Best on-prem password manager for a medium size firm?
Posted by Mammothtothemoooon@reddit | sysadmin | View on Reddit | 36 comments
We're a 300ish-people firm looking for an on-prem passsword manager. Requirements are:
-on-prem as aforementioned
-able to run on cloud too in case we decided to switch later
-AD/LDAP integration so we dont have to manually manage the users
-Ideally no more than $3-4/person/month
-exportable audit logs for compliance reporting, this one is non-negotiable
Not asking for much I think, but every tool I look at seems to either nail some of these and completely miss on others. Anyone running something that checks all of these for a team our size? If something is really worth it we're ready to push it to 5 bucks a seat but we'd rather not. Thanks in advance!!
alraffa218@reddit
Secureden & ManageEngine Password Manager Pro.
Inf1n1t3lyCur10u5@reddit
BitWarden
Brandhor@reddit
I've used bitwarden for a while and it's good but the browser extension sucks, plenty of times it doesn't even offer to save a password and when it does sometimes it asks to overwrite another password just because both websites have the same parent domain like a.company.com and b.company.com
iB83gbRo@reddit
Change the match detection setting.
Brandhor@reddit
thanks, I didn't know about that option
Sweet-Sale-7303@reddit
The extension is annoying. Was working fine till one of the latest updates.
Absolute_Bob@reddit
/thread
Apprehensive_Bat_980@reddit
Notepad
Appropriate-Border-8@reddit
WARNING: Major Security Flaws Found In Leading Password Managers
https://www.linkedin.com/pulse/warning-major-security-flaws-found-leading-password-dfzpe
KarmicCorduroy@reddit
OP was pretty clear about needing on-prem.
UKDude20@reddit
keepass, old but reliable all the plugins you'll need, android and iPhone support as well as a robust api
Dry_Ask3230@reddit
How would you scale KeePass for 300 users like OP is asking? We use it for a much smaller user count and find it incredibly cumbersome. I think it is only a good solution for individuals or small teams that don't need granular control. I don't see how it scales beyond that.
DaftPump@reddit
Seconded. r/keepassxc
shimoheihei2@reddit
Bitwarden client with self hosted vaultwarden server
dustojnikhummer@reddit
Does Vaultwarden have LDAP yet?
meditonsin@reddit
Afaik you can use Bitwarden's Directory Connector with Vaultwarden (haven't tried myself, tho).
electricpollution@reddit
For personal use I think k vault warden is great. For business I would recommend the official one for support and when things go wrong.
Resident-War8004@reddit
Proton
ToddSpengo@reddit
I use Pleasant.
thatfrostyguy@reddit
Keepass
hoodie1776@reddit
Just curious - why the requirement for on-prem?
GherkinP@reddit
Passwordstate for a bit of an offbase recommendation.
justmirsk@reddit
Passwordstate is great. Easy to manage and lots of features.
GherkinP@reddit
Would argue it's cheap too, A$.60 per user per month for 300 users is awesome.
(and it's australian 🇦🇺)
trail-g62Bim@reddit
Very cheap and the support has been good. Only downside is if you are in another hemisphere, support can take a bit to get back to you since they are so far away. But ime, they get the answer correct quickly, so they end up being faster than other companies that manage to respond faster.
GherkinP@reddit
Yeah definitely. Good upfront cost but set for life.
poizone68@reddit
Passbolt might be another option, although if you want AD/LDAP I think you have to go with the paid option, which is $5 per month.
soul_stumbler@reddit
We user keeper in an 1K employee environment. It does the thing and is fine. If I would have to do it over again I would probably go with bitwarden or a similar due to UI frustrations and support being challenging at times.
itguy9013@reddit
We use PasswordState. Great product and the licensing is reasonable. Licensing is perpetual and then you just pay for maintenance.
cubic_sq@reddit
Are you want a master credential store? Or a pw manager that users can have locally on their phones and daily drives ?
Affectionate-Cat-975@reddit
Bitwarden
egyenlet@reddit
Hashicorp Vault
nVME_manUY@reddit
Bitwarden / Vaultwarden
Hamburgerundcola@reddit
Devolutions may be for you. Its more of a remote management sessions tool with an integrated password manager.
Its great for ItT Teams, but maybe not the right fit for a pw manager for normal users.
averythrowawayaccidk@reddit
We use Passwork in our firm and no complains so far, even moving it from on-prem to cloud was kinda easy compared to what we initially thought
InboxProtector@reddit
Bitwarden hits every requirement, self-hostable, cloud-migratable, AD/LDAP integration via directory connector, audit logs, and comes in well under your budget at around $3/seat/month for the Teams plan. It's open source so you can audit the code yourself, which is a bonus for compliance.
Passbolt is worth a look too if you want something built specifically for teams with a strong open-source pedigree, though the UI is less polished.
For 300 people Bitwarden is the obvious answer it's the one you'll spend the least time justifying to stakeholders and the least time maintaining.