Delinea
Fast, hassle-free PAM deployment and seamless scaling to fit organisations of any size
KeeperPAM offers seamless infrastructure access through its secure vault. Simply log in with Multi-Factor Authentication (MFA) for one-click, passwordless access to servers, databases, web apps and SaaS platforms.
KeeperPAM is zero-knowledge and zero-trust, meaning Keeper never has access to your network, infrastructure or secrets. With a lightweight, containerised gateway, Keeper eliminates on-prem complexity while providing full auditing, session logging and flexible access through a UI, CLI or isolated web browsing.
Deploying Keeper Security is fast, flexible and designed to scale with your organisation’s needs. Keeper's innovative cloud-native architecture ensures rapid implementation with minimal IT overhead, and professional services are never required.
There are just three steps to deploy KeeperPAM:
-
Deploy the vault with your SSO and provision through SCIM, SAML or AD
- Set policy
-
Install a Keeper Gateway in the target environments
Delinea’s platform stems from the merger of Centrify and Thycotic, resulting in a product assembled from separate components rather than built with the customer experience at its core. As a result, Delinea’s PAM solution combines legacy systems with a partially converged cloud platform, leading to multiple tools, interfaces and a more complex administrative experience for end users.
Delinea lacks comprehensive Command-Line Interface (CLI) support across its core products, including Secret Server, Privilege Manager and Server Suite. While CLI tools are a critical component for automation, scripting and integration into DevOps workflows, Delinea provides only a very limited CLI – available only for its DevOps Secrets Vault – which requires a separate purchase and is not integrated with the rest of the platform. This splintered approach hinders operational efficiency and automation capabilities, particularly for organisations seeking a unified, scriptable interface across their PAM tools.
Due to its complexity, costly professional services are almost always needed to deploy Delinea PAM.
Seamless session management
Keeper enables users to securely and instantly access resources within their infrastructure, such as servers, databases, web applications and workloads, directly from the Keeper Vault. Connections are configured through specific PAM record types, including PAM Machine, PAM Database, PAM Directory and PAM Remote Browser, and can be launched directly from these records once set up.
Screen and keyboard activity can be recorded during remote sessions across all protocols, including SSH, RDP, VNC, databases and web browser sessions. Recordings are encrypted and stored in the cloud, and events can be logged to any SIEM.
KeeperPAM ensures complete privacy and security through its zero-knowledge architecture, where all sessions are end-to-end encrypted between the user's vault and the target resource. Session recordings are encrypted and stored by the customer-managed Keeper Gateway, and only authorised users with proper access can view them. Recordings are decrypted locally in the user's vault using unique keys per session, maintaining strict least-privilege access control.
Delinea’s session management introduces complexity and coverage gaps that can hinder full visibility into privileged activity.
Achieving complete session auditing requires additional components and configuration. For example, a message queue (RabbitMQ) is recommended for reliable session video streaming. This adds deployment complexity.
Session recordings stop after a fixed duration – two hours by default, up to eight hours maximum with configuration. Long-running admin sessions may not be fully captured, leaving gaps in the activity log.
Simplified secrets management with a fully cloud-based, easy-to-deploy solution
Keeper Secrets Manager – part of the KeeperPAM platform – is a fully managed, cloud-based solution that secures infrastructure secrets, access keys and other confidential data. Secrets Manager integrations do not require any on-premises components to be installed, and you can easily integrate with your CI/CD and build systems out of the box.
Easy-to-use rotation capabilities leverage a lightweight gateway to perform actions locally, which prevents the need to open any firewall ports to the outside. By combining passwords and secrets into a single, user-friendly UI, IT admins can easily manage complex policies and quickly create detailed reports.
KeeperPAM supports both static and dynamic secret workflows within a single platform, along with zero-knowledge security and built-in JIT capabilities.
Delinea provides a secrets management solution via Secret Server for cloud and on-premises environments that is complex to deploy and difficult to maintain.
Gartner stated that Secret Server needs additional customisation through PowerShell, burdening its users. In addition to these hurdles, customers often complain about Delinea’s technical support response times.
Delinea’s Secret Server issues static credentials. It does not natively generate dynamic, short-lived secrets for just-in-time use. In Secret Server, passwords are pre-created and rotated on a schedule – not generated on demand per session.
Comprehensive password management for all users
Keeper Enterprise Password Manager, part of KeeperPAM, is a highly rated, cloud-based password manager trusted by millions. Designed for all users, it is accessible via a web-based interface, browser plugins, mobile apps and desktop apps for seamless access across devices.
Keeper SSO Connect enhances security by enabling federated authentication into a user’s Keeper Vault, securing access to apps and websites not typically covered by SSO. KeeperFill simplifies authorisation by autofilling passwords, passkeys and 2FA codes.
For administrators, Keeper provides role-based enforcement, delegated administration and detailed visibility. The Keeper Admin Console offers advanced reporting via CLI or APIs, while the Risk Management Dashboard ensures proper configuration, adoption and compliance. BreachWatch® provides dark web monitoring to detect breached credentials.
Delinea’s Secret Server is built and marketed for large enterprises, with a heavy focus on technical teams and complex IT environments. As a result, smaller organisations are overlooked, and non-technical users may find it unintuitive and difficult to adopt. The emphasis on enterprise-scale deployments creates barriers for organisations seeking a straightforward, more inclusive approach.
Delinea targets IT administrators and is not user-friendly for non-IT users. This may explain the negative reviews from users who have struggled with its mobile apps and browser plug-ins.
Delinea lacks key security features such as comprehensive passkey management, one-time sharing and self-destructing shares. It also does not use zero-knowledge encryption and lacks desktop applications for end users.
Unlike Keeper Enterprise Password Manager, Delinea does not offer free family plans for each enterprise user.
