The article below offers some recommendations and best practices, but we strongly recommend you review the full set of technical documentation regarding Delinea’s Secret Server for complete guidance.
As a starting point? This Quick Start Guide for Technical Users is a good summary.
A few Customer Success tips as you follow along on with the docs:
We recommend tackling in the following order and taking your time. Test as much as you need to before you begin taking any actions that could cause a real user to become locked out.
Tips as you set up A/D and accounts
- Enable Active Directory
- Assign starter roles and permissions – We suggest:
- Creating an account for yourself, inviting yourself to the platform, making yourself an admin.
- Then, invite any additional starter admins.
- Integrate with Entra and create custom roles
Test credential management first
-
Set up a few test privileged accounts. Create a test admin account in your Active Directory.
-
Vault them and then set up password requirements (like complexity and length) and a rotation cadence. See how it goes and make adjustments as needed.
Here’s a 3-minute guide to setting up password rotation.
A few other key docs:
- Create Secrets for test accounts
- Review engine management and heartbeat
- Set up password rotation
- Set up check in and checkout for your test accounts
We strongly recommend establishing password rotation for, at a minimum, 10% of your organization’s secrets.
IMPORTANT: Once you start rotating passwords on any amount of real accounts, you will have officially launched your vault. Make sure you are comfortable with how this works on your test accounts and explore our documentation fully before taking that step.
When you’re ready to bring real accounts in, we recommend starting with privileged domain accounts.
Set up MFA and Credential Manager
We do recommend setting up MFA on highly privileged secrets:
A good benchmark to consider is that successful Delinea customers typically see ~20% of licensed users using the platform within 30 days of setup.
If you’re using Delinea to protect your workforce credentials, communicate with end users!
Of course, adoption requires strong communication on your organization’s side. If your company has not yet rolled out communications about your use of Delinea to stakeholders, feel free to share this end user guide.
Folders
Now that you have users set up in your system, organize them into groups and roles. A smart folder strategy will help you in the long-term.
Take some time to set up your folders in a way that will work for your organization. There are various methods and tips, but there is no “right” way.
Discover and analyze unsecured accounts
Of course, once you’ve vaulted accounts, established MFA and rotation, and developed a structure to house them, the next questions is: how do you find additional accounts that you need to vault and manage?
This is where Secret Server’s built in Discovery capability comes in.
Set up Time Stamp to discover and import secrets.
Another valuable element of discovery is session management, monitoring, and recording. Learn how to access, monitor, and record active sessions here to identify abnormal activity: Set up Privileged Session Management, Monitoring and Recording