IBM Security Secret Server provides centralized management of privileged credentials, secure access, session recording, and replay. Its pricing model is unique, being based on user count rather than system connections, making it a flexible choice for organizations.
| Product | Mindshare (%) |
|---|---|
| IBM Security Secret Server | 1.3% |
| CyberArk Privileged Access Manager | 9.8% |
| One Identity Safeguard | 4.3% |
| Other | 84.6% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Privileged Access Management (PAM) | Jun 23, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 23, 2026 | Download |
| Comparison | IBM Security Secret Server vs Idira Privileged Access Manager | Jun 23, 2026 | Download |
| Comparison | IBM Security Secret Server vs One Identity Safeguard | Jun 23, 2026 | Download |
| Comparison | IBM Security Secret Server vs Okta Platform | Jun 23, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Okta Platform | 4.3 | 3.3% | 96% | 118 interviewsAdd to research |
| Idira Privileged Access Manager | 4.3 | 9.8% | 95% | 230 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 4 |
| Midsize Enterprise | 1 |
| Large Enterprise | 2 |
| Company Size | Count |
|---|---|
| Small Business | 18 |
| Midsize Enterprise | 20 |
| Large Enterprise | 29 |
IBM Security Secret Server enhances cybersecurity by integrating with frameworks and offering features like monitoring, high availability, and adaptable reporting. It simplifies password management, automates changes, and ensures compliance with security protocols. The platform is valued for its ease of deployment and user-friendly interface, although it can improve in areas such as the GUI and integration process. Complex high availability and disaster recovery setups are noted challenges, along with nonclustered indexing issues affecting performance. Users desire improvements in local support and migration processes.
What are the key features of IBM Security Secret Server?Organizations across various industries implement IBM Security Secret Server for managing privileged access and securing critical systems. It serves financial institutions by providing a secure jump server for accessing core banking platforms and databases. IT managers benefit from workflow approvals and automated password management, ensuring compliance and boosting security posture. The platform's session recording and auditing features are crucial for sectors needing detailed activity documentation.
IBM Security Secret Server was previously known as IBM Secret Server, Secret Server, IBM Security Privileged Identity Manager.
| Author info | Rating | Review Summary |
|---|---|---|
| Chief Information Security Officer at a insurance company with 501-1,000 employees | 4.0 | I've used IBM Security Secret Server for over four years; it's effective for privileged user monitoring, password vaulting, and session recording. While it's scalable and integrates well, regional support and some integrations could be improved. |
| Chief Information Security Officer at a insurance company with 501-1,000 employees | 3.5 | I use IBM Security Secret Server primarily to monitor user activities and commands with a single-access console that is easy to manage. Although its support needs improvement, it integrates well with other IBM solutions, unlike BeyondTrust. |
| Head of IT Security at a financial services firm with 5,001-10,000 employees | 3.5 | I find IBM Security Secret Server user-friendly, scalable, and appreciate its user-based pricing. However, it requires customization, lacks full network proxy features, and IBM's technical support is poor. I rated it 7/10. |
| Cyber security consultant at a tech services company with 1,001-5,000 employees | 4.5 | I use IBM Security Secret Server for managing privileged accounts, session recording, and as a jump server. While effective, it needs better shared storage management and out-of-the-box privilege account discovery. It's easier to use than CyberArk due to its SQL database. |
| Senior Presales Specialist at a computer software company with 11-50 employees | 5.0 | I rate IBM Security Secret Server highly. Its live recording and approval workflows are excellent for server access management. It's stable, scalable, and easy to set up, despite the new interface potentially confusing older users. Overall, it's a very valuable solution. |
| IAM Consultant at a tech services company with 11-50 employees | 3.5 | I find IBM PIM excellent for centralized password management, greatly improving security. Setup was simple, and support is good. However, I note that HA/DR setup is complex, and cloud migration presents a painful challenge. |
| Security Consultant at a tech services company with 51-200 employees | 4.0 | This product offers valuable features like centralized administration and secure access, improving workflow and reducing time. While I haven't encountered stability issues, the GUI needs improvement, and customer service is decent. |
| Information Security Officer at a tech services company with 11-50 employees | 4.5 | I use IBM Security Secret Server for dynamic and integration services, finding high availability its most powerful feature. However, improvements are needed for the nonclustered index issue, which sometimes affects performance. Overall, it offers a decent return on investment. |
IBM Security Secret Server serves multiple use cases for us, including the monitoring of privileged users, as well as the recording and password vaulting of their accounts, passwords, and need-based access.
The session monitoring feature in IBM Security Secret Server is also a very important use case for our organization.
I find the monitoring and recording parts of IBM Security Secret Server to be the most valuable features. Password vaulting is somewhat typical, but I rate monitoring and recording as very good features, along with ease of deployment.
The reporting tools in IBM Security Secret Server have helped me identify vulnerabilities. From the monitoring part, you can somewhat cover the identity vulnerability aspect. However, for identity vulnerability, I think the best approach is to use IAM rather than PAM.
It is easy to integrate IBM Security Secret Server with cybersecurity frameworks, which is a very important aspect. When we are improving our attack surface, identity is the most important thing that we need to cover, and PAM will play a very crucial role in improving our cybersecurity framework and architecture.
The main benefits that IBM Security Secret Server provides for me include complete control over the privileged identities, which are the main sources that can have the privilege to make numerous changes on the system. If we protect these identities through PAM and provide elevation on their accounts when required, then we can improve our security posture and infrastructure security.
I believe there is not much that can be improved for IBM Security Secret Server. Providing local support and local vendor availability would be beneficial so we are not dependent on international support.
I do not think IBM can add much to the product at the moment as I think everything else is very well done.
I have been working with IBM Security Secret Server for approximately four and a half years.
I would rate IBM Security Secret Server an eight from a stability standpoint.
I would rate the scalability of IBM Security Secret Server an eight.
The setup process for IBM Security Secret Server is simple or complex depending on your requirements and use cases. If a full-fledged deployment is required, then it becomes somewhat complex. However, if you have limited use cases as we do, then it is very simple.
I would rate the pricing for IBM Security Secret Server as always being in the middle range, and somewhat in the middle-upper range. IBM has never come into the low-price side.
I did consider some other options before choosing IBM Security Secret Server. It depends upon whether you are an IBM advocate, in which case you can choose IBM. Otherwise, there are many other products available in the market that you can choose and compare. There are competitors like BT and BeyondTrust in the market.
I mention that password vaulting and password rotation in IBM Security Secret Server are basically the same thing, and it becomes somewhat complex when integrating a different system with them because it requires API development. The feature is useful, but the deployment and management are complex.
I am not using the analytics part of IBM Security Secret Server, or we have not discovered that part to date.
I do use the reporting tool in IBM Security Secret Server.
I would rate IBM Security Secret Server an eight overall because it is scalable, effective, and mature. However, since regional support is not available, that is why I rate it an eight.
We're mainly using IBM Security Secret Server to monitor user activities during and after office hours and what commands users are processing. We have other use cases for IBM Security Secret Server, but those are the most frequent use cases.
What I like best about IBM Security Secret Server is its single-access console. It's also easy to manage and fulfills the requirements with the least resistance.
What needs improvement in IBM Security Secret Server is support. The local partner provides good support, but IBM itself doesn't. Most of the time, the IBM support team does not aggressively resolve issues reported through chat or the IBM website.
In the next version of IBM Security Secret Server, I want to see more lightweight recording, architecture, or infrastructure requirements. Currently, it's heavy, so I want it reduced to make adapting IBM Security Secret Server much more effortless.
I've been using IBM Security Secret Server for one and a half years.
IBM Security Secret Server has good stability, so it's an eight out of ten.
As the scalability of the IBM Security Secret Server is good, I'm giving it an eight.
My rating for IBM Security Secret Server technical support is five out of ten. The team needs to gain more aggressiveness when it comes to issuing resolutions.
Neutral
The initial setup for IBM Security Secret Server is easy.
My company hired a consultant to deploy IBM Security Secret Server.
My rating for the IBM Security Secret Server pricing is seven out of ten. It could be cheaper.
We compared IBM Security Secret Server with BeyondTrust. Still, we went with IBM Security Secret Server because we're using IBM products, which means we enjoy better integration between IBM Security Secret Server, IBM QRadar, and other IBM solutions.
My company continues to use IBM products, one of which is the PAM solution, IBM Security Secret Server.
I understand how IBM Security Secret Server works because I use it, but I'm not the administrator, and I'm not the one who gives access to privileged users of the solution.
Forty-five people use the solution within the company.
IBM Security Secret Server is a seven out of ten compared to other solutions.
My company is a user of the IBM Security Secret Server.
I am an end-user. I primarily worked in two roles. I was the integrator; I installed the product and then went to the customer side to work with the product.
IBM Security Secret Server is used for the entire IT department administrators, all of whom connect via the solution, the IBM Secret Server, in order to access the servers or the target systems, whether they are Windows servers, Linux servers, databases, the core banking system, and so on.
It is one of the most well-known names in this field.
It's very easy to deploy, very simple to implement, and very user-friendly.
It has some granular features for the user roles section.
Pricing has distinct pricing criteria that count the number of users rather than the number of target systems. It doesn't matter if you have two users or five users connecting to 1000 different target systems; it will only count five licenses, not a thousand licenses, as many other technologies or vendors do, which is what make it outstanding in the market.
It requires customization, whereas out-of-the-box integrations do not. It takes a lot of coding and customization to integrate with so many different systems.
It is not a networking device, it does not support the full proxy features for all PAM, or Privilege Access Management, access for any target systems.
Other vendors have a full proxy feature, so we can't access the target system unless we go through the PAM server on the network. Because the IBM Security Secret Server lacks that feature, it will be proxified by the application rather than the network layer.
It would be preferable if the full proxy was included in the IBM Security Secret Server.
It's also not a hard-end appliance like BeyondTrust or One Identity.
Now, rather than just the application, you must obtain the hardware, install the operating system, and manage the operating system. The application is then installed.
Other vendors, as I have mentioned, such as BeyondTrust and One Identity, simply retrace the entire package, a hardened appliance. You do not have access to the operating system, you do not bear the burden of maintaining the operating system, you do not maintain the operating system's license, you do not install the SQL Server, and you do not install the web server. You don't do anything. You install and configure the entire package.
I have been working with IBM Security Secret Server for a year and a half.
If I am not mistaken, it was version seven.
It is currently stable. But, once again, if something goes wrong with the underlying operating system, such as a missing update, or if something goes wrong with the web server or the SQL Server, it will affect the product.
One of the most valuable features is scalability, and how it allows you to scale it without affecting the underlying core components.
We have 30 users in our organization. We have a license for 30 administrators.
Unfortunately, the technical support is not very responsive because we purchased it from IBM; however, the actual support comes from Thycotic.
If you buy it from IBM, you are missing out on a lot. If you purchase it from Thycotic, you will receive full support, and access to the entire documentation library, knowledge base, and everything.
I would rate the technical support a four out of ten.
Neutral
I've previously used Micro Focus Privilege Account Manager. But I haven't worked with it in over a year.
I also work with Thycotic.
Thycotic Secret Server is the same as IBM's product. IBM Secret Server plus IBM's product, it's an OEM that IBM purchased from Thycotic, it's the same product. The same item. You can purchase it from either Thycotic or IBM.
To some extent, it is straightforward, if you are doing a PoC, or you are doing a demo, it will be as smooth and as simple as clicking next, next, next.
However, if it is a large deployment, it will be complicated because the server components must be deployed on multiple servers.
If I had to rate a large deployment on a scale of one to ten, with one being the easiest, it could be one if you want it to be as simple as possible without requiring full redundant deployment. It will, however, be ten if you want to get the most out of it.
The service and issues that may arise outside of this solution make it difficult to maintain this solution.
I would rate the technical support a four out of ten.
Yes, there was a return on investment. It is not expensive.
It's been three years. I believe that we paid 35,000 or 40,000 US dollars for it.
That is for the standard license. The standard license covers many aspects.
I would recommend it to others, but the most important thing I would recommend is that the vendor provide professional service.
And this is something that applies to all PAM solutions. Purchasing PAM is simple, but it is extremely difficult to implement it in an efficient manner in order to get the most value out of it, which is why you should seek professional assistance from the vendor.
I would rate IBM Security Secret Server a seven out of ten.
IBM Security Secret Server is a PAM solution with five main functionalities that we use, including:
As a PAM solution, Secret Server performs all the use cases in our environment. We can use it as a proxy and without a proxy allowing us to access servers directly without Secret Server just to get the username and password.
There are improvements that IBM Security Secret Server could make with respect to shared storage. For example, if you have two servers with the same users and passwords, and a user changes their password in one server, it should automatically change in the other server. With IBM Security Secret Server, you need to write some scripts to handle this. It would be beneficial if the process was simplified and had a dependency where changes on both servers would automatically occur without having to write a script.
I would like to see Secret Server have the ability to discover privileged accounts in the servers, like the administrator or users, from SQL and Oracle without having to import a script, making the solution more of an out-of-the-box solution.
I have been working with IBM Security Secret Server for one year.
The solution is stable, other than the issue previously mentioned regarding RabbitMQ.
Maintenance is only required when we publish a new version. The upgrades usually solve any performance issues, however, you need to double-check.
IBM Security Secret Server is very scalable.
Whenever we have an issue, we open a ticket with IBM. They are very supportive. If our system is down, someone from IBM will always engage with you.
The experience with technical support does depend on the person you are working with. Sometimes you encounter someone good, and other times you find the person just wants to close the gate to make the error come from our side.
Overall, I would rate customer service and support a three and a half out of five.
Neutral
I have worked with CyberArk. CyberArk has a jump server as a proxy, while Secret Server can be used as a proxy without a proxy.
Secret Server is using an SQL database. If you have experience with SQL, you can get some information, maybe even some critical information. I'm using a non-SQL database, which is very difficult because no one can understand it without being very technical.
With CyberArk, you would face challenges. With Secret Server, it's really easy because it is a SQL query, anyone can understand SQL.
The initial installation took three days. It was straightforward without any issues.
However, the ease of the initial setup of IBM Security Secret Server depends on the environment. The biggest issue is something called RabbitMQ. When Secret Server uses RabbitMQ to handle the request and the background work, we faced some issues like clustering. Sometimes the surfaces were not working normally.
Overall, I would rate the ease of deployment a three and a half out of five.
I deployed the solution myself.
I recommend to anyone that is looking to implement Security Secret Server into their organization that they understand the environment, including how many servers they have and the tools they are going to use to implement the solution. This will help them design the environment correctly.
Overall, I would rate the solution a nine out of ten.
This is one of the products that we provide to our customers. Many of them work in the banking and industrial sector and
We have a POC in place with one of our customers right now.
The last use case that we worked on was for a customer in the banking sector. They wanted to create a workflow related to server access. The admin teams and IT managers wanted to have details about who was logging into the servers and what action done within session. They also used the advanced recording features to keep track of activities when vendors were logged in remotely.
The workflow option also handles approval for system admins from multi-IT managers.
For example, when a system administrator wants to log in from home using the VPN, a request is sent by email with reason why system admin login for to the IT managers, they can review the request, for example using a mobile device, and send an approval or denial for access.
The Remote password changer which Automates password changing, ensure password complexity according to compliance and regulation, and rotate credentials.
Discover Privileges - Identify all service, application, administrator, and root accounts and protect against backdoor account.
Good auditing, reporting, and alerts.
This product has been able to cover most of the requests from our customers.
There is good training material available online. Most of what I have learned about Secret Server and some of the other IBM products is from the IBM Security Learning Academy website. It's very helpful and useful.
The live recording is a very useful feature. Most of the competitors do not have this option.
This is a lightweight solution.
I Think Vendor always working on that as every period of time not so long a new release version is available which is mean research and development team always working and alerted for any request or change.
The newer interface is maybe confusing old customer that using previous one from their point of views, I think they will need little pass of time to be familiar with. But from my point of view, it more organized and allows arranging some lists in more than one mode".
This is a very stable product.
Scalability-wise, it is fine.
The knowledge base is very useful and I haven't had to open any support tickets with IBM because of this.
I would rate the support a nine out of ten.
No I didn't , but the most competitor to IBM secret server CyberArk, which is the most competitive alternative product, and some customers found Secret Server has almost all the same features as CyberArk. there is not much difference between them, but Secret Server is very easy to use and deal with.
The initial setup is straight forward and overall the implementation is very easy.
The length of time required for deployment depends on the site preparation. For example, sometimes there are ports needed to be opened by security team and some related to infrastructure that need to be done by system admins. Once the environment is ready, it will take an approximately from of five to ten days maximum to complete.
I would rate this solution a ten out of ten.
Centralized Password Management: Our client has more than 400 geographical locations and approximately ten employees work at each location.
Giving access to business application passwords for 4000 users will make it highly insecure. Now that passwords are being managed with PIM, this makes us feel happy and satisfied.
High availability and disaster recovery could be improved.
While planning for a production environment, the HA and DR setup is a mandatory requirement from most of the customers.
IBM PIM can support HA and DR setup, but that requires a lot of complex steps and need in-depth technical knowledge of some tools which are beyond the scope of this actual product.
Another issue is migration. If you have a hosted PIM in your local environment and you plan to migrate it to some cloud-based environment, then migration will become a painful task.
I have been using this for the past three years.
Earlier versions of this product had stability issues.
No issues so far with stability.
I would give IBM technical support a rating of 9/10.
We did not have a previous solution.
The setup was simple and straightforward.
I am not the right person to ask about pricing and licensing.
We evaluated CyberArk and Oracle PAM.
Planning, planning, and planning.
Centralized administration and secure access of privileged, shared credentials gives our organization visibility into the usage of privileged, shared credentials and mitigates the risk of misuse.
Session recording and replay provides forensic evidence of activities and increases the deterrence factor for the organization from a security perspective.
Lifecycle management of shared credentials helps our organization manage large numbers of shared credentials.
Access to privileged, shared credentials is simplified by optimizing the whole workflow and approval processes. This drastically reduces the time required compared to our legacy process.
Although much has improved in last two years, the GUI for IBM products can be improved.
I work for a business partner and this product has been in my portfolio for one and a half years.
Stability issues have not been encountered, so far.
Currently, our company only serves SME enterprises and no scalability issues have been recorded.
I would rate IBM technical support with grade 3.5/5. There are different experiences regarding this among our users.
We are an IBM business partner. I did not work with other PIM solutions.
Installation is straightforward, while some integrations can vary. Depending on client requirements, some integrations with custom client applications can be pretty complex.
Licensing for this product is pretty simple, but I don’t have pricing information.
We did not evaluate any other alternatives. We are an IBM business partner.
Perform a Proof of Concept and test the integration capabilities.
I use the tool for dynamic services, integration services, and reporting services. I have years of working experience with the tool. I am a DBA and a support administrator for SQL Server, and also all my projects that have reporting tools also work with an analytics service. One part of the solution was used for support and administration, and another part was used to develop projects.
We have some clients in the healthcare environment. So, we need to verify with them all the information of a patient starting from the time when he arrives at the hospital and all the information, including all the tests and issues mentioned by the doctor, in one part.
The tool's high availability is a feature of the solution I like. So, I think it's the most powerful tool. From experience, since we can have all the work that we have on applications and even cluster tools, I think that is an important feature in the solution.
The nonclustered index is working in an area with a problem that needs improvement. In some cases, when they create some index in the tool, you may face some problems with the parallelism and some problems with the CPU. Then, sometimes you need to remove some index.
Stability-wise, I think it is a very good solution.
I think it is a scalable solution.
I do plan to increase the use of the solution in the future since it is my work.
I don't have any experience with IBM's technical support.
I did not face any problem deploying the solution.
The solution is deployed on the cloud and on-premises.
I think maybe some environments may have a good return on investment.
The price could be better. I think it's a good price for the on-premises environment and the high availability for enterprises the solution provides.
If someone has an abundance of data, Secret Servers work on that because, in most cases, the people that work on Secret Servers think of one record versus one record and compare that part. When you start working with people, you verify that when you start thinking in both business and chunks of data while having no knowledge about it, you can opt for Secret Servers.
Overall, I rate the solution a nine out of ten.
