Secret Server

One feature I'd like to see is being able to nest groups inside other groups.

We've got a large user base with varying degrees of access, and it would make managing role memberships a lot easier with this ability

Jeremy, thanks much for the feedback.

I will add this to our list of feature requests.


best,
Scott
Thycotic Support

Jeremy,

One workaround at present is to use the AD Sync. You can then nest and manage your groups in AD and Secret Server will simply pull the groups in from AD. Note that Secret Server will flatten the membership from AD - for example:

AD Group1 => John, Steve
AD Group2 => Group1, Fred

If you sync both groups to Secret Server then:

SS AD Group1 => John, Steve
SS AD Group2 => John, Steve, Fred

You can then assign these groups to roles and just do nesting in AD.

Hope that makes sense.

Thanks for the feedback!

Jeremy,

Is anything like ADSync available for the hosted solution?

thanks,

Larry

Unfortunately the AD integration is only available in the Installed Edition.

Unfortunately the AD group nesting would not apply in our circumstance.

We have multiple AD Group Admins, who, by policy, are not administrators in Secret Server. If I used the group nesting for this purpose, then it would be possible for a security group administrator to give themselves elevated access in Secret Server by modifying their group membership.

Our only AD syncing is done by a single group which gives a user the ability to log into Secret Server. All rights and membership in Secret Server is contained in the application