Phone Number +1-202-802-9399 (US)

ThycoticCentrify is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Top 3 New Features in Secret Server 10.1

Written by Thycotic Team

January 18th, 2017

Secret Server 10.1 ushers in some powerful features to not only improve upon its pre-existing repertoire of capabilities but to add to them as well.
Firstly, a new level of control over SSH environments: SSH Key Rotation. Secondly, a brand new ability to manage password changing and heartbeat for IBM z/OS RACF accounts: Mainframe Password Changing. Finally, a frequently asked for feature: automating two-factor authentication assignment to incoming Active Directory user accounts.

1. SSH Key Rotation

Up until this release of Secret Server, we were only able to store SSH keys and leverage them for session launching, but now all of that has changed. There will be two new Secret Templates in Secret Server designed for SSH Key Rotation. One template is for UNIX or Linux accounts that can generate SSH keys and update the location where they reside. The other template allows for the assignment of a privileged account to aid a UNIX or Linux account that is unable to do so. Setting up a SSH Key Rotation Secret is easy to do from scratch by supplying the machine, username, password, and private key. Optionally, you can supply the private key passphrase, privileged account responsible for managing the SSH keys, or the public key (which can be generated by Secret Server based upon the private key if not supplied). You can also convert existing SSH Secrets to the new SSH Key Rotation templates to swiftly take advantage of this new feature. If the password changing or heartbeat commands should not be compatible with your environment, they can be modified just like any other type of Secret.

Note – Secret Server’s SSH Key Rotation is built against OpenSSH and by default only supports OpenSSH keys at this time.

2. Mainframe Password Changing

It is now possible to take your privileged account management a step further by letting Secret Server manage your IBM z/OS RACF accounts. Secret Server will come packaged with a new Secret Template to store the IBM z/OS RACF accounts that require a machine, username, and password. Optionally, you can supply a passphrase or port if you do not communicate to your system using port 3270. There will also be a special custom launcher available after the upgrade that leverages the freely available x3270 emulator once you have installed it. The commands for using heartbeat and password changing are simple to understand and should work out of the box for most systems. In no time at all, you can use Secret Server to be your one stop shop for IBM z/OS RACF account management.
Note – IBM z/OS RACF accounts have strict security requirements that will still need to be followed when using Secret Server to manage them.

3. Auto-Enable 2FA for AD Users

This is a simple, but formidable addition to Secret Server. You can now select from our various two-factor authentication integration options to auto-enable all new incoming Active Directory users who will be logging into Secret Server. You asked we listened, and now you can enjoy further automation in your Secret Server environment.

Get started with a free trial of Secret Server 10.1 for enterprise-level privileged account management and let us know in the comment section what your favorite new feature is.


Like this post?

Get our top blog posts delivered to your inbox once a month.