Being an administrator, I find it really easy and computer confident, and our experience with the product is really good.
Additionally, customizations are easy.
Download the Delinea Secret Server Buyer's Guide including reviews and more. Updated: October 2022
Secret Server is a fully-featured Privileged Access Management (PAM) solution available both on premise and in the cloud. It empowers security and IT ops teams to secure and manage all types of privileged accounts and offers the fastest time to value of any PAM solution.
Delinea Secret Server was previously known as Thycotic Secret Server.
Secure-24, University of San Diego, International Rescue Committee, San Francisco Ballet, Perkins Coie, University of San Diego, D.S.S. Limited, Turbo's Hoet, Eclipse Computing, Cathay Bank, Stellarise, J&R Consulting
Being an administrator, I find it really easy and computer confident, and our experience with the product is really good.
Additionally, customizations are easy.
There are some things that I know are really important to include like A/B version features that are available in Windows. I would say that they should be included in the road map.
I have been doing the POC on Thycotic for a few months.
I would say that this solution is stable.
Thycotic Secret Server is easy to implement.
I would recommend Thycotic. On a scale of one to ten, I would rate this product an 8.
I primarily use the solution for PRAM management, privileged access management, and other similar tasks as well. We submit credentials and replicate and post them directly behind the scenes. There's also some session monitoring and issue recording, etc. that we handle.
The session monitoring and session recording aspects of the solution are valuable to us. The fact that, as a support, you can actually monitor sessions on the fly is really helpful. A lot of sessions are live. Therefore, if anything happens within the session, there is an alert, and the security can terminate the session.
The fact that you can go back to any other session according to user or sequence, is quite useful. You can get a nice audit of the recording sessions. It's quite deep and quite useful.
Users are able to whitelist commands. It's very helpful.
The solution provides security for certain tasks as well. There's also regression on items like passwords.
The user interface is quite good. It's very straightforward.
The reporting is very powerful.
The solution is very good at improving based on customer feedback. If, for example, a customer asks for updated functionality, the next version will likely fit the requirements or requests. They're very responsive in that sense.
There could be tweaks here and there. For example, instead of going to one main function to do this and another main function to do that, the solution could remap the user interface so that a person only has to go through one function. The way that function branches off should make a bit more sense.
I'd like to see more automation on parts of the solution that cover APIs and disk space. There should be more automation in terms of what's out-of-the-box. It would help some customers as not all of them are knowledgable and well-skilled. It would make it easier for the layman.
I've been using the solution for one year.
The solution is pretty stable.
The solution is highly scalable. The architectural deployment is quite flexible. You can deploy it on multiple sites, you can do your load balancing, you can do your SQL storing, etc. It gives you various architectural deployment and flexibility options. It's very powerful.
We've been in touch with technical support in the past and they've been very helpful. We've been satisfied with their level of support.
We didn't previously use a different solution. This is my first foray into PRAM management and enterprise solutions.
The initial setup is pretty straightforward. We didn't find it to be overly complex in any way.
I did look at a few other companies and compared a few different features before choosing this solution. I looked at FireEye, BeyondTrust, and CyberArk.
I have a lot of hands-on experience with the solution and I present it to customers and do all the POCs for them.
I'd recommend the solution and advise others to look at cloud options, as most companies are moving to the cloud anyway right now. It's flexible, so users can deploy it both on-prem or on the cloud. There are lots of great custom features and network monitoring capabilities.
You can also patch the privileged behavior and it will, on the fly, give you nice digital printouts with privileged behavior also. If your system admin or one of your admins suddenly acts strangely, even at 2 AM on a Sunday, it will flag that because that's not normal behavior. That's due to the fact it has a lot of powerful machine learning built into the solution as well.
The endpoint application control of the privileged manager is powerful because of the authorizations, etc. The privileged manager can ensure that you actually are able to manage everything very well - everything from user privileges to admin. You can even escalate items easily.
I'd rate it nine out of ten, just because there's always room for improvement. However, for my purposes, it's a fantastic solution.
We are a system integrator and this is one of the solutions that we implement for our clients.
It is used for privileged access management for networks, servers, applications, databases, and more.
The most valuable feature is session monitoring.
The Password Changer is a useful feature.
The reporting functionality is good.
They need to open a data center in Malaysia so that we can better provide cloud-based services to our customers.
I would like to see more training sessions made available online.
Having more detailed reporting would improve this solution.
We have been working with Thycotic Secret Server for less than one year.
We have had issues with stability in the past, although technical support has always been able to help us to fix them. This type of solution is used on a daily basis.
It is easy to scale. Our clients are generally medium-sized companies.
Technical support is good. There is always somebody available to assist us with issues.
Some of our clients have switched to Thycotic because of the cost.
The initial setup is relatively simple. It can be installed in one day, although for the configuration it may take a few days.
Normally, we do the installation of this solution for our clients. One to two people is sufficient for handling the deployment.
The price of this solution is good.
My advice to anybody who is considering this solution is to first understand their requirements and then define the scope before implementing it. The reason is that once deployed, there is a lot of integration into the existing environment.
This is a product that I would recommend.
I would rate this solution a seven out of ten.
I'm a director/engineer and we partnered with the company. Our primary use case was for a project that we followed from an administrator point of view, not the end-user point of view. My responsibility was to manage the migration-related to the project, installing and configuring the infrastructure, creating policies and so on. Technically speaking, it was at a high level. All of my clients are enterprise companies.
The most valuable aspects were its ease of use because the software is monolithic, so you only have to install the web services and then there's a database, so it's very easy to use and to configure. There are no further modules so installation is simple as is configuration. There are a lot of features out of the box. That was an interesting aspect.
I think the services could be improved by making it more 'friendly.' Documentation could be improved if they were to include more about connectors. Technically speaking, and in comparison to other software such as CyberArk, the documentation was not enough. CyberArk has extensive documentation and I believe Thycotic doesn't have enough.
The same applies for additional features - improved documentation in the next release would be helpful.
I've used the product for five months.
It's a very stable solution.
It's very easy to scale the solution because it's a web server. If you want to install more than one server then you just have to add the additional server to the database. So it's very, very easy.
Technical support is fine but as I said, it could be a little more friendly.
There is a lot of risk management software around. I decided to switch to Thycotic, first of all, because we were starting a new project and it was a challenge for me and a new software I wanted to try. That was the main reason for the move.
Being a web server, the initial setup is very straightforward and easy to understand. It's one of the differences between Thycotic and CyberArk. CyberArk requires some study, it's a modular solution.
I'm a technicial person so I don't know about setup costs.
In general, I would recommend the product. It's very good and is cheaper than CyberArk. It's something that a team leader or project manager would take into consideration because even the cost of the license is something to keep in mind when planning a project. It really depends on the company's requirements.
This solution provides us with increased security when working with privileged accounts. It has well-arranged and detailed logging of privileged accounts. It offers the possibility of secure administration of hardware devices, as well as Linux systems administration from a Windows environment.
This solution has increased security when working with privileged accounts and automates changes to their passwords.
Detailed logging of privileged account activity.
The features that we have found the most valuable are:
I would like to see the shadowing of ongoing terminal sessions (Remote Desktop Mirroring).
Recording of keyboards in the current Remote Desktop session would be a helpful feature.
It's a password vault.
We use it to search for service accounts across the network. It has significantly helped with staff productivity because it's a less manual process now.
Our security program is about two years old so we're relatively immature, but this was a tremendous step towards being able to securely store passwords.
The most valuable feature of this solution is the random changing of passwords.
We could definitely use some help with API tokenization. If we had a way to store tokens that would be fabulous.
The stability is pretty good, we like it.
The scalability is pretty good.
We haven't used technical support.
We didn't use anything previously, we just knew we needed a vault. We went with Thycotic based on ease of use and we thought their feature set was a little more robust.
I don't remember the initial setup being very complex.
We used a consultant for the deployment, Alcom. Our experience with them was positive.
It isn't terribly expensive.
CyberArk was on our shortlist.
Just get it. It works well.
I would rate this solution at nine out of ten. It does everything we knew it would, but it would be nice if they added some additional features.
We use it for managing secrets and distributing them to our users.
It reduces the risk of secrets being stored in insecure locations, and enables us to share, control, and rotate the secrets. It has also helped to increase staff productivity. It has saved a few man-hours per employee per month.
In terms of security maturity for our organization, it definitely helps with the overall secrets-management aspect. Before, the secrets were not managed online or in a central place. Governance was hard. It has matured the security program in that way.
One of the things that we want is to be able to do some of the management of it using APIs.
Also, their release schedule is slower than I would like. A better release cadence, more frequent releases, would be better, even if they were smaller.
It's been pretty stable. It has never failed.
The scalability is okay, for what the solution does.
I have only used technical support once and it wasn't bad. It was slower than I wanted, but I don't think it was bad.
We used a version that was offline but we wanted something that is centrally managed. That was the reason for the switch, if I remember correctly. There is a need, in general, for organizations to have a solution like this and we chose this vendor.
I don't know how much it costs but, generally, there has been good return on what we wanted to do.
I don't remember specific ones off top of my head, but there were definitely other vendors on the shortlist.
The biggest challenge with this solution is the usability. You should have your end customers try out different things, find out which product they prefer, and pick that.
I would rate the product at seven out of ten. The usability is very bad which makes it difficult for end-users to use. They complain about putting secrets in it.
Our primary use case is for password management.
Before this solution, people had their own passwords stored in different areas and when something was needed we could not find the right person that had the right password, which meant quite a lot in migrations scenarios. With this solution, everyone knew what tools to use and where to put the password and who gives access to that password and then we could have reports on who has access to different passwords so that we could do audits.
The ability to give some groups access to different kinds of databases with the storage of a password is the most valuable feature.
I don't know what kind of a cryptographic it uses to encrypt the password but it should be one of the stronger ones. Some of the cryptos have been accessed by hackers. The encryption algorithm that they use is weak and could be hacked.
The scalability is pretty good. It was always accessible.
It was pretty scalable.
I would rate it a nine out of ten. It provides most of the features we need. I like the way that you could easily administer who would get access to what kind of a database.
We previously had a very lax password policy, and passwords were stored in Excel spreadsheets. Passwords were often not documented, or the documented password was not updated if changed. We now have a much stricter, safer password policy. Secret Server has improved security, productivity and helped achieve a much higher state of compliance.
Session recording could offer more control and block certain actions or commands.
I have experience of other products that focus on session recording, so I’m aware of what advanced functionality can be achieved.
Specifically, I’m referring to:
* blacklisting and/or whitelisting certain commands
* OCR capabilities
Now I know these aren’t currently supported, but they may be available in future releases.
We have used this solution for more than three years.
Very occasionally indexes won’t contain all the search results expected.
We have not encountered any scalability issues as this is a highly scalable product.
Technical support is good. Online and offline documentation is clear and well written. Support technicians are punctual and friendly.
I have worked with customers of other solutions. They found it hard to separate accounts assigned to the same asset for different teams. For example, a server has SQL and database accounts. These credentials would all be visible to anyone with access to the server asset which isn’t a desirable situation. DBA has access to a local administrator account. Server admin has access to the payroll DB account!
Based entirely on the Microsoft stack (IIS, MS-SQL), installation is quick and easy.
Pricing is very flexible. Download the free trial version. You can downgrade to the free version (it’s free for life!) or pay for the exact feature set you require.
We evaluated LastPass Enterprise, RoboForm, Password Manager Pro, Kaspersky Password Manager and CyberArk.
I’d recommend you engage a reseller to discuss your requirements, and download the free trial version.
Password checkout and the ability to change a password after checkin are the most valuable features.
I would like to be able to create service accounts and set generated AD passwords from the web interface.
I have used it for 3+ years.
I have not encountered any deployment issues.
I have not encountered any stability issues.
I have not encountered any scalability issues. I was able to deploy over multiple domains.
Customer service is 10/10.Technical Support:
Technical support is 10/10.
We did not previously use a different solution.
The more features you add, the more complicated you can make it. Basic password storage deployment is straightforward.
It was an in-house implementation.
Before choosing this product, we did not evaluate other options.
I have been a proud Thycotic Secret Server customer since 2008. Back in those days, my organization used Secret Server as a secure vault to store all of our highly privileged accounts and their passwords. I manage our Secret Server environment, and over the years we have heavily utilized this product across our entire University to harden our security posture and meet compliance requirements. Secret Server has helped us eliminate many of the manual processes that we performed regarding password changing and rotation, as well as the data we stored in Microsoft Excel. We love the fact that the product discovers privileged accounts across our infrastructure so that we can securely store and manage them appropriately, as well as rotate their passwords to meet our password policy requirements. We are a large Active Directory shop and Secret Server integrates with Active Directory very easily. The folder structure that you are able to build within Secret Server to setup permissions for other departments can mirror your internal Activity environment, providing a secure approach to password management. The auditing capabilities that Secret Server offers has allowed me to quickly respond to possible malicious activity, which has saved me countless hours over the course of time. The built-in reports are very useful and can be customized to meet your organization’s reporting needs. The service account discovery and management feature of Secret Server has played a pivotal role in helping us secure other departments’ servers within our infrastructure. Secret Server is easy to set up and use, and I have trained many departments on how to utilize Secret Server to help meet their needs. Thycotic is continually providing upgrades with new features that can be seamlessly utilized immediately within an organization. Their customer support is top notch, along with all of their other employees with whom I have interacted over the years. I highly recommend this company and their product!
Improvements: Our Linux/Unix team was hoping that the new SSH Key Rotation feature in the 10.1 release would be included in our Enterprise licensing, but it's not. Thycotic's newer pricing model allows these features to be purchased a la carte style. Sometimes it gets challenging to justify additional expenditures to upper management, although their pricing is very competitive compared to other PAM solutions.
Referring to Secret Server v10, we want the ability to add subfolders to the "\Personal Folders" container. We had to rename it to "\Personal Secrets" to avoid confusion. Otherwise, you can create as many top-level folders and subfolders as you like. A minor annoyance for an otherwise awesome product.
I have used it for 2+ years.
No issues during deployment: Get your SQL cluster deployed, check your prerequisites, run the installer. Log in and start configuring. That was really it.
We have not encountered any stability issues; been rock solid since production deployment.
We have not encountered any scalability issues. Performance issues with a few hundred users and thousands of secrets has been negligible; running on hardware.
Customer service is excellent. Customer relations and tech support have both been quick to respond and knowledgeable.Technical Support:
I rate technical support 8/10. There's always room for improvement when it comes to tech support, but compared to other big name companies, Thycotic tech support stands out among the top.
We had another product before switching. Secret Server crushed the old solution.
Initial setup was very straightforward compared to the competition.
We implemented it ourselves; it was pretty straightforward.
Look at their edition/feature comparison chart and decide which version suits you best. Note that clustering requires the Enterprise Plus edition. You're also allowed to install a lab and QA environment with your license which will help with pre-prod testing.
Before choosing, we looked at other vendors such as LastPass, 1Password, CyberArk, PasswordManager, PasswordState, BeyondTrust, Quest, CA, etc. In the end, the cost, features, and ease of deployment simply beat the competition.
An enterprise-class PAM system will always have complexities to deal with. However, some competitive products literally require a professional services engineer to come onsite if you want it done properly. Secret Server was comparatively easy to setup and get running on our own.
Thycotic Secret Server is an excellent product; we're very happy with it!