Secret Server (originally from Thycotic, now from Delinea since the 2021 Thycotic merger with Centrify) is an enterprise password management application, which is available with either a cloud-based or on-premise deployment which emphasizes fast deployment, scalability, and simplicity.
N/A
Microsoft Entra ID
Score 8.7 out of 10
N/A
Microsoft Entra ID (formerly Microsoft Azure Active Directory or Azure AD) is a cloud-based identity and access management (IAM) solution supporting restricted access to applications with Azure Multi-Factor Authentication (MFA) built-in, single sign-on (SSO), B2B collaboration controls, self-service password, and integration with Microsoft productivity and cloud storage (Office 365, OneDrive, etc) as well as 3rd party services.
Great for managing access to secrets and servers and is more secure than storing passwords in a browser. The browser plugin to autofill passwords works well. Being able to schedule access ahead of time is a big plus for me as I can be forgetful. If you want a lightweight password vault, however, it may not be the best choice.
For one, a significant factor for us is that it is integrated with HelloID, which gives us, as the IT department, a lot of time back because we don’t need to create user accounts manually. It is great for the roles we have defined, as they can be used repeatedly. A great feature is that guest accounts can be created for external users; we only need to be in a closed area of your domain.
It addresses the issue of identity management very well with respect to putting in that multi authentication.
It can also support with respect to we can push these policies into another product that is not Microsoft, but it needs that SSO so we can have one account going into multi different accounts. I think that's the biggest pros and the easy use of Microsoft 365 also is one of those pros also in terms of administration.
The sharing functionality NEEDS improvement. We share most passwords at a group level, but then it becomes impossible to share them with a dynamic group and one or two one-off people as well. This is a major shortcoming.
I don't love the interface. I feel like there is an attempt at a dashboard, but it is really not effective.
I've heard, but never seen, that the software can actually change passwords in the target systems. If this is part of its deliverable, I do not know how to use it, and I don't know how you would do that. Seems like a great feature for password management.
Well, I'm an active ad admin, so there's a lot of features in active directory that Entra ID seems to be just adding now. We're kind of figuring out that the policies are different than Entra ID that they were in active directory and we're finding other products to do that, like Azure policy. Some things I'm used to seeing in identity products or like active directory aren't in Entra iID, but are doing good job of managing stuff that it does so far.
Entra ID is a vital part of our Identity management/administration. With the integrations it has to other Microsoft products, setup and configuration is a breeze. Additionally, Microsoft has been around a long time and have the resources to ensure this product is stable and secure for many years to come. We know it will evolve with time to provide us what we need as technology changes.
My rating is purely based on the configurational activities, as feature-wise delineation has all the features that are very beneficial for customers, though the implementation is a bit more manual work, which can be reduced with a low-code platform. Along with that, we can have a better UI to have intuitiveness and can manage the platform for shared customers in a better way. Overall, it is a very good tool for PAM.
Very easily usable. It could be easier to use. Implementation was kind of tricky. We do run a hybrid environment, so we're syncing a local active directory instance with Entra ID, so that could be a little tricky. But outside of that, if you're not running a hybrid deployment or a version of Entra ID usually, it's pretty straightforward.
Microsoft has offered Azure Active Directory as a solution for a couple of decades now, so they have seen and anticipated almost any issue that an organization may face and can therefore help. The cloud offering of Azure Active Directory offers some additional "self healing" or monitoring services that can minimize the need for a service call. However, as with most large companies supporting a fast growing market, there may be some gaps in service knowledge (and particularly processing) from the front line / tier one staff as they follow a corporate script at first contact.
Make sure you use a good partner. Our implementation was a bit longer and more problematic than we expected. Our partner got it done, but, in my opinion, some of their inexperience and staffing issues were evident.
We explored Jum Cloud and ManageEngine. Delinea is comparable in terms of features; however, the implementation of these tools differs. Delinea is a bit more manual than the other two. However, the licensing and overall ROI are better for Delinea, as it provides almost all market-ready solutions and has a robust licensing mechanism, resulting in a better ROI.
Microsoft Entra ID is not as stand-alone product as competitors like Okta. It may lack some of the features that competing products have but on the other hand it integrates both technically and license wise with other Microsoft cloud services and is easy to deploy. It is also the easiest way to extend identity management to the cloud if you already have Microsoft Active Directory in use.
The best return on investment is that all of our passwords are now up to date and usable by everyone in the department. The old way could only be accessed by one person at a time, and it was frequently wrong.
We save a lot of time in IT by having the passwords easily accessible. We also meet our security audit objectives by using this app instead of, say, an Excel spreadsheet or an old application that is no longer supported, as was the case at a previous workplace.
With the size of our department, we don't have enough passwords to go beyond the free version. It's fully functional, but it costs nothing (except some resources on a VM). ROI on free can't be beat.
I don't know if I can really quantify that. It's one of those products that just exists and so there's not a whole lot of changes that we need to make with the product. And so I guess in terms of value, what we get is we don't have to worry about the identity management piece. We know that that's taken care of.