization. It gives them the necessary time to scout the environment and choose what their attack will be, whether it's going to be a ransomware attack or a data exfiltration attack or if it's going to go in to cause defamation to the company like creating a denial of service to clients. Also, hacking their Facebook page or their Twitter page are common attacks.
Security Architect at a financial services firm with 10,001+ employees
Real User
2020-06-25T10:49:31Z
Jun 25, 2020
This solution is used primarily for privileged segment access and break-glass access. We also use it for log-on session recording and access control, where we can grant access to our key systems for ad-hoc use.
Pre-sales Engineer at StarLink - Trusted Security Advisor
Real User
2019-11-07T10:35:00Z
Nov 7, 2019
The primary use case is for storing user passwords and administration credentials. I am the engineer for a company that sells this solution mostly to financial institutions. It is also useful for auditing and securing shared accounts or co-shared accounts.
Consultant at a financial services firm with 5,001-10,000 employees
Real User
2019-11-07T10:35:00Z
Nov 7, 2019
The primary use case of this solution is for third-party developers that come into our infrastructure from VPN to connect. They are organizations that are outside of our organization.
I have worked as a CyberArk SME, team leader, project manager in the financial industry. I've managed both the implementation and configuration of enterprise CyberArk infrastructures.
Technologist - Specialty in Identity and Access Management at Sears Technology Services Incorporated
Real User
2018-11-13T21:53:00Z
Nov 13, 2018
* This product provides accountability and audit trails for privileged account access. * Automatic password rotation every 24 hours to adhere to our internal compliance guidelines.
CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.
CyberArk Privileged Access Manager possesses...
We have the identity provider for all the authentication processes. However, sometimes, we need access to different applications for customers or clients that are not integrated into the identity provider. For these, we need to store a password to gain access. For example, we use the CyberArk Password Vault for third-party services. This vault needs to be shared with many people in our company. This allows us to store passwords and create privileged access for some users without them needing to know the password. The system inputs the password into the endpoint URLs they use for authentication, but the users never see the password. This is crucial because people may leave the company, posing a high risk. If we had integrated it into the identity provider, we would have policies for active directory users but not for users outside the company. For example, our development teams need to connect to databases, systems, and cloud services during development. The developers don’t get access to third-party services. We use the solution to manage this access. The application being developed and deployed integrates with CyberArk Password Vault services.
Primarily, I import accounts from our critical systems.
We use the solution for password vaulting, password rotation, session management, and secret management.
My company uses CyberArk Enterprise Password Vault for our servers and when our IT partners try to access our mission critical systems. We have also integrated the product with software tools used for authentication purposes. Our company's IT uses LDAP credentials to log in to the PVWA application while also being able to use granted privileges on one or more servers.
I use the solution for administration. If the customer requires Alero or HTML, we will deploy the solution in that particular environment. Otherwise, if the end users are accessing the solution via VPN or from inside the network, we will not deploy Alero or HTML. We will instead focus on CyberArk's core PAM, which includes the vault password rotation component, the web interface component, the jump server, and PPA. These are CyberArk's four main components which we deploy for every customer.
We use the product to store system accounts.
CyberArk vouches for access to domain controllers in Unix and Windows Server.
We use the solution for cybersecurity and regulation.
The most common use case is when you need to hide the management for the servers, switches, routers, et cetera. You can use privileged access for remote use cases.
Our primary use case for his solution is privileged identity and application identity management, and we deploy the solution on-premises.
We use the solution as a vault for whatever passwords we use for connecting to an API or job services. The admin passwords we store in Password Vault. Via CyberArk, we have made a use case where we can track the session, keep a record, and log it, to whoever is logging into the servers.
We Enterprise Password Vault to manage privileged credentials as well as some server and activity logging.
Our use case for CyberArk Enterprise Password Vault is managing privileged accounts. These are local accounts, e.g. local desktops, laptops, or servers. They have a built-in administration account, so part of the solution is to ensure that that account's username and password are stored in the vault and managed by CyberArk Enterprise Password Vault.
Our clients primarily use the CyberArk Password Vault for password rotation and password management.
My primary use case is the digital identity for access management of users and the configuration of passwords, or MSA, or SSO.
I've deployed Password Vault for various use cases across different industries from finance to healthcare and manufacturing.
Companies often have an enormous amount of admin credentials out there. They want to find out how many they have, start cleaning them up, and ensure they're all kept in an encrypted vault. Password Vault is probably the top product in that space, and it's a monster to implement, but CyberArk is great at what they do.
We use CyberArk Enterprise Password Vault and we provide it to our customers. We use this solution for password vaulting and session management.
The primary use case is to monitor the official activity of a privileged user for privilege violations.
We implement this solution for our customers. We are system integrators, not end-users. The main use case is for secure access, and monitoring the access by IT administrators.
I used CyberArk for vaulting passwords.
We use it for storing and rotating passwords. Within our organization, a lot of people are using this solution for a lot of projects. We have already implemented CyberArk as a SaaS solution. We are not using the core parts, but we are using the software as a service for a project. At my previous job, there was a team of seven people who were in charge of maintenance. Mostly analysts, senior analysts, and a technical lead used this solution.
I'm an integrator and we identify and provide performance discovery, and we select the best product for our clients. We have users that are administrators in the environment, and we convert them into a shared account model. Many of the organizations have two accounts. One is a regular user account and the other gives them administrative rights. CyberArk allows for a higher degree of segregation of duties, although CyberArk itself doesn't do that. You have to have knowledge of role-based access control and least privilege principles. It supports it, but you have to implement it. There is also service recording, service accounts on Windows Systems, and Linux systems, to rotate their passwords. You will find service accounts with passwords that are 5,000 to 8,000 days old, but not with CyberArk. It creates a very strong service to prevent attacks. When passwords don't change it makes them very vulnerable and allows attackers significant lateral mobility within an organization. It gives them the necessary time to scout the environment and choose what their attack will be, whether it's going to be a ransomware attack or a data exfiltration attack or if it's going to go in to cause defamation to the company like creating a denial of service to clients. Also, hacking their Facebook page or their Twitter page are common attacks.
Our primary use of this solution is as a password manager.
There are threats that get opened because of the vulnerability of privileged access that says to directly put it in a vault.
This solution is used primarily for privileged segment access and break-glass access. We also use it for log-on session recording and access control, where we can grant access to our key systems for ad-hoc use.
The primary use case is for storing user passwords and administration credentials. I am the engineer for a company that sells this solution mostly to financial institutions. It is also useful for auditing and securing shared accounts or co-shared accounts.
The primary use case of this solution is for third-party developers that come into our infrastructure from VPN to connect. They are organizations that are outside of our organization.
The primary use case of the solution is to gather privileged accounts from different systems and to contain privileged accounts in one secure place.
I have worked as a CyberArk SME, team leader, project manager in the financial industry. I've managed both the implementation and configuration of enterprise CyberArk infrastructures.
Our primary use case of this solution is for elevated access.
* This product provides accountability and audit trails for privileged account access. * Automatic password rotation every 24 hours to adhere to our internal compliance guidelines.
This solution is used for managing all unmanaged and forgotten privileged accounts. DNA tool is amazing, far better than imaginable in previous years.