Secret Server (originally from Thycotic, now from Delinea since the 2021 Thycotic merger with Centrify) is an enterprise password management application, which is available with either a cloud-based or on-premise deployment which emphasizes fast deployment, scalability, and simplicity.
N/A
Microsoft Entra ID
Score 8.9 out of 10
N/A
Microsoft Entra ID (formerly Microsoft Azure Active Directory or Azure AD) is a cloud-based identity and access management (IAM) solution supporting restricted access to applications with Azure Multi-Factor Authentication (MFA) built-in, single sign-on (SSO), B2B collaboration controls, self-service password, and integration with Microsoft productivity and cloud storage (Office 365, OneDrive, etc) as well as 3rd party services.
Great for managing access to secrets and servers and is more secure than storing passwords in a browser. The browser plugin to autofill passwords works well. Being able to schedule access ahead of time is a big plus for me as I can be forgetful. If you want a lightweight password vault, however, it may not be the best choice.
It is well suited for creating and updating and deleting employee attributes through Azure AD provisioning. But there can be some scenarios such as installation of provisioning agent documentation can be improved with proper screenshots. This will help consultants better in further implementations in future. The integration perspective is good but still the documentation available has scope of improvement.
Password Management: Its entire purpose, really. Secret Server stores passwords in an incredibly easy to use way. They can be organized in groups, they contain all the information about the site or system the password is used for (including URLs for websites), and even a notes field. You can set up specific policies for expirations and complexity, and Secret Server can even generate strong passwords for you. Using a password is simple, too, since you can just click a button to add it to your clipboard; you don't even have to unmask the password.
Security: The passwords are stored encrypted in a SQL database, and the application requires an authenticated login. This could be local, but we tie it into Active Directory. Each folder of passwords has groups assigned (in our case, again, AD, but you can make them local groups) with different permission levels, so we can compartmentalize passwords. Desktop technicians don't have access to network switch passwords, etc.
Easy Setup: It took me about an hour to get the server running, from spinning up the VM to importing our old password list. It took a little longer to organize the passwords into proper folders, and then assigning groups, but it was easy to do.
Personal Passwords: Each user also gets a personal folder, where they can keep their own, unshared passwords. This is nice for sites or systems with individualized logins (e.g., a firewall, VPN, etc.)
Favorites: Secret Server lets you tag passwords as "favorites" so you can easily find ones you use constantly. The search feature is nice, but this is nicer.
Microsoft Entra ID's biometric authentication improves security and streamlines user access through facial recognition and fingerprint scanning, which are reliable and practical.
Users can easily confirm their identities using biometrics, smart cards, or PINs, increasing security without disrupting business operations.
Microsoft Entra ID provides us with a thorough security comprehension by allowing us to effectively manage user identities, regulate access entitlements, and track authentication events.
The sharing functionality NEEDS improvement. We share most passwords at a group level, but then it becomes impossible to share them with a dynamic group and one or two one-off people as well. This is a major shortcoming.
I don't love the interface. I feel like there is an attempt at a dashboard, but it is really not effective.
I've heard, but never seen, that the software can actually change passwords in the target systems. If this is part of its deliverable, I do not know how to use it, and I don't know how you would do that. Seems like a great feature for password management.
It has been an essential tool and we have had very few problems using it. Nothing comes close that I have seen, though given how well it has worked out for us I really don't look very hard. The value is extremely high when you consider you get Microsoft Entra ID and the rest of the Microsoft 365 platform for one price.
Easy rollout across organizations, accessible from any device securely, and easy integration with Microsoft products and its services. Microsoft technical consulting services and team helps an organization to connect all dots which make Organization IT professionals' life easier. Easy to use hence adaption is faster and no major training needs to conduct for users.
Microsoft has offered Azure Active Directory as a solution for a couple of decades now, so they have seen and anticipated almost any issue that an organization may face and can therefore help. The cloud offering of Azure Active Directory offers some additional "self healing" or monitoring services that can minimize the need for a service call. However, as with most large companies supporting a fast growing market, there may be some gaps in service knowledge (and particularly processing) from the front line / tier one staff as they follow a corporate script at first contact.
Make sure you use a good partner. Our implementation was a bit longer and more problematic than we expected. Our partner got it done, but, in my opinion, some of their inexperience and staffing issues were evident.
There were not very many solutions that provided the entire package of taking an account from creation and deactivating it when no longer needed, as well as providing the discovery of unknown service accounts. Other solutions like RoboForm and LastPass did not offer the ability to manage your service accounts and added layers of complication to ensure security.
Microsoft seems to be the better service for cloud identity syncing and is still a leader in this realm. Their service is reliable, and we use it with all of our clients. Compared to Okta, the cost is more affordable and they include a lot of services in the Microsoft licensing plans. This makes it the better option for most cases.
Microsoft Professional Services' technical knowledge is appreciable as consultants design the solution as per customer requirements. Mapping of features per user specifications and assisting Customer IT engineers to implement so they can manage and administer the services.
I believe that the reduction in requests for lost access passwords has been considerably reduced by 20%.
There has been an increase in the productivity of each user who has used Entra ID; what these types of programs do is act as a motivator for users so that they can work more comfortably and avoid procrastinating.
