Active Directory integration gives administrators a simple and effective way to automatically grant and revoke access to Secret Server with tools and policies that are already in place. By granting rights based on domain security groups you can ensure that when a user changes roles in a company their rights in Secret Server can change appropriately.

Microsoft also provides additional single sign on and security options that Secret Server can leverage. With Integrated Windows Authentication or ADFS you can provide Single Sign On (SSO) to Secret Server to simplify a user’s day to day.

There may be some cases where Active Directory isn’t feasible due to separation of duties, or environments under tight control and there is no domain. In those situations, Secret Server does have its own user and group store and capabilities, and group membership changes can be delegated across teams to limit overhead.

Regardless of which user authentication methodology is right for your environment, you will be able to make use of SAML for SSO—a feature available with Secret Server Professional and Premium editions—and two-factor for enhanced security.