Delinea Documentation - Secret Server - 11.1.0
Secret Server End User Guide
This guide is for regular, non-administrative, users of Secret Server. It is mostly a set of links to a subset of the greater corpus of Secret Server documentation. For Secret Server Cloud, see the Secret Server Cloud Quick Start.
What Is Secret Server?
Secret Server is a privileged access management (PAM) system. Essentially that means it manages who can access what, when, and under whose authority—all without introducing weak points, such as weak passwords or stale user accounts, and discovering those that potentially exist. For large organizations, this is a huge undertaking. It only takes one security breach to cause huge problems, and there are seemingly countless ways for those breaches to occur. PAM systems, such as Secret Server, are invaluable in getting this situation under control. Better still, Secret Server can make your day-to-day work environment safer and easier to manage too.
What Is the Purpose of the End User Guide?
Secret Server is a powerful, advanced product with a wide range of capabilities. Even so, it is very easy to use for regular day-to-day operations for non-technical people. The key to this is knowing what to ignore and understanding the bits you do need to know. This guide is designed to help you do just that. It provides links to only what you need to know. You can add other topics later as needed.
Getting Help
Important: When using this User Guide, it is easy to get lost in the ocean of Secret Server documentation. To avoid that, we recommend using <Ctrl > + click to access the links here. That way, the page you are going to will open to a new browser window, leaving this one as is, making it much easier to get back to. You can also simply use the browser back button to return, but that can get tiresome because many pages link to others.
Logging on Secret Server
Depending on how your administrators configured Secret Server, you can log on with either your Active Directory account or a local account.
In your browser, go to the URL for your organization's Secret Server.
On the login screen, enter your:
Select the your domain from the Domain dropdown list. If you do not have an AD domain, select Local instead.
Click the Log In button. If you have Duo two-factor authentication, this appears:
Your cell phone receives a notification you have to approve to access Secret Server.
Note: Secret Server also supports other two-factor authentication methods (depending on what your organization configured), such as text or email codes that Secret Server prompts you for.
Note: After you log on with your local account for the first time, you are immediately prompted to change your password .
Click the Login button. The Secret Server Dashboard appears.
Secrets
Secrets are individually named packets of sensitive information, such as passwords. Secrets address a broad spectrum of secure data, each type represented and created by a secret template that defines the parameters of all secrets based on it. Secrets are very powerful and provide many ways of controlling and protecting their data, such as:
- Ensuring passwords are long, complex, and frequently changed.
- Relieving users of having to remember numerous complex passwords or when to change them. You only need to remember your password to access Secret Server. All of your secret passwords are managed for you.
- Automatically changing passwords at set intervals with no user intervention.
- Defining who has access to the secret.
- Ensuring the person accessing Secret Server or a secret is indeed you.
- Recording who actually accessed a secret.
All secret text-entry field information is securely encrypted before being stored in the database, including a detailed audit trail for access and history.
Some important basic information about secrets:
Secret Folders
Secret folders allow you to create containers of secrets based on your needs. They help organize your customers, computers, regions, and branch offices, to name a few. Folders can be nested within other folders to create sub-categories for each set of classifications. Secrets can be assigned to these folders and sub-folders. Folders allow you to customize permissions at the folder level, and all secrets within can inherit the folder's permissions. Setting permissions at the folder level ensures future secrets placed in that folder have the same permissions, simplifying management across users and groups.
Using Secrets on Websites (Web Password Filler)
Please set up Web Password Filler (WPF) in the following order:
Ensure you can log in to Secret Server the conventional way.
If necessary, create a folder in Secret Server where the WPF secrets will reside.
Install the WPF browser extension.
Configure WPF to point to Secret Server.
[Login to Secret Server via WPF](https://docs.thycotic.com/wpf/2.0.0/getting-started/login-Secret Server.md).
Checking out Secrets
The Secret Server check-out feature grants exclusive access to a single user. If a secret is configured for check out, a user can then access it. No other user can access a secret while it is checked out, except unlimited administrators. This guarantees that if the remote machine is accessed using the secret, the user who had it checked out was the only one with proper credentials at that time. See Secret Checkout for details.
Getting Notified of Secret Events
Secret Server records specific events, including expired secrets, and optionally sends you alerts when they happen. See the Inbox and Creating Event Subscriptions for details.
Learning More About Secret Server—the Getting Started Tutorial
We created a Getting Started Tutorial for technical users. While it covers many things you do not need to know right now, you may later find it helpful if you want to get a deeper understanding of Secret Server.