The password manager market contains a huge variety of products, from basic individual products to enterprise-level utilities – and that’s where ManageEngine Password Manager Pro comes in.
This tool delivers the kind of features admins need with a business password manager, with rock-solid security, an incredible number of customization options and granular, in-depth options for managing your entire company’s identities and passwords.
It’s no wonder that it’s trusted by more than one million admins and users and has already been deployed by businesses like Walmart, VMWare and NASA. It’s also no wonder that this product is produced by Zoho, as that company has loads of experience producing enterprise software.
After you’ve discovered whether you should roll out ManageEngine Password Manager Pro to your business, head over to our verdict on the best password managers.
ManageEngine Password Manager Pro: Key Features
Password Manager Pro aims to equip admins with enough features and functionality to help transform password management from a security liability into a structured, controlled process.
Being aimed at large enterprises, the platform claims to deliver a complete solution that can help you control, manage, monitor, and audit the entire life cycle of privileged access.
Like all its peers, it offers a centralized password vault where your users can store all their passwords in a secure, encrypted database. As an admin, you can create a hierarchical structure of folders within the vault to organize passwords based on departments, systems, apps, or any other logical grouping.
The platform also enables you to define granular access controls to control who can access specific passwords, and whether users can only view the password, or even change it. They can also set time-based access restrictions, and even force approvals for password access.
Similarly, you can also restrict access based on IP addresses or IP ranges. Admins can also assign ownership of specific password records to other authorized users, allowing for decentralized management, which is especially useful in larger organizations.
Password Manager Pro can store more than just passwords, which makes it pitch itself essentially as a centralized, encrypted repository for business-critical data. You can, for instance, use it to securely house all kinds of documents, images, and files, as well as Windows service accounts, digital signatures, SSL certificates, SSH keys, and more.
The platform also offers password lifecycle management features. You can use it to create and enforce organization-wide password policies. It enables you to specify complexity requirements (minimum length, character types), word usage (password should not contain dictionary words, or login name), password aging (how often passwords must be changed), and password history (preventing reuse of recent passwords).
You can also manually reset passwords for any account in the vault, and also enforce mandatory password resets for users. Passwords can be changed any time on demand, or automatically at periodic intervals. You can also configure passwords to be automatically reset after every usage.
ManageEngine Password Manager Pro also offers several disaster recovery options, including live and scheduled database backups. You can restore the backed up data to the Password Manager Pro database using the provided recovery scripts.
ManageEngine Password Manager Pro: Integrations and Compatibility
As an enterprise solution, Password Manager Pro integrates with your existing Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) installations. This allows your users to log in to Password Manager Pro using their existing AD or LDAP credentials, eliminating the need for separate logins.
Moreover, when a password is reset in Password Manager Pro, it can automatically update the password in the corresponding AD or LDAP account. Similarly, when users are added or removed in AD or LDAP, Password Manager Pro automatically updates its database to reflect these changes.
Password Manager Pro can also integrate with third-party Security Information and Event Management (SIEM) systems. It also integrates with IT Service Management (ITSM) tools like ServiceNow and Jira to automate password retrieval and management within incident and problem management workflows.
The platform also has plugins for several popular continuous integration and continuous delivery (CI/CD) platforms including Jenkins, Ansible, Chef, and Puppet. Thanks to these plugins you can securely inject secrets into your CI/CD pipelines, instead of hardcoding credentials in scripts.
The platform also provides three APIs to enable all kinds of enterprise apps to securely retrieve passwords from ManageEngine Password Manager Pro.
The platform also has a remote login feature that your users can use to securely access remote machines directly from the Password Manager Pro web interface, without needing to manually enter passwords. This comes in handy especially for establishing one-click connections to RDP, SSH, and telnet sessions.
ManageEngine Password Manager Pro: Security and Compliance
Unsurprisingly, ManageEngine Password Manager Pro has faultless security credentials. This software uses dual 256-bit AES encryption, first at application level, and then at database level.
You can also set it up to run in the Federal Information Processing Standards (FIPS) compliant mode where all encryption is done through FIPS 140-2-certified systems and libraries.
Password Manager Pro also supports smart card authentication. You can further compliment this by various two-factor authentication (2FA) provisions to provide an extra layer of security. The platform supports PhoneFactor, Google Authenticator, Duo Security, YubiKey, and several more 2FA mechanisms.
Password Manager Pro can also be configured to detect and send alerts when it detects passwords that violate your organization's IT policy, or have expired. Alerts can also be generated when users request access to specific passwords or resources.
When it comes to auditing, the platform gives you as admins access to detailed audit logs that track all activities performed within Password Manager Pro. This covers events like password access, modifications, policy changes, user logins, and administrative actions.
All events are reported together with timestamps and user details. These logs will help with security analysis, incident investigation, and compliance reporting. Password Manager Pro also lets you grab compliance reports for PCI-DSS, NERC-CIP, and ISO/IEC 27001 standards.
To ensure that none of its logs can be tampered, in addition to restricting access, the platform ensures they are encrypted with AES-256 encryption.
The platform can also record videos of sessions initiated through Password Manager Pro for RDP, SSH, telnet, and remote database connections. The videos include everything the users see on their screen, along with all the actions they perform during the sessions.
These videos help organizations meet audit requirements, and help comply with regulations like PCI-DSS, FISMA, and HIPAA.
Remember though that recording sessions can be resource-intensive in terms of storage space. Also, depending on the number of concurrent recordings, and the resources of the Password Manager Pro server, there might be a slight performance impact on user sessions.
ManageEngine Password Manager Pro: Setup
Unlike many of its peers, Password Manager Pro is a self-hosted, on-premises password management solution. You can set it up on top of a Windows or a Linux machine, as it offers 64-bit installers for both platforms.
Before installing it, make sure the machine has at least a Dual Core or Core 2 Duo processor, with no less than 4GB of RAM. The product itself needs about 200 MB of disk space, and recommends earmarking 10GB at the minimum for the database.
The disk space requirements vary on usage, and you’ll need a lot more if you’ll be recording sessions regularly.
Besides this, you’ll also need an external mail server that Password Manager Pro can use to send emails and notifications to users. It can work with both your own in-house SMTP server, or a publicly available one.
Once that’s done, you can access ManageEngine’s settings through a web portal. At this point you’re going to get lost unless you’re an IT admin or someone with plenty of technology experience. This is a powerful tool, but that means you will be confronted with lots of different menus.
ManageEngine Password Manager Pro: Interface and performance
By default, Password Manager Pro has five predefined roles that come with a specific set of permissions. Administrators can set up, configure, and manage the platform, while Privileged Administrators can additionally configure privacy and security controls.
Then there are Password Administrators who can perform resource and password-related operations, while Password Auditors can also access all audit reports. Finally, there are Password Users who can view (and optionally modify) only those passwords that are shared with them by the Administrators and Password Administrators.
You’ll most likely login as an admin, which gives you extensive control over the platform. You can, for instance, perform bulk actions on password records, which helps save significant time and effort when managing a large number of passwords.
Indeed, the ManageEngine interface is not one for beginners. Its Dashboard has options for configuring mail servers, adding users and managing your company’s data, and the Dashboard also provides a quick overview of your password conflicts and violations – and how users across your whole network are managing passwords.
Go beyond the Dashboard, and in sub-menus, you’ll find in-depth areas for managing resources, groups, connections, certificates and SSH keys.
There’s lots going on here and you’ll have to know plenty about system administration to find your way around, but the interface is straightforward and unfussy – so it’ll fit right into your workflow.
ManageEngine Password Manager Pro: Plans and pricing
ManageEngine Password Manager Pro is a complex, technical product designed for medium business, large companies and huge enterprises, so its pricing structure is necessarily complex – and it’s not exactly a cheap bit of software.
As we’ve said before, Password Manager Pro has five predefined roles, and the licensing restricts the number of administrators as a whole. That said, there is no restriction on the number of Password Users and Password Auditors.
The Standard edition starts at $595 / £550 / AUD$ 900 for a year-long license for two administrators, and prices rise if you add admins. The Premium software starts at $1,395 / £1,250 / AUD$ 2,000 for a five-admin, one-year deal, and the Enterprise edition costs $3,995 / £3,800 / AUD$6,000 for a ten-user package. It’s also possible to buy perpetual licenses, although prices obviously rise further.
The Standard Edition has all the basic features to store your passwords and selectively share them among users. The Premium Edition adds more enterprise-class password management features such as remote password resets, session recording, IP restrictions, privacy settings, and more. To access every feature though you’ll need the top of the line Enterprise Edition.
Importantly though, you get support for adding unlimited resources and for managing an unlimited number of users, with each plan.
It’s also possible to add SSL/TLS certificate discovery, CSR, public CA integration and several other extra features to your package with the Key Manager Plus add-on. And while this is all very complex, ManageEngine’s enterprise-level feature set does mean that you’re able to contact the company for a customized quote too.
ManageEngine Password Manager Pro: Support
You get plenty of support options if you fork out the cash for ManageEngine Password Manager Pro, with toll-free phone support, email forms, direct email addresses and active user forums all available. Suffice to say that you will be able to get help if you need it, no matter the time.
ManageEngine Password Manager Pro: The competition
ManageEngine has plenty of strong competitors in the enterprise and big business password management space. Parent company Zoho has its own Vault password management system, and it’s worth exploring that product if you’d like a password management product that can be integrated with wider CRM, workplace and finance products.
Beyond Zoho and ManageEngine, we’d also recommend N-Able Passportal, which deploys a top range of impressive, high-end features for enterprise-level password management. It’s a great standalone product, although N-Able doesn’t have the same broad packages you’ll get with Zoho or ManageEngine.
ManageEngine Password Manager Pro: Final verdict
We’ll say this right away: ManageEngine Password Manager Pro is not the tool to buy if you want small business password management or a family product. It’s a high-end tool for enterprises and large businesses, and both its price and feature set reflect that status.
If you’ve got the budget and you need a high-end password management tool, though, there’s not much better than this. It’s just as good as its rivals, and you only need to consider which product has the features and integrations that your organization needs.
