Managing Third-Party Contractors and Vendors

Organizations can use membership types in the Delinea Platform to manage user entitlements between limited Vendor User capabilities and full-featured IT User capabilities in Secret ServerClosed The Delinea secrets vault. Delinea Secret Server is an enterprise-grade secrets storage vault for securely storing, managing, and controlling access to privileged credentials and other sensitive data. See Secret Server on Platform, Secret Server Cloud (SSC), and Secret Server on Premises (SSOP) for distinctions.. The following table shows the differences between these two types of entitlements.

Delinea Platform users are automatically granted IT User entitlements unless their membership type is explicitly set to “Vendor”.

Capability Vendor User IT User

View secretsClosed A piece of information that is stored and managed in the Delinea Secret Server vault. Typical secrets include privileged passwords on routers, servers, applications, and devices. Files can also be stored in secrets, such as private key files, SSL certificates, license keys, network documentation, Microsoft Word or Excel documents, and more. Secrets are derived from secret templates.

 (Passwords are invisible)
Launch secretsClosed A piece of information that is stored and managed in the Delinea Secret Server vault. Typical secrets include privileged passwords on routers, servers, applications, and devices. Files can also be stored in secrets, such as private key files, SSL certificates, license keys, network documentation, Microsoft Word or Excel documents, and more. Secrets are derived from secret templates. (PRAClosed A feature of Delinea Platform that enables secure remote access to computers that is audited and session recorded. Formerly Remote Access Service (RAS).)
Request access to secretsClosed A piece of information that is stored and managed in the Delinea Secret Server vault. Typical secrets include privileged passwords on routers, servers, applications, and devices. Files can also be stored in secrets, such as private key files, SSL certificates, license keys, network documentation, Microsoft Word or Excel documents, and more. Secrets are derived from secret templates.
Approve access to secretsClosed A piece of information that is stored and managed in the Delinea Secret Server vault. Typical secrets include privileged passwords on routers, servers, applications, and devices. Files can also be stored in secrets, such as private key files, SSL certificates, license keys, network documentation, Microsoft Word or Excel documents, and more. Secrets are derived from secret templates.  
Share secretsClosed A piece of information that is stored and managed in the Delinea Secret Server vault. Typical secrets include privileged passwords on routers, servers, applications, and devices. Files can also be stored in secrets, such as private key files, SSL certificates, license keys, network documentation, Microsoft Word or Excel documents, and more. Secrets are derived from secret templates.  
Create and manage secretClosed A piece of information that is stored and managed in the Delinea Secret Server vault. Typical secrets include privileged passwords on routers, servers, applications, and devices. Files can also be stored in secrets, such as private key files, SSL certificates, license keys, network documentation, Microsoft Word or Excel documents, and more. Secrets are derived from secret templates. and folder lifecycle  
View secretClosed A piece of information that is stored and managed in the Delinea Secret Server vault. Typical secrets include privileged passwords on routers, servers, applications, and devices. Files can also be stored in secrets, such as private key files, SSL certificates, license keys, network documentation, Microsoft Word or Excel documents, and more. Secrets are derived from secret templates. and user auditClosed A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. logsClosed A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. for owned secretsClosed A piece of information that is stored and managed in the Delinea Secret Server vault. Typical secrets include privileged passwords on routers, servers, applications, and devices. Files can also be stored in secrets, such as private key files, SSL certificates, license keys, network documentation, Microsoft Word or Excel documents, and more. Secrets are derived from secret templates.  
Use Connection Manager to login to Secret ServerClosed The Delinea secrets vault. Delinea Secret Server is an enterprise-grade secrets storage vault for securely storing, managing, and controlling access to privileged credentials and other sensitive data. See Secret Server on Platform, Secret Server Cloud (SSC), and Secret Server on Premises (SSOP) for distinctions.  
Use the Secret ServerClosed The Delinea secrets vault. Delinea Secret Server is an enterprise-grade secrets storage vault for securely storing, managing, and controlling access to privileged credentials and other sensitive data. See Secret Server on Platform, Secret Server Cloud (SSC), and Secret Server on Premises (SSOP) for distinctions. SDK and API  
Configure security features for a secretClosed A piece of information that is stored and managed in the Delinea Secret Server vault. Typical secrets include privileged passwords on routers, servers, applications, and devices. Files can also be stored in secrets, such as private key files, SSL certificates, license keys, network documentation, Microsoft Word or Excel documents, and more. Secrets are derived from secret templates.  
Configure password rotation  
All administrative functions in Secret ServerClosed The Delinea secrets vault. Delinea Secret Server is an enterprise-grade secrets storage vault for securely storing, managing, and controlling access to privileged credentials and other sensitive data. See Secret Server on Platform, Secret Server Cloud (SSC), and Secret Server on Premises (SSOP) for distinctions.  
Create/Manage Integrations, Workflows, Pipelines, Discovery, Sites. Distributed EnginesClosed An engine used by secret server on platform, secret server cloud, and secret server on-premises to take actions in the customer environment and update secrets. In the future, secret server on platform will use only the Platform Engine for these actions., HA/DR, etc.  

Customers who have purchased PRAClosed A feature of Delinea Platform that enables secure remote access to computers that is audited and session recorded. Formerly Remote Access Service (RAS). concurrent user licenses are entitled to Vendor User capabilities automatically. Learn more about PRAClosed A feature of Delinea Platform that enables secure remote access to computers that is audited and session recorded. Formerly Remote Access Service (RAS). Understanding Entitlements and Licenses.

Entitlements are enforced even if a user is granted RBAC permissions for related actions.

Prerequisites

If you are using Secret ServerClosed The Delinea secrets vault. Delinea Secret Server is an enterprise-grade secrets storage vault for securely storing, managing, and controlling access to privileged credentials and other sensitive data. See Secret Server on Platform, Secret Server Cloud (SSC), and Secret Server on Premises (SSOP) for distinctions. On-Premise with the Delinea Platform, see Manually Integrate Secret Server On Premise for the currently supported version.

Local Users

Customers can use their Delinea Platform local directory to onboard third-party users who need short-term access. Customers can also use the local directory when they do not want to add third-party users to their own identityClosed Identity is the process of identifying a particular user, usually by providing a name, email address, phone number, or username. This is the process of someone saying that they are a certain person. sources. For details, see Adding a Local User Account.

Bulk Import of Vendors

Delinea Platform provides a bulk import capability for organizations that deal with large numbers of third-party users and need an efficient way to manage access to Secret ServerClosed The Delinea secrets vault. Delinea Secret Server is an enterprise-grade secrets storage vault for securely storing, managing, and controlling access to privileged credentials and other sensitive data. See Secret Server on Platform, Secret Server Cloud (SSC), and Secret Server on Premises (SSOP) for distinctions. entitlements. To use bulk import, you prepare a file with user data, format it according to the system's requirements, and upload it.

For more detailed information about importing vendors in bulk, see Bulk Importing Local Users.

Active Directory

Tenant administrators can manage third-party vendor entitlements through Active Directory. For more information, see Managing Third-Party Vendor Entitlements When Using Active Directory.

Federated Vendors

Tenant administrators must create a custom attribute in the identityClosed Identity is the process of identifying a particular user, usually by providing a name, email address, phone number, or username. This is the process of someone saying that they are a certain person. provider (IdP) and map it to a PlatformUserMembershipType claim in the Delinea Platform. Claims for users must have a value of either Vendor or Employee.

For more information about managing third parties from a federated identityClosed Identity is the process of identifying a particular user, usually by providing a name, email address, phone number, or username. This is the process of someone saying that they are a certain person. source using SAML or OIDC, see Setting Up Federation.