CyberArk Identity
CyberArk Software, Ltd. · CyberArk (Idaptive acquisition closed May 2020, $70M)
Last verified 2026-05-08 · Reviewed by guptadeepak
Editorial verdict
CyberArk Customer Identity (formerly Idaptive) is the right CIAM choice for existing CyberArk Privileged Access Management customers consolidating identity into one vendor, the CIAM-plus-PAM combination is uncommon and meaningful for security-conscious enterprises. FedRAMP Moderate plus strong adaptive MFA inherited from Idaptive suit regulated workloads. Outside CyberArk ecosystem, the standard enterprise-CIAM trade-offs apply: high pricing, dated DX, and limited mid-market access.
Last verified by @guptadeepak on 2026-05-08.
At a glance
- Best for
- Existing CyberArk Privileged Access Management customers consolidating CIAM
- Pricing
- enterprise-quote
- Free tier
- None
- Deployment
- cloud-saas
- SOC 2 Type II
- Yes
- Passkeys
- Native
- Self-host
- No
- Open source
- No
Funding & business
- Funding model
- Public company
- Total raised
- Undisclosed
- Latest round
- None disclosed
- Years in business
- 8 yrs
- Profitable
- Yes
Part of CyberArk (NASDAQ: CYBR); built on the Idaptive business CyberArk acquired for $70M in 2020.
Funding data from primary source. See also the CIAM investor landscape.
Strengths
- Tight integration with CyberArk's Privileged Access Management portfolio, uncommon CIAM-plus-PAM consolidation.
- FedRAMP Moderate authorization plus comprehensive enterprise compliance.
- Strong adaptive MFA and risk decisioning, inherits Idaptive's security-first design.
- CyberArk's enterprise security credibility eases buying-committee evaluation.
Limitations
- Enterprise-only commercial structure with no public pricing.
- DX trails developer-first tier; admin tooling reflects classic enterprise design.
- Outside CyberArk ecosystem, the integration story is weaker.
- Smaller customer base than the largest legacy CIAM incumbents.
Capability matrix
Every vendor scored on the same axes. See the methodology for criteria.
| Password authentication | Yes |
|---|---|
| Social login | Yes |
| Magic links | Yes |
| SMS OTP | Yes |
| Email OTP | Yes |
| TOTP (authenticator app) | Yes |
| Push MFA | Yes |
| WebAuthn / passkeys | Yes |
| Biometric | Yes |
| Hardware security keys | Yes |
| SAML SSO | Yes |
| OIDC SSO | Yes |
| OAuth 2.0 SSO | Yes |
| Enterprise federation | Yes |
| Passwordless-only flows | Yes |
| Adaptive MFA | Yes |
| Step-up auth | Yes |
| RBAC | Yes |
|---|---|
| ABAC | Yes |
| ReBAC | No |
| FGA engine | No |
| API authorization | Yes |
| Fine-grained permissions | Yes |
| Self-service registration | Yes |
|---|---|
| Progressive profiling | Partial |
| Self-service account | Yes |
| Bulk user import | Yes |
| Admin user search | Yes |
| Custom user metadata | Yes |
| Organizations / tenants | Yes |
| Multi-tenancy | Yes |
| REST API | Yes |
|---|---|
| GraphQL API | No |
| SDKs | js, node, java, python, dotnet |
| CLI | Yes |
| Terraform provider | Yes |
| Local emulator | No |
| Extension model | Workflows + custom rules |
| Bot detection | Yes |
|---|---|
| Breached password detection | Yes |
| Brute-force protection | Yes |
| Anomaly detection | Yes |
| Log streams | Yes |
| Audit logs | Yes |
| GDPR data export | Yes |
| PII minimization | Yes |
| Post-quantum roadmap | No |
| MCP support | No |
|---|---|
| OAuth 2.1 | Yes |
| Dynamic client registration | Yes |
| Agent vs human token separation | No |
| Web Bot Auth | No |
| SOC 2 Type II | Yes |
|---|---|
| ISO 27001 | Yes |
| ISO 27018 | Yes |
| HIPAA | Yes |
| PCI DSS | No |
| GDPR | Yes |
| CCPA | Yes |
| FedRAMP | Moderate |
| EU data residency | Yes |
| Consent management | Partial |
|---|---|
| Preference center | Partial |
| Purpose-specific consent | No |
| Integrates with CMPs | n/a |
Pricing
| 10,000 MAU | Quote required |
|---|---|
| 100,000 MAU | $5,500/mo |
| 500,000 MAU | $17,000/mo |
| 1,000,000 MAU | $30,000/mo |
- CyberArk enterprise sales engagement; quote-based
- Strong fit for existing CyberArk Privileged Access Management customers
- Identity Security Platform bundle pricing typical
Estimates use the standard assumptions in our methodology. Always confirm with the vendor.
Best for
- Existing CyberArk Privileged Access Management customers consolidating CIAM
- Enterprise security-conscious deployments needing CIAM plus PAM coordination
- Regulated industries requiring FedRAMP Moderate
Not for
- Mid-market SaaS or startups
- Greenfield projects without CyberArk context
- Developer-velocity-focused teams
FAQ
- What was Idaptive?
- Idaptive was a workforce-and-customer identity platform founded in 2018, originally spun out from Centrify. CyberArk acquired Idaptive in May 2020 for $70M and integrated it into the broader CyberArk Identity Security Platform. The Customer Identity product retains the Idaptive B2C heritage.
- Why pair CIAM with Privileged Access Management?
- Most CIAM and PAM are sold as separate vendors. CyberArk consolidates them, which lets enterprises apply consistent risk decisioning, policy, and audit across customer-facing and privileged-employee identities. For security-conscious organizations operating critical infrastructure, this is a meaningful architectural simplification.
- What does CyberArk Customer Identity cost?
- Enterprise quote-based via CyberArk sales, typically as part of broader Identity Security Platform bundle pricing. Six-figure annual minimums typical at enterprise scale.
Sources
- CyberArk Customer Identity product pageaccessed 2026-04-22
- CyberArk documentationaccessed 2026-04-22
What CyberArk Customer Identity is
CyberArk Customer Identity is CyberArk's CIAM, originating as Idaptive (founded 2018 as a Centrify spinout) and acquired by CyberArk in May 2020 for $70M. The product is integrated into CyberArk's broader Identity Security Platform alongside its dominant Privileged Access Management offerings. The buyer is typically an existing CyberArk PAM customer consolidating CIAM into one vendor for cross-domain risk and audit coordination.
Where CyberArk Customer Identity wins
The CIAM-plus-PAM consolidation is uncommon in the index and meaningful for security-conscious enterprises that want consistent policy, risk decisioning, and audit across customer and privileged-employee identities. Strong adaptive MFA inherited from Idaptive's security-first heritage. FedRAMP Moderate plus comprehensive enterprise compliance.
Where CyberArk Customer Identity hurts
Enterprise-only commercial structure with opaque pricing. DX trails developer-first tier. Outside CyberArk ecosystem, the integration story is weaker. Smaller customer base than the largest legacy CIAM incumbents.
How CyberArk Customer Identity compares
The closest comparisons are Auth0 vs CyberArk Customer Identity for the developer-first-vs-enterprise-PAM call, Ping Identity vs CyberArk Customer Identity, and Beyond Identity vs CyberArk Customer Identity for the security-forward enterprise tier.
Editorial changelog (2 entries)
Profile reviewed: capabilities, pricing, and verdict checked against current public sources.
Renamed from 'CyberArk Customer Identity' to 'CyberArk Identity' to reflect the current brand. Lineage clarified in legal_name: Centrify → Idaptive → CyberArk Identity.