AD and Secret Server Overview

Before synchronizing or creating users, you need to create a secret to be used as the "sync secret." This secret should contain Domain Admin credentials (or an account with appropriate permissions to search and view the attributes to all your organization's users and groups).

Secret Server integrates with Active Directory (AD) to streamline user authentication and management. Here are some key points about this integration:

  • User Authentication: Secret Server allows users to log in using their Active Directory credentials. This simplifies the login process and enhances security by leveraging existing AD authentication mechanisms.

  • User and Group Synchronization: Before synchronizing or creating users, a "sync secret" containing Domain Admin credentials (or an account with appropriate permissions) must be created. This enables Secret Server to search and view attributes for all users and groups within the organization.

  • Role-Based Access Control (RBAC): Secret Server uses RBAC to control user rights and privileges. This feature allows administrators to enforce least privilege and segregation of duties on privileged accounts. Users and groups are assigned to roles that define their permissions within the system, ensuring that access is granted strategically and securely.

  • Azure Active Directory Integration: Secret Server can also integrate with Azure Active Directory, requiring .NET Framework version 4.8 or later. This integration allows for seamless management of users and groups in cloud environments.

  • User Lockout Protection - When enabled, synchronization will not disable the domain's users if it would result in every user in this domain being disabled.