SECRET SERVER FEATURE: Automatic password management
Core PAM Automation Increases Visibility, Control, and Oversight
Rule-based password generation
Secret Server’s password generation feature assigns strong passwords which are sufficiently long and complex to meet compliance and security policy requirements.
Secret Server allows you to set password requirements for different types of privileged accounts. In Secret Server’s template settings, you can require specific characters and password length, for example: two uppercase letters, two lowercase letters, etc. Combined with session launchers and copy-to-clipboard options it’s perfectly feasible to use 100-character passwords. This improves security by making passwords impossible to memorize. Additionally, the Password History feature allows you to keep a full record of all previous passwords.
Scheduled password changing
Security best practices and compliance mandates require that privileged passwords be changed regularly — a task that is easily overlooked. Using Secret Server, you can easily automate privileged password changes on a schedule to meet compliance mandates. Secret Server’s built-in password changing and expiration schedules ensure that critical passwords are changed automatically, without manual intervention.
When privileged account passwords need to be changed ad hoc, such as when an admin leaves or if a security breach occurs, you can automate the process to protect sensitive assets right away.
Out-of-the-box password changers
Secret Server offers a wide range of pre-configured password changers for frequently used applications. Access the full list.
All Remote Password Changing features such as Check Out and Heartbeat work with these platforms, so you can provide additional security as well as verify that passwords are correct.
Secret Server password management software provides effective, up-to-the-minute monitoring of passwords and other credentials across your company network with Heartbeat.
Automatically test a Secret’s credentials at set intervals, and alert administrators if credentials are changed outside of Secret Server. Heartbeat also tells you when an administrator changes a privileged password without your knowledge.
Secret Server gives you the ability to require that users who edit a secret must match password complexity rules. See this KnowledgeBase article for a walk-through of configuring password requirement rules for secrets.
This assists in migrating from legacy systems in which secrets may have weak passwords. For a quick analysis, built-in reports show you which secrets don’t have strong passwords.
Password changing for secrets occurs either upon a manual kick-off or when a secret expires. When that happens, Secret Server generates a new random password, connects to the target, and updates the account.
Secret policies can be set at the folder level so you can enforce separate policies for different IT systems or teams.
Event Subscriptions are customizable alerts that send email notifications to users or administrators. They can be set up to alert you when specified actions are performed, or when an event occurs within the system.
Examples of Events
- Unlimited Administration Mode toggle
- Secret Edit/Add/View
- Role and Group Assignment changes
- Secret Expiration
- Configuration changes
- Heartbeat failure when the password is invalid
With Secret Server’s If/then Automation, common trigger events can initiate a series of automated follow-up actions, saving IT time so they can focus on alerts that need more investigation or complex response.
For example, if a privileged credential’s heartbeat fails, indicating a password has been changed outside of the central PAM solution, a triggered action can rotate that password automatically and bring control back into Secret Server.
Integration between Secret Server and other IT security systems can trigger automated incident response, for example, phishing or malware analysis.
Policies can apply triggered events to secrets, folders, or sets within folders in Secret Server. Secret Server administrators have tremendous flexibility to customize triggered events and follow-up actions, such as sending an email or running a script, in order to match their own IT systems, policies, and workflows.