MSSP guide to Idaptive SSO

The MSSP Guide to CyberArk Identity SSO


CyberArk Identity SSO is a great identity management solution that we recommend and implement every day. CyberArk Identity does a great job with endpoint security and works particularly well with Active Directory. The primary alternative to CyberArk Identity is Okta, which costs more because it is a more mature product and offers additional features and powerful integrations. While CyberArk Identity has fewer application integrations than Okta, CyberArk Identity covers more ground in single sign-on (SSO) and multi-factor authentication (MFA) alone. Here’s a guide.

 

What is CyberArk Identity?

CyberArk Identity specializes in adaptive authentication for email security, database monitoring, and remote app security. CyberArk Identity strives for a simple interface that integrates SSO, MFA, EMM, and UBA. A leader in cloud-based Single Sign On and Multi-Factor Authentication, CyberArk Identity is a flexible solution that’s easy to implement for small to large companies. We tend to recommend CyberArk Identity to product-based companies with a growing salesforce.

 

What is CyberArk Identity Single Sign On (SSO)?

CyberArk Identity offers class-leading SSO solutions. The most common example of SSO is your Gmail account. When you’re signed in to your account and visit various different Google properties (ex., Gmail, YouTube, etc.), your authentication travels with you, and you’re automatically signed in to the different environments. Single Sign On (SSO), per Wikipedia:

“Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.”

 

What is CyberArk Identity SSO pricing?

We’ve implemented CyberArk Identity adaptive SSO for a Bay Area startup. They pay CyberArk Identity per-user fees ($40/year), and that’s it. In total, they paid about $8,000/year. On a larger scale, we implemented CyberArk Identity for an enterprise, and their CyberArk Identity pricing is about $50,000/year.

Is CyberArk Identity the most cost-effective solution? We think so. One leading CyberArk Identity competitor is Okta — and they cost about 20% more. Does that mean we recommend CyberArk Identity over Okta, purely on price? No. We recommend solutions based on the best fit for your company’s needs and long-term goals.

 

Does Centrify own CyberArk Identity?

While CyberArk Identity was spun out of Centrify, recently CyberArk Identity was acquired by CyberArk. In a press release, CyberArk founder, Udi Mokady, says: “With CyberArk Identity, CyberArk will offer customers a SaaS-delivered, security-first approach to managing identities—with Privileged Access Management at its core—that reduces risk, simplifies operations and improves business agility…”

 

Does CyberArk Identity SSO work with a VPN?

Yes. You can protect remote VPN access to your on-premise resources by integrating CyberArk Identity MFA with Cisco, Palo Alto Networks, and Juniper VPN services. Also, per CyberArk Identity:

“You can use CyberArk  Identity Service with your RADIUS client to provide a second authentication layer. For example, if a VPN concentrator uses RADIUS for authentication, you can configure email as a secondary authentication requirement.”

And, per CyberArk Identity:

“Juniper SSL VPN offers SP-initiated SAML SSO (for SSO access directly through the Juniper SSL VPN web application)…”

And lastly, per CyberArk Identity:

“The CyberArk Identity App Gateway enables you to set up secure, per-app access to your on-premises applications without a VPN. With App Gateway, you can access individual legacy applications based on application URLs, users, groups, and network information without exposing your entire network, installing hardware, or changing firewall rules.”

 

Does CyberArk Identity offer biometric and multi-factor authentication (MFA)?

CyberArk Identity does offer biometric authentication, however, their biometric offerings are limited. That said, CyberArk Identity offers fantastic multi-factor authentication. Per CyberArk Identity:

“Whether it’s a push notification, CyberArk Identity mobile authenticator, SMS/text message, email, interactive phone call, YubiKeys , USB devices, digital certificates, Smart Cards, derived credentials or biometrics, we’ve got something for everyone.”

In our experience implementing CyberArk Identityfor companies and enterprises of all sizes, We tend to recommend it to product-based companies with a growing salesforce.

 

Who are CyberArk Identity SSO’s competitors?

The primary CyberArk Identity SSO competitor we recommend is Okta. While Okta and CyberArk Identity are similar product offerings, we have preferences based on your company’s goals and needs.

Choose Okta if your company is:

  • Mostly interested in online login (i.e., publishers, gaming)
  • Single Sign On and/or Multi-Factor Authentication
  • Scaling quickly to 200+ employees
  • 100% cloud-based
  • Interested in biometric/fingerprint authentication

Choose CyberArk Identity if your company is:

  • Product-based with a growing salesforce
  • 50-100+ employees
  • On-prem and cloud data centers
  • Interested in a “zero-trust” security policy

 

Do I need a CyberArk Identity consultant near me?

Maybe. The most important factor is experience and effective workflow, whether in-person, on-site, virtual, or off-site. That said, we think working with a CyberArk Identity consultant near you is an advantage. This will allow your CyberArk Identity consultant to better communicate with existing IT teams, and better understand your current information architecture. A non-local CyberArk Identity consultant becomes a good option if they follow security best practices, and have an established virtual workflow. Why? Location is less significant when virtual workforce tools are effectively adopted by consultants and clients, whether a small business or global enterprise. Plus, on-site specialists can become costly. The bottom line, look for a CyberArk Identity consultant who offers an excellent communication process, clear workflow, and custom security solutions for your business. 

 

Have questions about finding an endpoint security consultant?
Email [email protected] or call (925) 918-6618 

 

READ MORE

The 5-Minute Identity and Access Management Tutorial

The Insider’s Guide to Okta Adaptive MFA Pricing

How to Get an Accurate Okta Quote

How to Migrate to Okta from Oracle Access Manager

Okta vs CyberArk Identity: Decide in 3 Minutes

 

About Sennovate

Sennovate delivers custom identity and access management solutions to businesses around the world. With global partners and a library of 1000+ integrations, we implement world-class cybersecurity solutions that save your company time and money. We offer a seamless experience with integration across all cloud applications, and a single price for product, implementation, and support. Have questions? The consultation is always free. Email [email protected] or call us at: (925) 918-6618