Password server market is quite competitive, but most products lack feature or two. I came across Secure Password server and when I saw features list, I downloaded the trial and installed application.
First thing I noticed was user interface, it’s not the best looking and I am sure there could be some improvements with usability. But don’t let the look fool you, below the surface is a powerful tool that makes it one of the most powerful password server products. Product is available as an Online edition or On premise edition.
Secret Server Review
Secret Server has a dashboard with screen divided on three parts, left part is your password database where you organise passwords in folders. Middle part has all the information about your object, right part has quick menus – recent items, Favourite passwords, help and new password templates. Thycotic, company behind Secret Server calls passwords in their product Secrets.
Password template include templates for the most popular applications and devices like Oracle, OpenLDAP, Sybase, Cisco, SonicWall, SAP…
Secret Server has many great features but some that really impressed me are listed below.
Features that stand out
1. Ability to Launch RDP sessions
You don’t have to share secrets with your team, you can set up RDP connection and share connection only, your team member will be able to launch RDP session from within Secret Server. He won’t see a password.
2. Ability to record Session
Would you like to check what other team members are doing on the server? Now you can. You can restrict access to RDP via Secret Server connection only (without knowing the password). The only way to launch RDP is from within Secret Server. If you enable recording all the sessions will be recorded. You can see that session is recorded on lower left part of the screen.
3. Customise RDP session
Just like you customise local RDP session and limit access to drives, clipboard and printers you can do the same for Server Server RDP session.
4. Change password automatically
In most corporate environments you have a policy in place where you have to change passwords, admin accounts are no exception, if you fear that you will have to change all the RDP passwords that you have in your vault manually, you can rest assured that you wont have to. Secret Sever does that automatically for you. All the passwords are changed automatically and only person who has a right can see them.
5. Two factor Authentication
Two factor authentication is established infrastructure for increasing password security. Your password can be the most secure but if its known to attacker, he has not boundaries, he can access all the servers in your company. Two factor Authentication solves this problem. Secret server has support for many RADIUS services. But what if your company is tight on a budget and you would like to incorporate two factor authentication? Thycotic has a solution for you. By using email as two factor authentication, you will improve security and not spend a fortune on additional services. It’s a great way to hold on until your budget increases. Another scenario is when you have contractors who didn’t receive their fob yet and they need to access your systems urgently.
6. SSH proxy
You can limit access to SSH services via firewall and create only way to access SSH – through Secret Server. That way you not only get better security but you also gain logging of all the sessions. You gain visibility to configuration changes on devices.
7. Double lock
Double lock is additional layer of security. You can lock devices with additional private key, password that is know only to you or special team. With Double Lock access to objects has an additional security layer on top. Double lock is especially handy for Online implementations.
8. Mobile phone access
They provide mobile phone application.
9. Browser integration
You can integrate your browser with Secret server and when ever you have to fill out login credentials, you press on the button and credentials are populated automatically. All you have to do is to draw shortcut from Secret Server to your browser and voila. This could be done via extension, preferred, but unfortunately it’s not available yet. Maybe in the future.
10. Logging events
Events logging is very thorough, all events are logged and you can trace all the actions through events.
11. Single Sign on
Secret server supports open standard SAML which you can use for authentication. User is authenticated by Identity provider and won’t be prompted for Secret Server credentials.
Additional features that should not be left out
Some of the features that I think should be mentioned as well are:
– Compliance (SOX, PCI DSS, MASS Regulation 201 CMR17, Basel II)
– Integration (from AD,Cisco, SAP, Power Shell….Web services and the list goes on)
– Remote agent (DMZ vs External), if you have a server in DMZ, you can install remote agent which will be used to communicate with the server.
– Integration with ticketing system (When technician accesses password, he or she has to enter ticket number of the case, in that case you have a better Audit trail)
What about Pricing, Support and Documentation
Support is great, I have received prompt response from their technician who took time to explain. Documentation provided by Thycotic has a room for improvement. It’s not bad. While they cover all of the features and functionality I had couple of moments when I was looking for additional information but was left out only by a paragraph or two.
They provide 4 editions for On Premise installation
Express is $10, it’s basically free, $10 fee goes to Reading is Fundamental, a children’s literacy non-profit, a great gesture from great people. Express edition is limited with features but is a great starting point for smaller organisations who only started with password management.
Professional Edition is $3.896.68 for 10 users, support for one year is included
Enterprise and Enterprise Plus have individual pricing model, you have to contact Thycotic.
Online editions (Express – limited to 100 passwords ) starts with $10 for 10 users / month and a real thing $50 for 15 users / month
You should be aware that Online version lacks AD Authentication, Remote Password Changing, Manage Service Accounts, Custom Reports, Folder Synchronisation and Access to SQL Database.
Secret Server is a product for the big boys. Feature set is very extensive and you can cover all the needs for password management. While the product is not cheap it can cover very complex requirements for Password management.
You can find more informations on the product website