Skip to content
 

SECRET SERVER FEATURE: Access Control

Gain control over web apps and cloud management platforms

1.

Overview of Access Control:

Virtually all compliance mandates and security best practice frameworks require some form of role-based access control (RBAC). Access control allows system administrators to manage user roles and permissions efficiently and sustainably. Policies set rules that apply to all users, so you don’t need to make on-the-fly decisions about who should be able to access what, why, and how.

Access Control and Least Privilege

Access control makes it possible to implement and manage a least privilege policy in which users have only the access they require to get their jobs done. When systematically applied, controls reduce the risk that a user will be granted too much access. For example, administrators can ensure that users can’t accidentally or intentionally change administrative settings they shouldn’t have rights to. Just as important as implementing least privilege is maintaining appropriate access over time, and effectively avoiding privilege creep whereby a user retains access to resources they no longer require.

Access Control and Separation of Duties

There are two main types of Separation of Duty policies—Static (SSoD) and Dynamic SoD (DSoD). Mutually exclusive role constraints are used to enforce static separation of duty policies, while dynamic separation of duty policies are intended to limit the permissions that are available to a user.

Access Control and Active Directory

Implementing access control via a hub and spoke model, in which Active Directory is the hub, allows for a unified view and centralized, consistent control. For organizations already managing permissions via Active Directory (AD), user groups often map naturally to user roles.

For a more in-depth look at RBAC, please read our glossary entry for Role-Based Access Control

 
2.

Role-Based Access Control (RBAC)

Role-Based Access Control for Active Directory (RBAC AD) allows IT admins to control what users can do within Secret Server on an individual or group basis. RBAC simplifies common IT admin tasks like onboarding a new user, moving someone to a different department or division, or, most importantly, off-boarding a user. You can quickly modify permissions in bulk – for all users with a particular role – either to grant them additional access, tweak their permissions based on new or obsolete resources, or lock down their permissions, which is especially important in the event of a breach. Users themselves are never directly given a permission. Permission only comes along as part of their role. This prevents permission creep.

Secret Server ships with out-of-the-box roles to solve common configurations and get you going quickly. Each user and group is assigned to one or more roles that define what they can do in the system. If an out-of-the-box role doesn’t suit you, it can be modified, or you can simply create a new one to correspond to your organization’s structure.

Learn more about Role-Based Access Control: RBAC

 
3.

Web Password Filler

Users often have many different logins to sites for software downloads, support, or hosted environment consoles. They are often tempted to store passwords in browsers for web applications or tools with web interfaces, which increases the risk of password theft. Web Password Filler removes that security risk by allowing users to log into a website automatically without relying on browser-stored passwords.

Web Password Filler users leveraging Secret Server Cloud on the Delinea Platform have full visibility to all secrets with a search function included and can access their secure credentials stored in Secret Server right in the browser to increase productivity, efficiency, and security.

Learn more about Web Password Filler

 
4.

RDP / PuTTY support

Delinea Secret Server provides a proxy capability to ensure the only way to access your Windows servers is via the secure vault. The RDP proxying feature allows RDP connections established using a launcher to be routed through Secret Server. Direct access can be prevented at your firewall level, forcing administrators to use Delinea Secret Server to store their domain admin credentials and use the proxy to access servers.

The RDP proxy can be used in conjunction with the session recording and monitoring to provide a full audit log of all activities related to the target server.

 
5.

Password “hiding”

With Secret Server, privileged users can access the accounts and systems they need without ever seeing a password because credentials are automatically injected. Users don’t have to remember complex passwords, and they avoid the temptation to write them down or share them.

Learn more about access control in Secret Server

 
6.

Privileged Remote Access

Privileged Remote Access elevates and extends the remote access capabilities of Delinea Secret Server to enable secure remote access with the simplicity of a web browser.

With Privileged Remote Access, third parties can establish secure connections to servers via RDP and SSH for troubleshooting and development. Remote IT users can maintain privileged access to applications when working from home.

Privileged remote access on the Delinea Platform enables all remote users outside your network to securely access privileged accounts with a seamless VPN-less, browser-based workflow while increasing the controls, security, and monitoring for every remote privileged session, taking. This takes your core Secret Server remote access options to the next level.

Learn more about secure remote access while saving time and money »

 

Start a Free 30-Day Trial of Secret Server