Business analysts, Forrester Research estimated that each password reset request costs $70 to service. While estimates of the cost of password issues vary, there is no doubt that the need for so many different passwords to get access to enough resources to perform a standard job these days creates an impossible memory test for the typical modern worker.
It might seem that the only logical solution to the productivity drag is to do away with passwords altogether. However, there is a better way. Password management systems cut down the time that password reset requests take to service. They can even enable users to reset their passwords themselves.
Here is our list of the best enterprise password management solutions:
- ManageEngine ADSelfService Plus EDITOR’S CHOICE This package of services saves time and money by automating password management and allowing users to use a portal to reset passwords. Available for Windows Server, AWS, and Azure. Start 30-day free trial.
- N-able Passportal Cloud-based password management platform combined with a document manager.
- IT Glue A combination of password manager and document manager in an online service.
- ITBoost Cloud-based infrastructure system that includes a password manager, a document manager, and a configuration manager.
- Keeper Enterprise Password Manager Data loss prevention system built around a password manager.
- Passbolt Cloud Enterprise-ready password manager based in the cloud.
Many password managers are cloud-based services, so they don’t require any technicians to install and maintain on-site software or the computers needed to host them. Enterprise password management solutions are essential tools for businesses that want to improve efficiency while staying secure.
In this report, you will read about the six best enterprise password managers. This shortlist will reduce the time that you need to spend researching potential password managers for your enterprise.
The best Enterprise Password Management Solutions
You can read more details about each of these solutions in the following sections.
1. ManageEngine ADSelfService Plus (FREE TRIAL)
ManageEngine ADSelfService Plus is an innovative solution to access rights management and user controls over passwords. The tool interfaces to Active Directory and adds on more password management options in an easy-to-use interface.
This service allows you to set up a portal for your users. This gives them a single sign-on package, once the user logs into the portal, you can present icons to all of the applications that they will be able to access without having to enter credentials again. It is possible to mix on-premises and cloud systems in the same access menu.
The password management system allows you to specify password complexity rules and multi-factor authentication. The password system is linked to Active Directory, so you can get your rules applied to all domains on your system, extending a ripple through of the single sign-on package to services such as Outlook, Microsoft 365, and Google Workspaces.
The user access portal includes an opportunity for users to manage their own passwords. One of the biggest demands on Help Desks comes from requests to reset forgotten passwords. The portal enables users to reset their passwords through an automated system, relieving support technicians of a lot of work. Password changes are managed by ADSelfService Plus automatically, passing the changes through to all AD domain controllers.
Of course, user accounts are targeted by hackers. The ADSelfService Plus system records excessive failed login attempts and sends alerts to technicians when these happen. The system is also able to produce analytical reports on user activities.
ADSelfService Plus is a software package rather than a SaaS platform. However, you can install it in the cloud by accessing it as a service in the Azure and AWS marketplaces. On-premises, you would run the package on Windows Server.
There are three editions for ADSelfService Plus, called Free, Standard, and Professional. The top plan adds on local cache management and a password policy enforcement system. The Free edition is the same as the Professional package but limited to managing 50 user accounts. You can get the Professional edition with a 30-day free trial.
Pros:
- Users get access from mobile devices as well as desktops
- The service can be linked to the device login screen
- Single sign-on management
- User-demanded password resets
Cons:
- Cloud installations are not SaaS platforms, so you still need to manage the software
2. N-able Passportal
EDITOR’S CHOICE
ManageEngine ADSelfService Plus is our top pick for an enterprise password management solution because it simplifies user access through a single sign-on feature while confounding interlopers with 2FA and password complexity enforcement. You can track likely brute force credentials cracking with the alerts and reports provided by the service and a lot of the work involved in coordinating passwords across domains is managed behind the scenes by the ADSelfService Plus software.
Download: Get a 30-day FREE Trial
Official Site: https://www.manageengine.com/products/self-service-password/download.html
OS: Windows Server, AWS, and Azure
Passportal is a product of N-able. The service is offered primarily to managed service providers. However, it could also be used by IT departments.
This service is delivered from the cloud, so you don’t need to worry about installing software on your site. Access to Passportal is gained through a web browser. The Passportal package includes a password manager and a secure document manager.
The password manager interfaces to many pre-existing access rights systems that you might already have deployed. These include Active Directory, Office 365, Azure servers, and LDAP implementations. The advantage of using Passportal is that it unifies all of the different access rights systems within an enterprise and presents a common interface. All of the current statuses of those other access rights systems will be reflected in Passportal and any changes you make in the online interface will be automatically synced to those systems. This gives you one central location to manage passwords for all of your sites and cloud resources as well.
Password management features in Passportal include enforced password rotation and a setting that demands strong passwords. The system is able to autofill password fields for users on recognized devices. An audit trail utility in the tool helps your technicians to track access to protected resources and also counts towards data protection standards conformance verification.
An extra utility, called Passportal Blink, is a self-service portal that enables users to reset their own passwords. This facility will greatly reduce calls to IT support and free up technicians for other system administration tasks or help you to reduce the size of the technical support department and save money.
The Passportal system sets itself up through an autodiscovery feature. This searches your system and logs all existing services and resources using access rights, loading that information into its own system and password vault. The password vault is stored on the Passportal server and is protected by encryption all communications between your site and the Passportal system in the cloud are also protected with encryption.
You can request a demo from their website.
Supports automatic Active Directory sync via LDAP
Can run access audits to easily identify internal changes made during a period of time
Supports compliance reporting to identify weak passwords and force changes base on policy
Users generate their own encryption key, securing their cloud data from third parties, including Passportal
Smaller networks may not benefit from the MSP/enterprise-specific tools Passportal offers
3. IT Glue
IT Glue is another password manager that is marketed to MSPs but could also be used by IT departments in-house. Like Passportal, this package includes a document manager as well as a password manager. IT Glue is a cloud-based service provided by Kaseya. The company is a well-known producer of IT infrastructure monitoring software and provides support systems for MSPs.
This password manager includes a secure password vault, which is hosted on the ITGlue server. The password manager interface can connect through to Active Directory instances on your sites. The password manager will read all current access rights from AD and import them into the online interface. Any changes made in ITGlue get synched to Active Directory.
The tool includes access tracking and there is a secure password vault stored on the cloud. Another great feature is the tool’s ability to identify at-risk accounts and warn the administrator to close them down.
IT Glue is able to interact with a lot of other tools that you may well have onsite. In order to attract MSPs, the system is particularly well integrated with other Kaseya services, for managed service providers, such as Kaseya VSA and Kaseya BMS. The provider doesn’t trap you into buying its other products by limiting compatibility. IT Glue can also integrate with N-able, ConnectWise, and Barracuda products among others.
An add-on to the service, called MyGlue is a version of ITGlue that can be deployed directly by IT departments rather than being managed by an MSP. This version of the ITGlue system that includes both document and password management functions can also be bought as a standalone package by companies that don’t use the services of an MSP.
IT Glue is paid for by a subscription that is calculated per user per month. There are three editions of the service: Basic, Business, and Enterprise. Password management is a feature in all of those plans. The Enterprise edition includes a single sign-on (SSO) feature. This doesn’t manage the single sign-on service, but interfaces to whichever SSO system that you choose to implement.
Works well in MSP environments as well as in mid-size organizations
Offers a robust library of templates to get started quickly
Manages documentation as well as credentials
If fairly extensive and can take time to fully explore all of IT Glue’s options and add-ons
4. ITBoost
ITBoost is offered by ConnectWise, a producer of infrastructure monitoring tools. ConnectWise also produces MSP support tools and ITBoost is offered to those businesses. However, it could also be useful to IT departments for in-house use.
This is a cloud-based service and the dashboard is accessed through a browser. The tool includes a document manager and a configuration manager as well as a password management system. The storage needed for these three systems is included in the package. The cloud storage space is protected by encrypted and segmented per end client for MSPs because this is a multi-tenanted system. All communications between sites and the ITBoost servers are protected by encryption.
The console of the password manager includes functions to create and remove user accounts and also to change passwords. All passwords are stored in a secure vault on the ITBoost server. The vault and all communications between your site and the ITBoost server are protected by encryption. Login credentials can be strengthened by implementing two-factor authentication via Google Authentication.
The system includes an access logging system and auditing and reporting functions that will help you to prove compliance to data protection standards, such as HIPAA, PCI-DSS, and GDPR.
ITBoost is able to work alongside other system monitoring and MSP software, exchanging information with them to create tight integrations. As ITBoost is a product of ConnectWise, it is particularly designed to interact well with other products from that company, such as ConnectWise Control, ConnectWise Automate, and ConnectWise Manage. It also integrates with MSP RMM and PSA software produced by other providers, including Pulseway, N-able, Atera, Addigy, and Kaseya.
ITBoost is a subscription service and is available in three editions: Basic, Plus, and Premium. The password manager and access auditing features are included in all editions. ITBoost is available on a 14-day free trial.
Cloud-based document management allows organizations to scale their knowledgebases without infrastructure cost
Allows for internal and external KB articles to help both staff and clients troubleshoot problems
Revision controls protect and audit documents
The trial is only 14-day, would benefit from a longer testing period
5. Keeper Enterprise Password Management
The Keeper Enterprise Password Management system gives each user a separate, secure password vault. This cloud-based service is able to monitor access to enterprise resources whether they are on-premises or in the cloud.
Keeper Security produces six versions of its password management service: Student, Personal, Family, Business, MSP, and Enterprise. The Enterprise edition is the most comprehensive of all of the editions and it is aimed at large companies.
There is no limit to the number of resources that can be guarded with this security tool and also no limit on the number of users that can be registered in the system. Keeper will coordinate with your existing Active Directory and LDAP-based access rights controllers, giving you one interface to centralize all of your access rights management tasks. All changes made to access permission in the Keeper interface instantly get updated in the relevant on-site AD or LDAP controller.
The service includes a number of team management functions that enable the systems administrator to create access groups and also assign permissions according to user roles. Single sign-on with SAML 2.0 is included as is two-factor authentication using DUO or RSA.
Large organizations might employ several administrators, each having responsibility for different divisions. In these instances, the system visibility can be segmented for different user accounts, letting each administrator only able to access those access rights over which he has responsibility.
Logging, auditing, and reporting modules in the service let administrators spot unusual account activity and help enterprises prove conformance to data security standards, such as HIPAA and GDPR.
The service is paid for by subscription and the price is calculated per user, billed per year in advance. You can get a 14-day free trial of the Business package to assess the service.
Offers actively managed security for its password manager
Can identify and alert to account takeovers
Offers detailed auditing and built-in data loss prevention
Only available as a SaaS subscription model
Would like to see more support for autofill across different browsers
6. Passbolt Cloud
Passbolt is available both on-premises and as a cloud service. The password management system covers all resources of the company including the network, endpoints, servers, and the applications that run on them. The cloud version of the system is probably a better option; this is because it removes password data from your premises where disaster could otherwise wipe out the password vault as well as the on-site access rights systems that the password manager coordinates with.
The administrator’s console of Passbolt enables the creation of user accounts for individuals and groups. The password vault for the service is hosted on servers in Europe, so it all complies with GDPR. The system is able to enforce two-factor authentication and is also able to assign a one-time password for new accounts, enabling new users to be prompted to enter a password of their own preference.
All communications between the monitored site and the Passbolt servers are encrypted and so is the storage space. All access to the client area of Passbolt Cloud requires user credentials. The system is sufficiently secure to prevent snoopers from getting access as long as no administrator gets tricked into giving away an account password.
There is a free version of Passbolt, which is called Community, but that is only available as an on-site package and it doesn’t include sufficient security measures for a large enterprise. Passbolt Cloud is available in two editions: Business and Enterprise. Large companies need to go for the Enterprise version because the Business edition doesn’t interface to onsite Active Directory or LDAP access rights systems. Passbolt Cloud is available on a 14-day free trial.
Free for on-premise installations
Integrates with Active Directory via LDAP
Supports multi-factor authentication options
Would benefit from a longer 30-day trial
How to decide on a password management solution
As a large enterprise, you can’t afford to cut costs when it comes to password management systems. You should instead, look for a valuable password management service that will enable you to reduce inefficiencies and, thereby, reduce costs. A good password management system will pay for itself in cost savings.
This list is almost exclusively made up of online services. This is because hosting your password management system on a remote server automatically insures you against on-site disaster and enables you to recover rapidly from any system or environmental catastrophe that might hit your premises.
Some business managers might be cautious about sending sensitive data outside of the building over the internet. However, all of the cloud-based systems in our list secure all transmissions between the client site and the cloud server with encryption. They also encrypt all accounts so even the technicians that look after the service can’t read the passwords contained in the hosted vaults.
However, for those who really don’t want to go to the cloud, we have included the ManageEngine Password Manager Pro package, which is software to run on-premises. There is also an on-premises version of Passbolt Enterprise to consider.
After reading through the descriptions of each of these recommended password managers, your next task is to narrow down your options to just two or three. A few of the services on the list are very similar, particularly Passportal, ITBoost, and IT Glue. In these cases, your final choice will come down to the appeal of the user interface’s layout and design.
