Is your enterprise password manager good enough?

Features to look for in an enterprise password manager

Is your enterprise password manager good enough?

An enterprise password manager or password vault is often the first step that companies take as they try to wrangle passwords and make them secure while also ensuring ease-of-use for employees. But not all enterprise password managers are the same. Here are the features that any such tool should have and extras that only some tools have but that your business might need.

The basic enterprise password manager

Any of the main enterprise password managers on the market does the basic task of storing user passwords in a a secure password database, usually in the cloud. Quality password managers encrypt the data securely using ciphers like AES-256. Most of these tools also have built-in random password generators, making it easy to create secure passwords.

When picking a business password vault, you’ll want to make sure you choose a tool that supports employee access across devices and syncs across them. That’s because employees typically use their phones as well as work machines, and may also use personal laptops. The top enterprise password managers will support all the common browsers and mobile operating systems.

Now, for the extras.

Enterprise password managers: extra security options

Two items to look for in a password manager are the ability for automatic password resets and the ability to enforce password rules through the tool. Both will aid in security while also avoiding the burden on IT or your help desk.

For security, it’s important that the enterprise password manager supports two-factor or multi-factor authentication. A password manager is a good first step in improving password security. But it’s rarely enough by itself. Password managers have been hacked and various types of attacks can still intercept and capture the password being entered. Make sure the enterprise password vault works with your MFA solution (or includes MFA) to require that users provide additional authentication factors when logging in, such as a pin from a phone app, a fingerprint, or facial recognition.

Enterprise password managers: usability extras

For the enterprise password manager to work, employees have to use it. For them to use it, it has to be easy. Look for these capabilities:

  • Fill-in web forms—Most enterprise password managers include the ability to detect a website and automatically fetch and fill in the login dialog for it. They don’t all do a great job or detect all sites equally well, though.
  • App passwords—Websites aren’t enough. Employees don’t distinguish between a website and an app—they are all just tools to get the job done. Not all password managers support apps. Look for ones that do. It’ll cut down on employee complaints and increase adoption.
  • On-prem application support—Even fewer enterprise password managers support on-prem applications. But, again, user’s don’t make a big distinction between web and on-prem systems. They just want to quickly login and get their work done. A password manager that doesn’t support your on-prem apps is only a partial solution to the password problem.

What you probably won’t find in enterprise password managers

Enterprise password managers may provide some basic reports but they rarely provide the kind of auditing tools needed for compliance with standards like PCI or SOX. They won’t give you the information you need to identify attack attempts, either.

Enterprise password managers offer only basic synchronization with directories like Active Directory. If you’re looking to implement security policies based on role, location, etc. with granular permissions, you’ll need a true single sign-on (SSO) system instead of a password manager. Similarly, if you onboard and offboard through AD, Workday, or other directories—or even multiple directories as in many organizations—a password manager is likely to prove unwieldy and become just another system you have to maintain.

The right enterprise password manager can be a good first step to increase security for your company. But to maintain password security and keep employees happy, you’ll probably want to move to an SSO solution. That will enable users to log in just once and then easily access all their work websites and apps—whether cloud-based or on-prem—without having to login again. It means truly using just one password. And an SSO solution will integrate with your directories to provide the granular level of permissions and control that is the reason you use a directory like AD in the first place.

So, consider an enterprise password manager as a first step on the path to greater security, but don’t expect it to be your last.

Thanks for signing up.

We’ve sent a verification email to

To complete your trial sign up, please check your email and follow instructions to verify. You may need to check your spam. You will be prompted to set up a password and log in. Please note that your user name is your email address.

Get Started in 3 Easy Steps:

Try OneLogin Free for 30 days

All fields are required

  • This field is required.
  • Please enter your first name
  • Please enter your last name
  • Please enter your job title
  • Please enter your phone number
  • Note: Please enter a work email address only as we DO NOT accept web-mail addresses (gmail, yahoo, hotmail, etc.)

    Is that a correct business email address?
  • Please enter company name
  • .onelogin.com
    Please choose another subdomain
  • Please enter number of employees
  • Please enter country
  • Please enter state
  • By completing and submitting this form, I agree to the storing and processing of my personal data by OneLogin as described in our Terms of Service and Privacy Policy.

  • By creating your account, you agree to the Terms of Service and Privacy Policy.

Related Resources:

Password Vaulting vs. Single Sign-On

Which is better, a password vault or single sign-on?

Read More

Business Use of Cloud Password Managers

Learn what a cloud password manager is, how it differs from password vaults and SSO, and if it’s right for your business.

Read More

5 Reasons Relying on Passwords is a Recipe for Disaster

Nowadays, passwords just don’t provide enough security for your business. Learn why.

Read More