Delinea Secret Server Reviews

We use the solution to store all of our secrets. For example, passwords, usernames, and other credentials. These credentials can be from many places, such as service accounts, bank accounts, and key pairs. It also has the functionality if, for example, a contractor requests to log into a specific server, they would use the Secret Server to log in to the server session that is monitored and he or she would be logging in without the actual real credentials. It is also on a rotating password system.

I have found most valuable the automatic scheduled password rotation and remote desktop monitoring. Additionally, the documentation is readily available and easy to find and the dashboard is straightforward.

I would like to see scheduled reports in a future release.

I have been using this solution within the past 12 months.

I have found the solution to be very stable.

You can set up two different servers and the process is straightforward. The solution is scalable and we have 70 users using it in my organization.

We might increase usage in the future but it all depends because currently all of the operations teams have been provided for. If the operations team grows, there would be room for more usage.

The technical support needs improvement. For example, if you have any problems on the server configuring the IIS, they would provide you very limited details and they would tell you the problem is on your end. They are limited to only supporting their application, even if you have the slightest problem assessing their application through IIS they will refer you to contact Microsoft.

Additionally, the sales team could be more friendly and helpful.

I would rate the technical support of Thycotic Secret Server a seven out of ten.

The installation was straightforward.

There is an annual license fee per user and the price is fair.

I rate Thycotic Secret Server an eight out of ten.

We are a Thycotic partner. We use Thycotic extensively, and we also do a lot of implementations for them. Generally, it is for privilege access management and session recording capabilities. 

A few clients have used it as a proxy capability, and the functionality there is that the privileged accounts have access from their workstations to the servers. In order to get access, they have to be basically proxied through Thycotic for an SSH or RDP connection, and then you have a control capability for auditing and session recording.

We have used pretty much every version since 2018, including the latest version. We have deployed it to AWS and on-prem.

I like that it is Windows-based. It is good that primarily, it is not an appliance. Some of the other applications in the space, such as a Quest Software CPAM or a Safeguard, are appliances, so you can't deploy the ends of them. With Thycotic, you can either install your Temporal Protection module physically in the VM host, or you can use BouncyCastle for high-security module capabilities.

One thing that I wish they would do is to have a Kubernetes or container-based deployment supported, but they're not quite there yet. Containerization or support for containerization would be fantastic.

I have been using this solution since 2018.

There is nothing major. There were minor things that were really edge cases. We've had an issue in 2019 where if you went through the web interface to change your password, the agent that actually did the password change on the backend would go and make the change to the main controller or the active directory domain controller. After that, without waiting long enough for the change to finish committing, meaning waiting for zero nanoseconds, it would go and check to see if the change had been accomplished. So, they introduced a slight delay of two to three milliseconds, and that fixed the problem. It was really straightforward, but it took a little while to demonstrate what the actual problem was.

With our latest versions, the scalability is very good. They have a scale-out and scale-up capability depending on what your needs are and how distributed you want the capabilities to be. I don't know any other products on the market that are better at scaling.

We have deployed it to small organizations with 10,000 users. Our largest organization has 10 million users.

I would rate them a nine out of 10. You get forwarded around a bit, but you actually get somebody who can really help and solve the problem for you.

It is very straightforward. We generally do an automated deployment by using a script-based capability that we've created. It works out really well. 

It is a kind of self-serving advice, but I would advise getting a partner to deploy it for you. There are a lot of really good partners out there, not just us.

In terms of the maturity of their product, there are a lot of Enterprise capabilities that they haven't yet brought into the market, but after it has been called out to them that there is a customer who needs a capability, they're very quick and responsive around doing development to get that capability in, which is something I like. There was an Enterprise scalability capability where you have high availability and multi-site failover. One of the versions that they had back in the 2018 and 2019 timeframe did not support that capability. We called out some recommendations to them, and they had it in the product in the next major revision.

I would rate Thycotic Secret Server a 10 out of 10 because I am not familiar with any products that are capable of going on-prem and have a superior function set.

I'm a director/engineer and we partnered with the company. Our primary use case was for a project that we followed from an administrator point of view, not the end-user point of view. My responsibility was to manage the migration-related to the project, installing and configuring the infrastructure, creating policies and so on. Technically speaking, it was at a high level. All of my clients are enterprise companies.

The most valuable aspects were its ease of use because the software is monolithic, so you only have to install the web services and then there's a database, so it's very easy to use and to configure. There are no further modules so installation is simple as is configuration. There are a lot of features out of the box. That was an interesting aspect.

I think the services could be improved by making it more 'friendly.' Documentation could be improved if they were to include more about connectors. Technically speaking, and in comparison to other software such as CyberArk, the documentation was not enough. CyberArk has extensive documentation and I believe Thycotic doesn't have enough.

The same applies for additional features - improved documentation in the next release would be helpful.

I've used the product for five months. 

It's a very stable solution.

It's very easy to scale the solution because it's a web server. If you want to install more than one server then you just have to add the additional server to the database. So it's very, very easy.

Technical support is fine but as I said, it could be a little more friendly.

There is a lot of risk management software around. I decided to switch to Thycotic, first of all, because we were starting a new project and it was a challenge for me and a new software I wanted to try. That was the main reason for the move. 

Being a web server, the initial setup is very straightforward and easy to understand. It's one of the differences between Thycotic and CyberArk. CyberArk requires some study, it's a modular solution. 

I'm a technicial person so I don't know about setup costs. 

In general, I would recommend the product. It's very good and is cheaper than CyberArk. It's something that a team leader or project manager would take into consideration because even the cost of the license is something to keep in mind when planning a project. It really depends on the company's requirements. 

We use the solution for automatic password rotation and managing system admin and database access.

The solution's most valuable feature is video recording. It is crucial for evidence and compliance purposes.

The solution's remote support feature needs improvement.

The solution is stable.

We have 30 solution users in our organization. They include system, network, and database administrators.

The solution's technical support is good.

Positive

The solution's initial setup process is easy.

The solution is low-cost than other vendors. We purchase a yearly subscription for it.

The solution has all the essential features to secure any environment. I rate it an eight.

We intend to replace our pairing password management solution with something more enterprise-friendly.

We are currently conducting a demonstration with Thycotic Secret Server.

I've only used this solution a few times as a demo and haven't explored everything it has to offer, but I have experience integrating it with our Active Directory and setting up the server.

I like the one-way hash, as well as the ability to store it in the cloud and access it from anywhere.

I like the fact that you don't have to have separate databases for each department in your organization. 

They have one central location, that they all go to it. 

They all go to the same central location. If they leave, we can disable their account, reset their password, and integrate it with our Active Directory.

At this early stage, and based on my demo experience over the last two weeks, it appears to have more features than we require, but we can grow into it.

It's a great product. It seems that you could do your privileged access and things like that where you do the IEM. You could also make it so that those individuals have access for a set period of time to do their administration. These are the types of features we haven't really used, but I can see them being very useful. I can also see where they're going with this product, which is an all-in-one solution. 

It appears to be well-developed.

Although the password policy was interesting, the default setting was inadequate. As a result, we had to change it to be 20 characters with symbols. It was an odd process, but it was relatively simple to adjust.

I have been using the latest version of Thycotic Secret Server for a couple of weeks.

Thycotic Secret Server is a stable solution. We didn't encounter any bugs or glitches.

It appears to be pretty easy to scale.

We have fewer than ten people to test the demo in our organization.

We may decide to use this solution, and we are attempting to budget for it. We must sell the features and show that the extra cost is justified.

I have not contacted technical support. We had our representative involved, and he brought in a technical person to assist with the build, as well as being available to answer questions.

We are working with Jira.

The initial setup was fairly simple.

We are going from a free product, which isn't necessarily a fair comparison because it brings many things to the table, but it appears to be reasonably priced.

It would be beneficial if it were reduced.

I haven't tested many other products, but this one appears to be quite good. I believe it is comparable in the industry.

I haven't used this solution a lot, just in a demo capacity. I haven't explored all that it can office. I have worked on the integration with our Active Directory, and we set up the server.

I would rate Thycotic Secret Server an eight out of ten.

• Heart beats – it tells me when passwords on file are no longer working. This could be an oversight, but could also be a sign of hacker activity.
• Secret Expiry – reports on passwords that haven’t been changed and may be out of policy.
• Remote Password Changing – along with Secret Expiry, this enables me to stay compliant with password change policies.
• Network Discovery – scans networked machines for accounts, bringing machines in to password policy compliance, and uncovering unknown or backdoor accounts. It also enables the discovery of the total reach of an account, i.e. a service account for which you dare not change the password as you don’t fully know the implications of missing an instance of the account that could fail critical operations.

We previously had a very lax password policy, and passwords were stored in Excel spreadsheets. Passwords were often not documented, or the documented password was not updated if changed. We now have a much stricter, safer password policy. Secret Server has improved security, productivity and helped achieve a much higher state of compliance.

Session recording could offer more control and block certain actions or commands.

I have experience of other products that focus on session recording, so I’m aware of what advanced functionality can be achieved.
Specifically, I’m referring to:

* blacklisting and/or whitelisting certain commands
* OCR capabilities

Now I know these aren’t currently supported, but they may be available in future releases.

We have used this solution for more than three years.

Very occasionally indexes won’t contain all the search results expected.

We have not encountered any scalability issues as this is a highly scalable product.

Technical support is good. Online and offline documentation is clear and well written. Support technicians are punctual and friendly.

I have worked with customers of other solutions. They found it hard to separate accounts assigned to the same asset for different teams. For example, a server has SQL and database accounts. These credentials would all be visible to anyone with access to the server asset which isn’t a desirable situation. DBA has access to a local administrator account. Server admin has access to the payroll DB account!

Based entirely on the Microsoft stack (IIS, MS-SQL), installation is quick and easy.

Pricing is very flexible. Download the free trial version. You can downgrade to the free version (it’s free for life!) or pay for the exact feature set you require.

We evaluated LastPass Enterprise, RoboForm, Password Manager Pro, Kaspersky Password Manager and CyberArk.

I’d recommend you engage a reseller to discuss your requirements, and download the free trial version.

The primary use case is managing access for user groups and individuals in a very large environment.  

One of the best things about Thycotic is that it is very easy-to-use. It is logical, it has well-designed screens and a nice GUI interface. It has good performance and is generally a pleasure to operate.  

If you look at Thycotic, it is a great product that has pretty much all the same features as CyberArk — which will be replacing it. There is not much difference between the two. We will be switching away from using Thycotic, however, before the end of the year.  

The catalyst for the change was a formal comparison of the two products that we did using each to evaluate how we would use it in solving actual use case issues. In the presentation of the scoring over specific categories, CyberArk had slightly better professional service marks and the same price. Besides that, the two products were neck-and-neck and almost identical in the scoring. CyberArk just came out just a little bit better than Thycotic in the details, and not by much at all. Be that as it may, the formal comparison is the reason for the change.  

Thycotic has been in use in our Healthcare system for four years.  

Thycotic is a rock-solid product. Our organization never had any issues with it.  

If you consider the shere physical size of the Healthcare environment, you can tell from that just how scalable the product is. Not every product can handle 55,000 network elements and 15,000 servers.  

The technical support for Thycotic is very good as might be expected. The members of the support team that I have been in contact with are very much on the ball. Thycotic has  excellent service staff.  

This will be the last year Thycotic will be in operation at Healthcare in Norway because it will be replaced by CyberArk at some time this year.  

I think there are some very small things in Thycotic which are a little harder to do, and that is only because the Healthcare environment is so large. Healthcare has 55,000 network elements and 15,000 servers. One of the few things that CyberArk does better than Thycotic is to more neatly group IT assets in smaller bundles using a 'safe' that could be assigned to groups or teams for access. By comparison, Thycotic — at least in the versions leading up to the competition — lists all the assets at one time, no matter how many there are. When there are lists which are 15,000 elements long, it is harder to locate items and divvy up the work. So it was some slight usability things like this that really made the difference in the outcome of our comparison.  

While this organizational feature in Thycotic was not so good, some other parts of the user interface that are included in it are really fabulous. Thycotic is more intuitive and it is more logical in many ways than CyberArk. So I really like the Thycotic product. But for this very large environment, it turned just to be slightly less applicable to our situation than its competition.  

As I probably indicate from my answer, if it was not for the fact that we did a formal comparison and scoring of the products — following the objective measures that we have to follow when we buy things in the public — we probably would have done well just keeping Thycotic. But when you follow the Government process and the idea is to be absolutely impartial, then the way the scoring is set up is the way it goes.  

I think the pricing of Thycotic and CyberArk products are very similar.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Thycotic as probably a nine. That is only because I have to rank them slightly lower after we decided to make the switch to CyberArk, and replacing a product that is a ten would not make a lot of sense. So a nine-out-of-ten it is.  

Thycotic is a product that is so friendly that it can be used by nearly anyone and everyone, and that is a good place to be. As for the limitations in a very large environment, Thycotic could invest in making changes in the product to handle structuring in a segmented way. It would be costly for Thycotic to make that investment, but for Healthcare as a user group, that would have been the difference. We have already bought another product, so we are not going to change our minds again, but it may be worth considering for the team at Thycotic.  

I would probably recommend Thycotic for most businesses because it is simpler and easier to deal with than CyberArk. So really, I would recommend it to all businesses except for the extremely large ones.  

The team password vault is valuable.

The customer service and support team could be improved, and the solution could be more user-friendly.

We have been using the solution for approximately two years.

The solution is stable.

The solution is scalable. Approximately 200 users are using it in our organization.

I rate customer service and support a zero out of ten. We reached out to them to solve an issue, and they hung up on us.

Negative

I was not a part of the initial setup process.

I rate the pricing six out of ten.

I rate the solution a four out of ten. The solution is good, but there is a lot of room for improvement. The UI and the customer service and support team could be improved. I advise new users to have patience with support and be careful when purchasing licenses because if they mix up their licenses, it would be challenging to get them fixed, and they may have an outage.