What is CyberArk Identity Compliance?

This topic provides an overview of CyberArk Identity Compliance.

The challenge

Your users' access to resources expands rapidly as your organization grows. Access changes as users are added, removed, or they change roles. You need to ensure that all of your users can only access privileges they need to complete their tasks, following the principle of least privilege, in compliance with your organization's policies.

The solution

CyberArk Identity Compliance provides tools to ensure user access across your organization is in compliance with current policies and needs. By providing a single view of who has access to what, CyberArk Identity Compliance makes it easier to enforce and demonstrate compliance by continuously discovering access, streamlining access certifications, and providing comprehensive identity analytics.


  • Keep pace with complex and continuously multiplying industry and government regulations to satisfy audit and compliance.

  • Unify and streamline identity administration by reviewing access from a centralized location to enable operational efficiencies.

  • Eliminate manual, error-prone administrative processes and implement tighter security controls to deliver measurable cyber risk reduction.

How it works

An administrator typically creates a certification campaign for specified resources (such as apps or Safes). The administrator assigns a certifier. The certifier then reviews the access for all users in the campaign and decides whether to certify or revoke access to each resource.

You can continuously discover privileged and non-privileged accounts and access entitlements for each user in the organization. Schedule periodic reviews to certify that users have the right access to the right applications, Safes and privileged accounts. Create audit reports and detailed dashboards that give auditors visibility into who had access to what, who requested access and when, who granted access or certified access, when was it accessed and more.

If the campaign ends before the certifier finishes all decisions, the closed loop remediation process can either continue or revoke users' access on unfinished items.

Product integration

If your Identity Compliance system is integrated with Privileged Access Management or Privilege Cloud, you can discover and review access to Safes. See the following documentation for details:

Your Identity Compliance deployment must be integrated with CyberArk Identity. All users, resources, and roles originate in CyberArk Identity.