Delinea Secret Server Reviews

My main use cases for Delinea Secret Server revolve around implementing it for our Privileged Access Management, specifically for our privileged access accounts, privileged accounts such as service accounts, admin accounts, and all these things.

The features of Delinea Secret Server that I find most useful and effective include using the discovery feature for discovering many types of accounts in our organization which are unmanaged, making the items manageable throughout the organization.

I am using the access auditing feature, and I am also making use of storing in the shared folder. The access auditing feature helps me in terms of compliance; if there are any issues related to who accessed a particular account a long time ago for maintaining compliance, I use the access audit tool as well.

Role-based access is beneficial in Secret Server as role-based access management is critical in security systems. We are implementing the zero-trust model as well as least privilege access, and what happens is, whenever there is least privileged access, there is less proneness to the theft of credentials. Nobody has much opportunity to steal the credentials or hack the systems with the help of credentials. I make use of role-based access management in Delinea Secret Server for holding my credentials in a safe and secure way.

The biggest benefit of Delinea Secret Server would be the remote password change and discovery, which are a major help for the management of the accounts.

I have not faced any significant issues with Delinea Secret Server during this period of time, but we had a problem with a web password filler, which is a template used for accessing a web URL using Secret Server, where we faced some session management issues since session management is not applicable for the web password filler. This should be the improvement that we require from Delinea Secret Server.

The session management is not applicable in this case; we can manage the session and have session management inside the remote systems within the organization. However, when it comes to web-related access, we can access directly through Delinea Secret Server. We can access any URL through Secret Server, but the problem is that the session cannot be managed on the web URL due to it having multiple systems.

I do not have any other recommendations regarding the improvement of Delinea Secret Server at this time.

I have been working with Delinea Secret Server for four years.

We normally record the sessions and do not face any drawbacks; we do not have any issues regarding stability.

Delinea Secret Server is scalable and easy to scale.

I have contacted Delinea support for an issue where Secret Server logs off when the IP address is not secure, and I received a great response from the service. I would rate the support a 10.

Positive

I have not worked with any other tools on PAM before Delinea or simultaneously.

My company has not seen ROI or return on investment with Delinea Secret Server, but it is a good tool that we can use to manage our systems.

I think the price for Secret Server is reasonable.

We manage the passwords through remote password change, which is the automatic password change, and we are very familiar with this remote password change for applying it to many of the accounts in our organization. It has helped us in maintaining the overall security throughout the organization.

We make use of a 90-day report for users who have not logged in for 90 days in order to manage the accounts and save our licenses, and with that, we recheck the licenses. If they did not access for 90 days, we revoke their access from Secret Server; we manage accounts through this report as well.

I can give Secret Server's password management feature an eight out of 10 in supporting security protocols.

I recommend that those considering Delinea Secret Server go with it because for companies with moderate strength, between 5,000 and 10,000 employees, it is suitable for small enterprises. I have worked for small enterprises, so I can say that you can definitely go with Delinea Secret Server.

Overall, I would rate Delinea Secret Server an 8 out of 10; it's a good product that we can use.

Public Cloud

Microsoft Azure

I am using Delinea Secret Server for privileged access management.

We use the automated password rotation feature in Delinea Secret Server.

The best advantages of Delinea Secret Server are that it is easy to set up, it is integrated with the Windows system, and it has a customize feature for the scripting feature.

The customization and scripting features are good, and it offers web-based access.

It is helpful; we use it to rotate the password on a schedule base, and after a user checks out, it triggers another RPC remote change.

Session monitoring capabilities help to improve compliance and reduce security incidents.

The preset report in Delinea Secret Server would be sufficient for compliance and governance.

The benefits and positive impacts I have seen from Delinea Secret Server on my company include having centralized secret management, log monitoring, an audit log on the command execution on the system, and it has programmable API customization.

One pain point is that it requires Windows Server to run Secret Server. I am not sure if it has the container version already.

It should be more lightweight and containerized because nowadays when we deploy on the cloud, it should be containerized and able to run native support on Linux, on Kubernetes.

The main concern is that Delinea Secret Server is not suitable for modern technology.

I have used Delinea Secret Server at my past company for almost 10 years.

Delinea Secret Server is stable.

Because it is a Windows system on a VM base, Delinea Secret Server is suitable to scale up, but for scaling out, it is still a manual process to scale the system.

Technical support from Delinea is good. I used the professional service at the beginning, and so far, there have been no more requests to the support.

Positive

The main difference between Delinea and CyberArk is pricing; Delinea is cheaper, but I also see some technical differences. The technical difference is that it is an easier deployment—CyberArk requires a lot of components to set up. It is traditional technology.

I see ROI in Delinea Secret Server because it saves time for managing this password, and also the cost is very flexible. It has an admin user and a normal business user that can use this solution.

I am not sure how to calculate the ROI, but I think for this, I bought it for about three years, and it is only 10% of another platform. If I were to go for CyberArk, it would cost a lot more.

Delinea Secret Server has a reasonable price; it is cheaper than another product CyberArk, and I think that Secret Server is affordable. It is affordable and has advanced features compared to another top-tier product.

Secret Server is acceptable, but now it should be something more modern that is suitable for a cloud-native environment.

On a scale of 1-10, I rate Delinea Secret Server a 9.

On-premises

Other

Our customers who require an active-active mode, rather than active-passive, tend to go for Delinea Secret Server.

After working on several PAM solutions, I've noticed that Delinea Secret Server doesn't offer any exceptional features; most solutions have similar capabilities such as automatic password rotation, activity log monitoring, and activity log auditing.

Whenever an update is applied to Secret Server, it requires downtime. Most of the time, the solution tends to fail, necessitating the need to pull data from backup servers. This is quite annoying and is an area where improvements are needed.

I have been using Delinea Secret Server for about one year.

The stability is less than ideal since it updates to our console can take around six to ten hours. As a development partner, this is frustrating and leads me to recommend other solutions like BeyondTrust that don't require as much time for updates.

I would rate the scalability of Delinea Secret Server as seven on a scale of one to ten.

I would rate customer service and support from Delinea at four out of ten. When I faced issues integrating custom applications with Delinea Secret Server, the support from their deployment partner was inadequate. They were expensive and didn't guide me properly to resolve the issue.

Neutral

The initial setup of Delinea Secret Server is straightforward and easy for development purposes.

We have not seen a return on investment since this is a more expensive solution compared to others.

The price of Delinea Secret Server is okay, however, the solution is considered expensive when compared to others.

I generally recommend other solutions like BeyondTrust.

Overall, I would rate Delinea Secret Server as six out of ten. As a senior cybersecurity engineer, I prioritize solutions that don't require excessive update times and provide reliable stability.

On-premises

We've used it for auto-discovery, and password management on mainframes, networks, applications, and firewalls. We've also used it for password rotation.

We use it for credential management, including rotation for both human and non-human accounts, as well as session monitoring.

Delinea Secret Server supports our remote access needs.

For remote access needs, we have implemented MFA (Multi-Factor Authentication) and SSO (Single Sign-On) across various applications. We use third-party tools like Ping and SailPoint to integrate with the PAM tools.

Moreover, password rotation has been effective in our environment. We weren't rotating many application passwords before, but an audit from the OCC (Office of the Comptroller of the Currency) triggered a change. 

We now rotate all non-human accounts except for Active Directory and local accounts. It's a best practice, so we set a 30-day rotation for some applications like mainframes and applications that support direct password changes. For others, we set it to 8 hours.

Initially, the application teams struggled to adapt to the PAM culture. It's an organizational-wide change, so it took some time. We guided the application owners and platform teams on setting password rotation policies and initial password guidelines. 

This helped minimize the impact of breaches, especially in Linux and Windows environments. We also have continuous monitoring with Splunk. We integrated the Delinea Secret Server logs into Splunk for centralized log management.

The "App to App" feature has been most impactful. It allows secure communication between applications without requiring direct user access, which is crucial for several applications. 

Additionally, working in the finance department, we are heavily focused on enhancing audit reporting and compliance. So, the GRC (Governance, Risk & Compliance) capabilities of Delinea Secret Server have also been crucial for us.

We implemented a custom reporting system that can automatically send reports to auditors daily, weekly, or according to your organization's needs. We also upgraded the audit role within Secret Server, allowing auditors to access and analyze the reports directly. 

Additionally, Secret Server provides comprehensive logging capabilities. Auditors can see what data users access, their access levels, and their activities, including check-in and check-out times.

Furthermore, Secret Server helped us manage privileged, elevated access, which we call "K2K." As the lead for this project, I could identify users with the highest access levels and implement specific policies to monitor their activity on servers.

In many PAM tools, when users request a password checkout, they need to provide justification. However, in my experience across four organizations, nobody actually reads the justifications. Users can simply type anything and get the password. This becomes a risk and compliance issue. 

There needs to be continuous improvement in this area, focusing on problem identification and mitigation strategies.

I've been working with Thycotic Secret Server since 2018. My experience with Delinea Secret Server specifically started around the end of 2022, which is when our organization purchased it.

I would rate the stability a nine out of ten. It is a stable product. 

I would rate the scalability an eight out of ten. We have 300 applications. And they're spread across various platforms, including many high-risk and complex ones. Over 200 of them are SOX applications, which require high-security compliance.

We have close to 10,000 users currently using the product. We do plan to increase the further usage and shift to the cloud. 

Delinea's technical support was excellent. They responded to our tickets on the same day and provided access to their portal for direct communication. Even after our support contract ended, they responded within three days. Compared to other PAM solutions, I'd rate them a nine out of ten.

I have more experience with IAM and PAM. I've worked with products like SailPoint, and Ping Identity. In the PAM space, I've used CyberArk, Broadcom, Accellion, and Thycotic Secret Server (now Delinea Secret Server).

One major difference is that CyberArk has several separate modules, while Delinea offers a more unified experience with integrated features like auto-discovery for secret keys and API keys. 

CyberArk requires additional integration with other applications to achieve these functionalities. Similarly, based on my knowledge, other tools may also require integrations. 

Since Delinea (formerly Thycotic) is a relatively newer solution, it comes with pre-built components and focuses on continuous improvement. In contrast, older vendors might lack some built-in features. 

Additionally, Delinea allows us to create custom rules and manage all access (Unix, Linux, Windows) for password management within the same platform. However, with CyberArk, managing passwords might require opening additional ports.

Another key difference is privileged account discovery management. In Delinea, we can directly access the admin console to discover accounts. With CyberArk, this might involve integrating with additional tools. These are just some of the differences, and there might be others.

I would rate my experience with the initial setup an eight out of ten. The Delinea team was very helpful.

The initial deployment in the test phase took around three to four weeks.

For ongoing maintenance, after all applications were migrated to Delinea, only five people are needed to support it. That's for around 300 applications.

So, we have a team of five people for maintenance that includes one architect, one lead, and three analysts.

We took assistance from the Delinea vendors.

We already had a CentOS environment, which offered us a discount when migrating to Delinea (formerly Thycotic). Most accounts were simply migrated from one system to another. 

Only accounts outside the platform needed direct migration to Delinea, which took some time. We prioritized SOX applications due to their higher-risk compliance requirements. 

Overall, the process wasn't too difficult, as we had vendor documentation to guide us.

The migration process begins by having a server dedicated to storing all the data. From there, we access the configuration administrative menu. If the data contains secrets, we need to decrypt them and use specific APIs to import them into Delinea Secret Server. 

We use a master account, also known as the "Server account," to facilitate this. Then, we set up folders within Delinea Secret Server, which they might call "parts" or something similar. There might be some naming differences, but the overall process is the same. 

Finally, we configure the Delinea Secret Server, and provide account information, and users can then log in and directly feed data into it.

The vendor primarily assisted us. We did have around ten people internally who helped with the process.

There were two architects involved. The remaining group consisted of one lead, two lead security analysts, and several security analysts.

If you are planning it to use for more than five years, then it is worth it. 

I would rate the pricing a six out of ten, with ten being a high price. 

There are additional costs if you want to move to cloud. 

We previously used Centrify, which is now part of Delinea. We conducted technology assessments and spoke with various vendors like CyberArk, BeyondTrust, and One Identity. Ultimately, our management decided to go with Delinea for two main reasons.

Firstly, budget played a significant role. Secondly, from a technical standpoint, since we were already using Centrify, Delinea offered a clear and step-by-step migration process with ongoing support. This impressed our leadership team.

Overall, I would rate the solution an eight out of ten. 

Delinea offers several deployment options beyond the cloud-based solution. They have CAM and PaaS. 

CAM focuses on Identity and Access Management (IAM) features like Active Directory Bridging. This allows users, for example, a Linux or Unix administrator with access to 10,000 servers, to access all servers using a single ID and password. This is achieved by Centrify, one of the products under the Delinea umbrella. Other PAM solutions might not have this functionality. 

Additionally, Delinea offers "PAMSight" for PaaS, which integrates with Delinea Secret Server. So, if an organization aims for a combined solution, Delinea can potentially save them money.

However, I would recommend Delinea Secret Server for mid to large-scale organizations, not necessarily for smaller ones. Organizations with less than 5,000 employees likely wouldn't benefit from extensive single sign-on features. They might be better served by simpler IAM tools like Ping or SailPoint.

My clients, who are mostly North American clients like SpartanNash and CFI, use Delinea Secret Server for maintaining privileged passwords for their service accounts. Delinea also includes privileged session monitoring and keystroke logging, which is similar to CyberArk.

People are moving towards Delinea Secret Server to store their passwords due to its cheaper cost compared to CyberArk. It provides session monitoring and keystroke logging, which help in maintaining security.

Delinea Secret Server offers features similar to CyberArk and BeyondTrust, such as maintaining and securing privileged passwords and session monitoring. The cost-effectiveness of the solution is a significant benefit.

Delinea Secret Server can improve in areas like statistics and notifications, and risk scoring, especially for highly privileged accounts where financial transactions occur. Additionally, complex management features similar to BeyondTrust's PMUL for Unix and Linux might be an area for improvement.

I have been working with Delinea Secret Server for more than two years.

Delinea Secret Server is very stable. I would rate it a ten out of ten for stability.

I rate the scalability of Delinea Secret Server at 9.7 out of ten. It's suitable for large enterprises that understand the importance of privileged access management.

While Delinea technical support is quite good, I am giving them a 9.7 instead of a ten due to the time it takes for processes to complete.

Positive

I have worked with CyberArk and BeyondTrust before. CyberArk remains my preferred solution due to its functionality.

The initial setup process for Delinea Secret Server is straightforward and not complex.

Delinea Secret Server is medium-priced. I would rate it at 60%, or three out of five.

CyberArk and BeyondTrust are the main competitors for Delinea Secret Server.

I would recommend Delinea Secret Server to other users. I'd rate the solution nine out of ten.

On-premises

With the rise of remote work, Privileged Access Management (PAM) solutions have become essential for organizations to effectively control and secure access to critical systems and data.
PAM solutions help ensure that employees working outside the corporate network can only access resources they are authorized to use, reducing the risk of credential theft, unauthorized access, and potential system intrusions. By enforcing granular access controls, session monitoring, and real-time threat detection, PAM plays a vital role in safeguarding sensitive environments against evolving cyber threats in distributed work settings.

Credentials Vault & Password Manager - Centralized, encrypted storage and automated password management reduce human error and improve security hygiene.

Discovery & Inventory - Automatically identifying privileged accounts helps organizations maintain visibility and control over access points.

Access Control & MFA - These features ensure only authorized users can access sensitive credentials, reducing insider threats and external breaches.

Auditing, Reporting & Compliance - Enables forensic analysis, compliance with regulations, and visibility into privileged activity.

Certain features like the Remote Access Service (RAS) Engine and syncing with directory services may still have bugs or limitations, especially in newer platform versions.

I have been dealing with Delinea Secret Server for more than two years.

Delinea Secret Server can be considered as a stable and reliable for most enterprise use cases, especially in vaulting and privileged access management. However, like any complex PAM solution, it has occasional performance hiccups and integration challenges that should be monitored, especially in cloud environments.

Responsive, knowledgeable, and professional

Positive

Private Cloud

Microsoft Azure

We use the solution to store the password for critical server applications.

Our customer wanted a tool which can fulfill their requirements on a low budget. Delinea Secret Server is a cost-effective solution.

When Delinea upgrades the tool, it rejects our password, saying that it is not compliant and strong. Earlier, we used ten-character passwords which were strong and compliant. It is very difficult to change the password.

If we use a service account, most people are unsure where we use those accounts. If we reset the password to make it compliant, we are not sure what the impact will be. Either it should sync with the application automatically, or it has to inform us so that we can easily track and make it compliant with a strong password. This is the only feature that needs to be improved.

We use a mobile authenticator. Whenever we reset the account of a user who lost his password, it asks for a recovery code or key. When we generate it for the first time, it provides the recovery key. We have to save that key to reset it. If we do not save it, the end user cannot automatically change it.

He has to raise a ticket for the administrator, and the administrator has to reset it from the console side. It has to be made simple so that the end user can easily change his recovery key.

I have been using Delinea Secret Server for the last three months.

I rate the solution’s stability a nine out of ten.

Delinea Secret Server is mainly suitable for medium and large companies.

I rate the solution’s scalability a nine out of ten.

The solution's initial setup is very simple. Recently, I upgraded the tool from 11.2 to 11.7. It's very simple to configure and upgrade the solution.

I would recommend the solution to other users because it is easy, and the console is very comfortable.

Overall, I rate the solution an eight out of ten.

Hybrid Cloud

I need to look at using their tool's true multi-tenancy capability to cater to multiple customers within a single platform architecture without compromising security. Information security is key, and an MSP model's objective is to have a privileged access management solution.

Secret Server is called a secret server for a reason. You can create multiple secret servers underneath the parent for every secret server. Every "parent" will be considered as one customer, secret server #1, secret server #2, etc. Under every secret server, you can create multiple secret servers. Those secrets will belong to customers A, B, and C, respectively. If I want to access a customer's Windows environment under a secret server, I will create a secret group called "Windows." This group will be onboarded with customer A's Windows environments within their secret server. We have a logically separated environment as an MSP model.

The privileged access management module is the most reliable feature, along with the password manager.

The integration with the ticketing system ServiceNow is complex. That can be enabled with an API-based out-of-the-box consumption. We have customized it, and the features cannot be used without customization. Ideally, there should be a direct mapping between our ticketing system to Delinea instead of having to do custom development.

I have been working with Delinea Secret Server for almost a year, and I'm the platform's chief architect, responsible for leveraging Delinea for a managed service provider model.

Every update goes through rigorous testing and gets updated into SaaS periodically, and they are also patching in the backend without even impacting the services. I rate the solution's stability a ten out of ten. We have not seen any downtime so far.

We have not seen any scalability issues so far because they are managing a 30 or 15-K environment within a single instance of Secret Server, so it is horizontally and vertically auto-scalable based on the volume you're bringing in. Since it is Saas, we don't worry about the infra. I rate the solution's scalability a nine out of ten.

Though I consume SaaS with platinum support, the support is not too great. By the time they resolve an issue or get into details on what to resolve, I might have resolved the issue already.

Neutral

The initial setup is seamless. I have not seen any environments or services like ServiceNow, for example, get impacted. Delinea is one of these services where you can spin up the environment within five to three minutes, and your environment is ready for consumption.

After enablement, your environment is ready for consumption in five minutes, but we have to onboard, customize, and use cases, so deploying the solution takes at least two weeks. We have integrated Delinea Secret Server with Azure AD on the MFA authentication front and Delinea with ServiceNow. All these customizations took very long. It will take two to three weeks to complete with a dedicated effort.

Delinea has a distributed engine deployed on the customer's premises, communicating securely over a CTP protocol. Every customer communication will be enabled to secret servers through this distributed engine or a remote access solution engine. Without this deployed on the customer's premises, access to the customer enrollment will not work seamlessly, or it might not be available.

We expect the solution API-based, but even if it's API-based, it will go through custom scripts.

A key highlight is that Delinea is nothing but Thycotic and Centrify combined as a ready-to-market adoption. Delinea is ISO 2700 and CSA Star certified.

If you want a ready-to-market adoption with security and compliance in place, you are good to go with Delinea. And any customization for ticketing integration needs a detailed working session with a professional servicer. I rate Delinea Secret Server a nine out of ten.

Public Cloud

It provides holistic Secret management for PAM solutions. We can have control over our network secrets and be sure that access to your critical servers isn't gained haphazardly by anyone on your network. It also helps with compliance with security standards for privileged devices. It offers a safer, more secure environment for reporting and implementation of secrets. When it comes to managing critical servers and sandboxes, like Ascentia access, you can easily manage them and put proper identity governance across all of them. This applies to both internal and external users, including third-party vendors.

It's a good, very good, superb even product, but the challenge for me with Delinea is that I may not be able to pitch it to an account with a low budget for PAM. Delinea is a good technical solution, but those with experience, especially in Thycotic, will find it easy to use Delinea.

I've known Delinea for about two or three years now. I've had personal interactions with stakeholders in the organization, both at the sales and technical levels.

It is a stable solution.

It is a scalable solution.

I'm familiar with three main PAM solutions: Delinea, BeyondTrust, and WALLIX. I had the opportunity to work with them last year. However, the issue with Delinea is the cost. It's quite expensive compared to the others. And that's all. So, the pricing could be improved.

It's not difficult to set up. It should be able to be done within two days without any issues. It's a very large enterprise solution, so the exact setup time will depend on the company and the environment where it's being installed. But it shouldn't take more than two to three days at most.

Delinea has a good technical team that can handle deployment and maintenance. They also have well-trained partners who can do it. So deployment and maintenance are not an issue at all.

It's very expensive. In the Nigerian market, the adoption of Delinea depends largely on an organization's budget. If they have the financial capacity, they might consider Delinea as a viable option.

Delinea Secret Server is a top-notch solution. The only reason some organizations don't go for it is because of the cost. It's priced in dollars, and with the foreign exchange rate in Nigeria, it becomes very expensive. If an organization sees a solution that works just as well at a lower cost, they'll likely go with the more affordable option.

The licensing costs are on a yearly basis.

Delinea is good, and I would recommend it to financial organizations or those in similar industries. It really depends on their budget. If they have a larger budget, then Delinea is worth considering. Moreover, I would suggest that you just need to be familiar with the solution. It's a bit technical, so you need to know your way around it. If you're familiar with it, it'll be easier for them to integrate it. It's a very good solution, especially for the financial industry, but if you're not familiar with it, you might find it difficult. That's just my take on it. Overall, I would rate the solution an eight out of ten.

Hybrid Cloud

We use the solution to control privileged accounts in our organization. We use it to discover and track privileged account usage and to ensure accountability. For example, we can use Delinea Secret Server to see who registers accounts and when.

The valuable features are remote password changing, session recording, and integrations with other tools. Delinea Secret Server is fine and easy to use, especially compared to other solutions.

There's room for improvement regarding user interface and new functionality.

I have been using Delinea Secret Server since 2017. We are using the latest version of the solution.

I haven’t had any issues with stability.

I rate the solution’s stability a nine out of ten.

The solution scales both vertically and horizontally well. We have a couple of hundred users using the solution.

I rate the solution’s scalability an eight out of ten.

The initial setup is super easy. It takes a couple of hours to deploy the solution completely.
I rate the initial setup a nine out of ten, where one is difficult, and ten is easy.

I rate the product’s pricing a six out of ten, where one is cheap and ten is expensive.

Delinea Secret Server is a stable product with quick deployment. It delivers value when it's on. I would recommend it for PAM.

Overall, I rate the solution an eight out of ten.

On-premises