Secret Server (originally from Thycotic, now from Delinea since the 2021 Thycotic merger with Centrify) is an enterprise password management application, which is available with either a cloud-based or on-premise deployment which emphasizes fast deployment, scalability, and simplicity.
N/A
Oracle ESSO
Score 10.0 out of 10
N/A
Oracle Enterprise Single Sign-On is a single sign-on (SSO) solution, originally named Passlogix and owned and supported by Oracle since 2010.
I would recommend Delinea to any organization or colleague, as I have used it to support our shared services model, as well as a dedicated model for people support to customers, for privileged access management. Delinea has provided us with effective methods for handling unnecessary login attempts to the customer infrastructure. Additionally, the connection thread is available in the audit trail for review, which is a valuable feature to have.
Password Management: Its entire purpose, really. Secret Server stores passwords in an incredibly easy to use way. They can be organized in groups, they contain all the information about the site or system the password is used for (including URLs for websites), and even a notes field. You can set up specific policies for expirations and complexity, and Secret Server can even generate strong passwords for you. Using a password is simple, too, since you can just click a button to add it to your clipboard; you don't even have to unmask the password.
Security: The passwords are stored encrypted in a SQL database, and the application requires an authenticated login. This could be local, but we tie it into Active Directory. Each folder of passwords has groups assigned (in our case, again, AD, but you can make them local groups) with different permission levels, so we can compartmentalize passwords. Desktop technicians don't have access to network switch passwords, etc.
Easy Setup: It took me about an hour to get the server running, from spinning up the VM to importing our old password list. It took a little longer to organize the passwords into proper folders, and then assigning groups, but it was easy to do.
Personal Passwords: Each user also gets a personal folder, where they can keep their own, unshared passwords. This is nice for sites or systems with individualized logins (e.g., a firewall, VPN, etc.)
Favorites: Secret Server lets you tag passwords as "favorites" so you can easily find ones you use constantly. The search feature is nice, but this is nicer.
This tool is essentially a hack, making the user experience pretty weak. For example, we use it in an application which has a box to type your password. Every time you enter some data, ESSO steals the focus and types your password into the box, even if you aren't about to submit the form requiring the password.
This tool creates a 2nd CN in the directory and this broke some of our applications which were only expecting a single CN per user in the directory. Why can't it use a traditional database instead?
This tool caused performance issues with Putty. It would peg our CPUs at 100% if the user had Putty running. It took a very long time to resolve the issue.
My rating is purely based on the configurational activities, as feature-wise delineation has all the features that are very beneficial for customers, though the implementation is a bit more manual work, which can be reduced with a low-code platform. Along with that, we can have a better UI to have intuitiveness and can manage the platform for shared customers in a better way. Overall, it is a very good tool for PAM.
There were not very many solutions that provided the entire package of taking an account from creation and deactivating it when no longer needed, as well as providing the discovery of unknown service accounts. Other solutions like RoboForm and LastPass did not offer the ability to manage your service accounts and added layers of complication to ensure security.
There's no substitute for properly developed applications that delegate authentication to an external system like Active Directory or a cloud identity provider. That way, the issues with screen scraping and constantly-breaking integration are solved permanently.
We spent a lot of time implementing it on different applications. However, because it uses screen scraping, every time our apps upgraded, it broke the integration with ESSO, so we had to keep fixing the integration. After a few years, we have stopped integrating new apps with it due to this headache.
