Enabling Application Hardening

This topic only applies to Secret Server On-Premises.

Application Hardening can be found in the Admin > Configuration > Security tab.

When this feature is enabled, extra checks are done to make sure user records have not been tampered with. If a user’s record has been found to have been modified by someone other than Secret Server itself, they will not be able to log in. New Event Subscriptions have also been added to send alerts if tampering is detected. This feature is only available in Secret Server on-premise.

This feature is a configurable setting designed to modify the system so that a database administrator cannot effectively modify or create a User Record through the database directly—this action needs to happen in the application itself. This includes:

Resetting a password
Disabling or changing Two-Factor Authentication
Creating a brand-new record with a known password