Business analysts, Forrester Research estimated that each password reset request costs $70 to service. While estimates of the cost of password issues vary, there is no doubt that the need for so many different passwords to get access to enough resources to perform a standard job these days creates an impossible memory test for the typical modern worker.
It might seem that the only logical solution to the productivity drag is to do away with passwords altogether. However, there is a better way. Password management systems cut down the time that password reset requests take to service. They can even enable users to reset their passwords themselves.
Short on time? Here is our list of the best enterprise password management solutions:
- SolarWinds Passportal (GET DEMO) Cloud-based password management platform combined with a document manager.
- IT Glue A combination of password manager and document manager in an online service.
- ITBoost Cloud-based infrastructure system that includes a password manager, a document manager, and a configuration manager.
- ManageEngine Password Manager Pro On-site software for Windows and Linux that implements password management.
- Keeper Enterprise Password Manager Data loss prevention system built around a password manager.
- Passbolt Cloud Enterprise-ready password manager based in the cloud.
Many password managers are cloud-based services, so they don’t require any technicians to install and maintain on-site software or the computers needed to host them. Enterprise password management solutions are essential tools for businesses that want to improve efficiency while staying secure.
In this report, you will read about the six best enterprise password managers. This shortlist will reduce the time that you need to spend researching potential password managers for your enterprise.
The best Enterprise Password Management Solutions
You can read more details about each of these solutions in the following sections.
Passportal is a product of SolarWinds MSP. The service is offered primarily to managed service providers. However, it could also be used by IT departments.
This service is delivered from the cloud, so you don’t need to worry about installing software on your site. Access to Passportal is gained through a web browser. The Passportal package includes a password manager and a secure document manager.
The password manager interfaces to many pre-existing access rights systems that you might already have deployed. These include Active Directory, Office 365, Azure servers, and LDAP implementations. The advantage of using Passportal is that it unifies all of the different access rights systems within an enterprise and presents a common interface. All of the current statuses of those other access rights systems will be reflected in Passportal and any changes you make in the online interface will be automatically synced to those systems. This gives you one central location to manage passwords for all of your sites and cloud resources as well.
Password management features in Passportal include enforced password rotation and a setting that demands strong passwords. The system is able to autofill password fields for users on recognized devices. An audit trail utility in the tool helps your technicians to track access to protected resources and also counts towards data protection standards conformance verification.
An extra utility, called Passportal Blink, is a self-service portal that enables users to reset their own passwords. This facility will greatly reduce calls to IT support and free up technicians for other system administration tasks or help you to reduce the size of the technical support department and save money.
The Passportal system sets itself up through an autodiscovery feature. This searches your system and logs all existing services and resources using access rights, loading that information into its own system and password vault. The password vault is stored on the Passportal server and is protected by encryption all communications between your site and the Passportal system in the cloud are also protected with encryption. You can request a demo from their website.
IT Glue is another password manager that is marketed to MSPs but could also be used by IT departments in house. Like Passportal, this package includes a document manager as well as a password manager. IT Glue is a cloud-based service provided by Kaseya. The company is a well-known producer of IT infrastructure monitoring software and provides support systems for MSPs.
This password manager includes a secure password vault, which is hosted on the ITGlue server. The password manager interface can connect through to Active Directory instances on your sites. The password manager will read all current access rights from AD and import them into the online interface. Any changes made in ITGlue get synched to Active Directory.
The tool includes access tracking and there is a secure password vault stored on the cloud. Another great feature is the tool’s ability to identify at-risk accounts and warn the administrator to close them down.
IT Glue is able to interact with a lot of other tools that you may well have onsite. In order to attract MSPs, the system is particularly well integrated with other Kaseya services, for managed service providers, such as Kaseya VSA and Kaseya BMS. The provider doesn’t trap you into buying its other products by limiting compatibility. IT Glue can also integrate with SolarWinds, ConnectWise, and Barracuda products among others.
An add-on to the service, called MyGlue is a version of ITGlue that can be deployed directly by IT departments rather than being managed by an MSP. This version of the ITGlue system that includes both document and password management functions can also be bought as a standalone package by companies that don’t use the services of an MSP.
IT Glue is paid for by a subscription that is calculated per user per month. There are three editions of the service: Basic, Business, and Enterprise. Password management is a feature in all of those plans. The Enterprise edition includes a single sign-on (SSO) feature. This doesn’t manage the single sign-on service, but interfaces to whichever SSO system that you choose to implement.
ITBoost is offered by ConnectWise, a producer of infrastructure monitoring tools. ConnectWise also produces MSP support tools and ITBoost is offered to those businesses. However, it could also be useful to IT departments for in-house use.
This is a cloud-based service and the dashboard is accessed through a browser. The tool includes a document manager and a configuration manager as well as a password management system. The storage needed for these three systems is included in the package. The cloud storage space is protected by encrypted and segmented per end client for MSPs because this is a multi-tenanted system. All communications between sites and the ITBoost servers are protected by encryption.
The console of the password manager includes functions to create and remove user accounts and also to change passwords. All passwords are stored in a secure vault on the ITBoost server. The vault and all communications between your site and the ITBoost server are protected by encryption. Login credentials can be strengthened by implementing two-factor authentication via Google Authentication.
The system includes an access logging system and auditing and reporting functions that will help you to prove compliance to data protection standards, such as HIPAA, PCI-DSS, and GDPR.
ITBoost is able to work alongside other system monitoring and MSP software, exchanging information with them to create tight integrations. As ITBoost is a product of ConnectWise, it is particularly designed to interact well with other products from that company, such as ConnectWise Control, ConnectWise Automate, and ConnectWise Manage. It also integrates with MSP RMM and PSA software produced by other providers, including Pulseway, SolarWinds, Atera, Addigy, and Kaseya.
ITBoost is a subscription service and is available in three editions: Basic, Plus, and Premium. The password manager and access auditing features are included in all editions. ITBoost is available on a 14-day free trial.
ManageEngine Password Manager Pro is probably your best option if you don’t trust cloud services and would prefer on-premises software. This tool installs on Windows and Linux servers. As this isn’t a cloud service, there is no remote storage space included in the price.
It doesn’t matter which platform you install Password Manager Pro on, the service will monitor resources within your enterprise that run with a wide range of operating systems. It will also administer passwords on MacOS, Unix, Oracle, Sybase, MySQL, SQL Server, Juniper Networks, and Cisco Systems devices.
You can use this password manager to set up and administer passwords for all company resources because the tool is able to synchronize with existing access rights management systems, such as Active Directory and LDAP implementations. In fact, it will populate its own access rights database and password vault through an initial discovery phase. Changes made to access rights within the Password Manager Pro interface automatically get rolled out to your other access rights management tools.
The system will automatically rotate the passwords for nominated groups of accounts on specific resources. It is able to spot suspicious account activity through constant monitoring and logging. Any unexpected user behavior triggers an alert in the dashboard that draws the attention of the system administrator.
Features include periodic password resets and password strength enforcement. It is also able to implement multi-factor authentication. Reporting features include the auditing functions needed to prove compliance to data protection standards, such as HIPAA, PCI-DSS, and GDPR.
Password Manager Pro is available in a Free edition. However, that version is limited to overseeing the access rights for ten resources. The other editions of the system are called Standard, Premium, and Enterprise. The price of the paid editions depends on the number of administrators that will use the system. The Enterprise version of Password Manager Pro is available for two administrators on a 30-day free trial.
The Keeper Enterprise Password Management system gives each user a separate, secure password vault. This cloud-based service is able to monitor access to enterprise resources whether they are on-premises or in the cloud.
Keeper Security produces six versions of its password management service: Student, Personal, Family, Business, MSP, and Enterprise. The Enterprise edition is the most comprehensive of all of the editions and it is aimed at large companies.
There is no limit to the number of resources that can be guarded with this security tool and also no limit on the number of users than can be registered in the system. Keeper will coordinate with your existing Active Directory and LDAP-based access rights controllers, giving you one interface to centralize all of your access rights management tasks. All changes made to access permission in the Keeper interface instantly get updated in the relevant on-site AD or LDAP controller.
The service includes a number of team management functions that enable the systems administrator to create access groups and also assign permissions according to user roles. Single sign-on with SAML 2.0 is included as is two-factor authentication using DUO or RSA.
Large organizations might employ several administrators, each having responsibility for different divisions. In these instances, the system visibility can be segmented for different user accounts, letting each administrator only able to access those access rights over which he has responsibility.
Logging, auditing and reporting modules in the service let administrators spot unusual account activity and help enterprises prove conformance to data security standards, such as HIPAA and GDPR.
The service is paid for by subscription and the price is calculated per user, billed per year in advance. You can get a 14-day free trial of the Business package to assess the service.
Passbolt is available both on-premises and as a cloud service. The password management system covers all resources of the company including the network, endpoints, servers, and the applications that run on them. The cloud version of the system is probably a better option; this is because it removes password data from your premises where disaster could otherwise wipe out the password vault as well as the on-site access rights systems that the password manager coordinates with.
The administrator’s console of Passbolt enables the creation of user accounts for individuals and groups. The password vault for the service is hosted on servers in Europe, so it all complies with GDPR. The system is able to enforce two-factor authentication and is also able to assign a one-time password for new accounts, enabling new users to be prompted to enter a password of their own preference.
All communications between the monitored site and the Passbolt servers are encrypted and so is the storage space. All access to the client area of Passbolt Cloud requires user credentials. The system is sufficiently secure to prevent snoopers from getting access as long as no administrator gets tricked into giving away an account password.
There is a free version of Passbolt, which is called Community, but that is only available as an on-site package and it doesn’t include sufficient security measures for a large enterprise. Passbolt Cloud is available in two editions: Business and Enterprise. Large companies need to go for the Enterprise version because the Business edition doesn’t interface to onsite Active Directory or LDAP access rights systems. Passbolt Cloud is available on a 14-day free trial.
How to decide on a password management solution
As a large enterprise, you can’t afford to cut costs when it comes to password management systems. You should instead, look for a valuable password management service that will enable you to reduce inefficiencies and, thereby, reduce costs. A good password management system will pay for itself in cost savings.
This list is almost exclusively made up of online services. This is because hosting your password management system on a remote server automatically insures you against on-site disaster and enables you to recover rapidly from any system or environmental catastrophe that might hit your premises.
Some business managers might be cautious about sending sensitive data outside of the building over the internet. However, all of the cloud-based systems in our list secure all transmissions between the client site and the cloud server with encryption. They also encrypt all accounts so even the technicians that look after the service can’t read the passwords contained in the hosted vaults.
However, for those who really don’t want to go to the cloud, we have included the ManageEngine Password Manager Pro package, which is software to run on-premises. There is also an on-premises version of Passbolt Enterprise to consider.
After reading through the descriptions of each of these recommended password managers, your next task is to narrow down your options to just two or three. A few of the services on the list are very similar, particularly Passportal, ITBoost, and IT Glue. In these cases, your final choice will come down to the appeal of the user interface’s layout and design.