Fall (Q4) 2025 Release

Secret Server on Platform

  • Customer Managed Encryption Keys (GA) – Store and manage encryption keys in Azure Managed HSM to protect, encrypt, and decrypt the Master Encryption Key used by Secret Server Cloud. This ensures customers retain complete control over their main encryption keys.

  • Password and Secret Intervals (GA) – Independent controls for auditing secret view events, password view events, and require comments to align with your organization's policies. Learn more about this update.

  • Remote Password Change Pre-Validation (GA) – Add “Pre-run validation” checks for dependencies before executing remote password changes. If validation fails, the action is halted, preventing password mismatches and dependency failures. Learn more about this update.

  • Bulk Operation Management (GA) - View, track, and cancel bulk operations in real time. Monitor both in-progress and completed actions. Learn more about this update Learn more about this update.

Delinea MCP Server

  • Delinea MCP Server enables secure integration of AI agents into workflows using the Model Context Protocol (MCP). This protocol allows agents to request access through temporary tokens governed by policies, never exposing raw secrets. Each AI-driven interaction is logged with identity context for full auditability. By combining MCP with the Delinea Platform and Secret Server, teams can automate safely, minimize credential risks, and maintain complete control over privileged actions. Learn more about our open-source MCP release on GitHub.

Analytics

Analytics (GA) – Gain deeper visibility into user behavior and risk to strengthen your security posture. New enhancements deliver richer insights for continuous monitoring and response. Learn more about this update.

Iris Auditing

Iris Auditing (GA – Automatically transcribe and analyze session recordings across Secret Server, PRA, and PCS.

  • AI-driven action labeling and suspicious behavior detection

  • Risk flagging and AI-powered summaries for faster investigations

Learn more about this update.

Privileged Remote Access (PRA)

  • Private Web Applications (GA) – Access private web apps securely without VPN using browser-native connectivity and SSL/TLS-encrypted public URLs. Learn more about this update.

  • Linux Engine to Platform Engine Upgrade (GA) – Seamlessly upgrade existing PRA Linux engines to the new Platform Engine on the same host. Learn more about this update.

  • Secret Server Proxy Site Selection (Public Preview) – Users can now select proxy sites for Active Directory secrets when initiating PRA sessions. PRA automatically locates matching Platform sites to streamline setup and enhance the connection experience. Learn more about this update.

  • Secret Server Proxy Bypass for PRA (GA) - Tenants can choose to allow PRA to bypass Secret Server RDP and SSH proxies to allow for PRA-specific benefits like file transfers and automatic reconnection on temporary network connection disruptions. Learn more about this update.

Privilege Control for Servers (PCS)

  • Linux Profile Management (GA) – Manage Linux/UNIX user profiles directly within the platform. Import in bulk, preserve home directories, and manage policies for streamlined integration. Learn more about this update.

  • Active Directory Rapid Discovery (GA) – Maintain near real-time synchronization between AD and the platform to ensure up-to-date machine inventories and faster policy deployment. Learn more about this  update.

  • Device Code Flow MFA (Public Preview) – Enable MFA redirection from non-interactive sessions to workstations without RADIUS. Supports platform MFA methods such as FIDO2 and SSO. Learn more about this update.

  • Duo Auth API MFA (Public Preview) – Perform DUO push notifications directly from non-interactive sessions without RADIUS dependencies. Learn more about this update.

  • Direct Audit Recordings (GA) - Server Suite session recordings are now fully supported in the Delinea Platform with SaaS Audit. Learn more about this update.

Inventory

Collections for Remote & Web Applications (GA) – Group remote and web applications into collections with fine-grained permissions to enforce least-privilege access and improve management. Learn more about this new capability here.

Identity

Local Account Expiry (GA) – Set an account expires date for temporary local user accounts such as vendors. This ensures automatic removal of access when it’s no longer needed and simplifies compliance management. Learn more about this update.

Okta MFA (Private Preview) – Streamlined Okta Verify MFA integration without RADIUS, available within the platform and at endpoints via PCS or Server Suite. Learn more about this update.

Continuous Identity Discovery (CID)

Users can now directly vault administrator, shadow administrator, and privileged accounts from the Identity Inventory page, simplifying credential onboarding. Learn more about this update.

Identity Threat Protection (ITP) and Privilege Control for Cloud Entitlements (PCCE)

  • Identify Non-Human Identities (NHI) in Entra ID - expanding coverage of managed identities. Learn more about this update.

  • Visibility Extended to Third party Public Key Vaults - starting with AWS Secrets Manager.

  • Improvements to Identity Posture and Checks Pages - deliver a more intuitive and streamlined user experience. Learn more about this update.

Marketplace and Integrations

  • ServiceNow MID Server Credential Resolver v4.6.0 – Updated integration adds enhanced validation for Azure and Kubernetes credentials in both Secret Server and the Delinea Platform. Learn more about this update.

  • Terraform 3.0.1 - Added support for generating passphrases and SSH keys during secret creation. Learn more about this update.

  • New and Updated RPCs for Secret Server on Platform:

    • Windows Secret Template for RPC. Learn more about this update.

    • Remote Password Changing for Teradata. Learn more about this update.

    • Remote Password Changing for WebSphere. Learn more about this update.

    • Remote Password Changing for Okta, Learn more about this update.

Mobile

  • Credential Manager Mobile 3.1 – Users can now request, approve, or deny access requests directly from their mobile devices, enabling faster and more convenient access management on the go. Learn more about this update in the documentation and release notes.

  • Credential Manager Mobile 3.0.2 – This maintenance release includes several stability and usability improvements. Fixed an issue where links opening a secret did not correctly redirect to the Credential Manager app. Resolved a bug on iOS where login state was not properly maintained between app sessions. Learn more about this update in the release notes.

  • Credential Manager Mobile 3.0 – New modern UI, improved performance, folder rename/move capabilities, and TOTP display on secrets. Learn more about this update in the release notes.

  • Authenticator 1.0.13 – Updated to support 16KB page sizes on Android devices. Learn more about this update in the release notes.

  • Platform Mobile 1.1.9 – Updated to support 16 kb page sizes on Android devices. Learn more about this update in the release notes.

Delinea Credential Manager (DCM)

  • Delinea Credential Manager (DCM) 1.2 – Enhancements include inline password generation, full-page security workflows, field mapping for autofill, improved URL relevance, and MFA detection for PACER. For a full description of these updates, see the release notes.

  • Delinea Credential Manager (DCM) 1.1.1 – This release adds new administrative controls and enhanced security protections. Administrators can now define Delinea Platform tenant URL when deploying Chrome and Edge settings via GPO or Intune for Windows, or via MDM solutions for macOS, and optionally prevent users from modifying the configured URL. In addition, new safeguards have been introduced against clickjacking attacks involving hidden or overlapping layers. For a full description of these updates, see the release notes.

Other Updates

  • Thycotic GitHub Organization Deprecation – All repositories under the legacy Thycotic GitHub organization were retired. Please use DelineaXPM for all repositories and integrations.

  • Customer Subscription Dashboard – New centralized dashboard under Marketplace > Subscriptions for managing subscriptions, tracking license usage. Learn more about the Subscription Dashboard.

  • Connection Manager 2.7.1 – Introduces beta support for FIDO2 WebAuthn passwordless authentication in remote RDP sessions and improves usability across pop-up authentication windows. For a full description of these updates, see the release notes.