LastPass vs CyberArk - What are the differences?

While LastPass and CyberArk are similar tools in that they both serve as secret vaults, there are significant differences in functionality and price.

You can eliminate the stress of creating and trying to remember dozens of passwords by using a password manager. UW–Madison offers two solutions—LastPass Enterprise and CyberArk—that can help you stay safe online with your personal and IT admin accounts.

LastPass Password Manager - LastPass Enterprise (Source: is a DoIT-supported enterprise password manager. offers basic vaulting functionality, storing secrets and permitting some basic sharing. It’s primary value add is the ability to use a different password for every system or website where someone uses different logon credentials. UW-Madison has an enterprise license and all faculty, staff, and students are eligible for the service. It provides a secure, convenient, easy to use platform to store your:

  • Personal and work-related login credentials for the websites and apps you use
  • Important documents, such as your passport, driver’s license, etc.
  • Payment information for online shopping and bill paying

LastPass works across multiple platforms and devices, including Windows, Mac, Linux, Android and iOS.

CyberArk Privileged Access Manager - CyberArk (Source: is geared toward IT administrators and provides Privilege Access Management (PAM) functionality and controls for users, accounts, processes and systems at UW–Madison. It provides automated management capabilities to help eliminate manual, time-consuming processes, allowing IT administrators to work more efficiently. CyberArk offers advanced account management functionality, including check-in/check-out or request/approval workflows, detailed auditing of secrets access, session recording, and the ability to manage passwords (i.e. rotating a credential in Active Directory on a set cadence or when it is checked back in). It is currently integrated with campus Active Directory and supports integration with a wide variety of systems. Our CyberArk instance is hosted on-premise in DoIT datacenters. CyberArk requires each user to have their own license to access the tool. Licenses are roughly $800 per user up front plus an annual 20% maintenance fee.

The Office of Cybersecurity provides onboarding and training to help vault credentials and validate integrations to effectively use the tool.

Feature / Tool CyberArk LastPass
Target users IT Administrators; Users with highly privileged access Everyone
How do I login? NetID NetID or Master Password
How do I connect to the service? Requires user to be on campus network or WiscVPN Requires internet connection
Where is the tool hosted? DoIT Data Centers LastPass Data Centers
Is there logging? Detailed None or limited
Advanced Features Detailed sharing capabilities, request workflows, privilege session management, credential check out Some sharing capabilities
Existing UW-Madison integrations Campus Active Directory None
Cost ~$800 per user initially, 20% Centrally funded by DoIT
Supported by Cybersecurity and DoIT Cybersecurity and DoIT

Because of these difference in features and price, they each serve different needs. CyberArk is perfect for highly privileged accounts that need extra layers of security, such as detailed logging for external audits or where you want to significantly reduce exposure and thus the risk of compromise in a highly privileged environment. LastPass is good for individual users who store logins for lower risk systems or sites, such as social media.

KeywordsLastPass, CyberArk, comparison, PAM, privilege access management, password manager   Doc ID123369
OwnerPeter V.GroupCybersecurity
Created2023-01-10 14:39:42Updated2023-01-10 15:19:49
SitesOffice of Cybersecurity
Feedback  1   1