For Administrators
Configuration Options (only on the installed edition)
Make Secret Server your own by configuring the application to your company's
standards or your personal liking. There are different configuration options
which lets administrators choose to...
-
Allow/disallow Remember Me
-
Choose the length of time that logins are valid for
-
Allow/disallow browser autocomplete of form fields
-
Select the maximum login failures before user is made inactive
-
Email server notifications to be notified when secrets are changed
-
Allow automatic checks for software updates over internet
- By checking this box,
your Secret Server will check for any upgrades in regards to the latest updates
and major releases of Secret Server. Remember, you must have valid support licenses to get the
upgrades.
-
Enable Toolbar Webservice
- This feature is currently not available. Checking this
box will allow your Secret Server to communicate via webservices. This will
activate the Secret Server toolbar, letting you use Secret Server directly from
your web browser while visiting a website.
-
Force Inactivity Timeout
- Select the amount of minutes before a user will be logged out of Secret Server
-
Force HTTPS
- Enabling this feature will automatically redirect the user to use SSL.
Active Directory Synchronization
Active Directory Synchronization allows you to automatically synchronize users and groups with an Active Directory server. Follow these steps to synchronize your Active Directory with Secret Server...
-
Go to the Edit Domains page from the Active Directory configuration screen.
-
Select the domains applicable and then click the Edit Syncrhonization button.
-
Choose the groups you want to synchroinze.
Secret Server will automatically synchronize all the selected groups and the users within these groups.
IP Address Restrictions
IP Address ranges can be defined, and a user can be assigned to one or more ranges. When a user attempts to login to Secret Server, their IP Address is checked and they are logged off if their IP does not match their assigned range.
Disabling Users and Groups
Secret Server is a security focused password management system, therefore for auditing reasons, you
can not delete users or groups. You can mark them as inactive which will prevent their use and meets
compliance requirements for ensuring that audit history is accurately help.
To inactivate a group, simply go to the Group Edit page and uncheck the enabled box.
-
No users or administrators will be able to see the group you inactivated and
both users and groups can be enabled at any time in the future by an administrator.
Naming Patterns
A naming pattern is an option for administrators to standardize secret names. It
allows them to easily find, distribute, share and audit secrets. Using
regular expressions, an administrator can make a naming pattern for a
particular secret type that will force users to enter a standard name when
creating a secret.
-
Example:
NTDOMAIN01\jsmith instead of unpredictable john smith's account
A customizable error message is displayed for a secret name that doesn't meet the requirements of the naming pattern.
Adding Folders
Another way to organize your secrets in Secret Server is to categorize
secrets by putting them in folders. You may want to use folders to separate secrets by...
-
Your consulting clients
-
Your office locations
-
Your company's departments
Default Permissions on Folders
When viewing a folder, you have the option of adding default permissions to groups. Each group or user you select will have permissions to every secret within that particular folder.
Creating Groups
Having groups provides an easy way to distribute passwords to different
teams within your organization. You can quickly share one password with a
bunch of users. Here are several tips to help you effectively create groups...
Quick tips:
-
When placing users into a group, press left click+shift to select a certain of
users. This comes in handy when trying to move twenty of your forty users into
a group.
-
Common group names are: Developers, Network Administrators, Website
Administrators, IT Help Desk, Marketing, Sales, Human Resources
Secret Export
Administrators are only able to export secrets they have permission to view. This is
important as often an administrator should not necessarily have access to all the secrets in
your Secret Server.
Only administrators have export capabilities. Export is audited and requires the administrator
to provide their Secret Server password and an optional reason for the export.
Remote Password Changing
The remote password changing feature allows you to automatically change the password of a user account or machine.
When a secret type is set to a specific password type (See Remote Password Types below), and expiration is enabled on that type, you can then enable "Auto Change" on a secret within that secret type. When that secret "Expires", the system will automatically change the secret, and the system that the secret corresponds to.
Licensing
Licenses can be purchased directly from the Thycotic Software Online Store which is linked from
the License page. The administrator can add licenses at anytime WITHOUT any
downtime or reinstalls of their Secret Server. There are three types of licenses you can
purchase for Secret Server...
-
User license packs
- There are licenses available from one user all the way up
to 1000. Remember that license prices are discounted with volume!
-
Support
- When you purchase support licenses, you are buying much more than just
instant service and peace of mind. You will also be entitled to all free upgrades on minor
updates AND major releases of upcoming versions of Secret Server.
-
Active Directory Add-on
- Many users want the most simplistic experience
possible. The main benefit of Active Directory integration with Secret Server
is that users and administrators can login using their network/workstation password.
Administrators are also able to add users to Secret Server with no additional passwords to worry about.
Back