This guide is for regular, non-administrative, users of Secret Server (SS). It is mostly a set of links to a subset of the greater corpus of SS documentation.
Secret Server is a privileged access management (PAM) system. Essentially that means it manages who can access what, when, and under whose authority—all without introducing weak points, such as weak passwords or stale user accounts, and discovering those that potentially exist. For large organizations, this is a huge undertaking. It only takes one security breach to cause huge problems, and there are seemingly countless ways for those breaches to occur. PAM systems, such as SS, are invaluable in getting this situation under control. Better still, SS can make your day-to-day work environment safer and easier to manage too.
Secret Server is a powerful, advanced product with a wide range of capabilities. Even so, it is very easy to use for regular day-to-day operations for non-technical people. The key to this is knowing what to ignore and understanding the bits you do need to know. This guide is designed to help you do just that. It provides links to only what you need to know. You can add other topics later as needed.
Technical Support: Please contact your organization's help desk.
Important: When using this User Guide, it is easy to get lost in the ocean of SS documentation. To avoid that, we recommend using <Ctrl > + click to access the links here. That way, the page you are going to will open to a new browser window, leaving this one as is, making it much easier to get back to. You can also simply use the browser back button to return, but that can get tiresome because many pages link to others.
Depending on how your administrators configured SS, you can log on with either your Active Directory account or a local account.
In your browser, go to the URL for your organization's SS.
On the login screen, enter your:
Active Directory username (or local one if you do not have one)
Active Directory password (or local one if you do not have one)
Select the your domain from the Domain dropdown list. If you do not have an AD domain, select Local instead.
(optional) Click to select the Remember Me on This Computer check box if you want to retain your username and domain on this computer.
Click the Login button. If you have Duo two-factor authentication, this appears:
Your cell phone receives a notification you have to approve to access SS.
Note: SS also supports other two-factor authentication methods (depending on what your organization configured), such as text or email codes that SS prompts you for.
Note: After you log on with your local account for the first time, you are immediately prompted to change your password .
Click the Login button. The SS Dashboard appears.
Secrets are individually named packets of sensitive information, such as passwords. Secrets address a broad spectrum of secure data, each type represented and created by a secret template that defines the parameters of all secrets based on it. Secrets are very powerful and provide many ways of controlling and protecting their data, such as:
Ensuring passwords are long, complex, and frequently changed.
Relieving users of having to remember numerous complex passwords or when to change them. You only need to remember your password to access SS. All of your secret passwords are managed for you.
Automatically changing passwords at set intervals with no user intervention.
Defining who has access to the secret.
Ensuring the person accessing SS or a secret is indeed you.
Recording who actually accessed a secret.
All secret text-entry field information is securely encrypted before being stored in the database, including a detailed audit trail for access and history.
Some important basic information about secrets:
Viewing Secrets (includes checking expiration and history)
Editing Secrets (includes manually changing passwords, instead of waiting for expiration)
Secret folders allow you to create containers of secrets based on your needs. They help organize your customers, computers, regions, and branch offices, to name a few. Folders can be nested within other folders to create sub-categories for each set of classifications. Secrets can be assigned to these folders and sub-folders. Folders allow you to customize permissions at the folder level, and all secrets within can inherit the folder's permissions. Setting permissions at the folder level ensures future secrets placed in that folder have the same permissions, simplifying management across users and groups.
Please set up Web Password Filler (WPF) in the following order:
Ensure you can log in to SS the conventional way.
If necessary, create a folder in SS where the WPF secrets will reside.
Install the WPF browser extension.
Configure WPF to point to SS.
Login to SS via WPF.
The SS check-out feature grants exclusive access to a single user. If a secret is configured for check out, a user can then access it. No other user can access a secret while it is checked out, except unlimited administrators. This guarantees that if the remote machine is accessed using the secret, the user who had it checked out was the only one with proper credentials at that time. See Secret Checkout for details.
Secret Server records specific events, including expired secrets, and optionally sends you alerts when they happen. See the Alert Notification Center and Creating Event Subscriptions for details.
We created a Getting Started Tutorial for technical users. While it covers many things you do not need to know right now, you may later find it helpful if you want to get a deeper understanding of SS.