Feature Overview Password Depot Enterprise Server

64-bit Windows server service providing concurrent access for all client platforms (Windows, macOS, iOS, Android, Linux) plus browser access via a dedicated web interface.

All client–server communication is encrypted end-to-end using TLS 1.3.

Support for classic credentials (username/password), Windows credentials, Integrated Windows Authentication with SSO (Single Sign-On), Entra ID / Azure AD, other OIDC (OpenID Connect) providers, and WebAuthn/Passkey.

2FA via TOTP (Time-based One-Time Password) authenticators, email codes, and FIDO2-compatible devices such as USB tokens, Windows Hello and smartphones.

Import of users and security groups from Active Directory across multiple domains in a single forest; resynchronization manually or automatically on a schedule.

Import and synchronization of users and groups from Entra ID / Azure AD using the built-in Password Depot components.

Import and synchronization of users and groups from third-party identity providers that support OIDC (OpenID Connect).

64-bit Windows administration application (Server Manager) for local or remote management of the server.

Integrated wizard for generating and installing root and server certificates directly on the server.

Central, online access to shared team databases and private vaults for passwords, notes, documents, access keys, certificates and other sensitive data types.

Classic user/group model with inheritance of permissions from parent groups for consistent access control.

Fine-grained permissions for databases, folders and individual records, including optional time-limited access.

Assign specific server roles to administrators who connect via Server Manager to manage defined partitions, databases or groups.

Central definition of security and usage policies: default access rights, password generation rules, allowed record types, and more.

Controlled sharing of records (passwords, notes, documents) between users with options such as supervisor approval (N-of-M quorum), limits on concurrent use, automatic expiration, etc.

Email notifications to designated administrators for relevant events: successful or failed logins, configuration or policy changes, access to specific databases or entries, and more.

Detailed master log for auditing user and administrator actions; internal events can be written to the Windows Event Log and/or dedicated log files.

Optional real-time forwarding of all log entries to external Syslog servers in RFC 5424 format via UDP (User Datagram Protocol).

Multiple options for scheduled, automatic backups of all databases and configuration files.

RESTful API for automating administrative tasks and for direct server access from custom applications or browsers without a locally installed client.

Real-time mirroring to a secondary server instance that stays synchronized with the primary and can take over in case of failures.

Extensive reporting capabilities in Server Manager for all relevant server, security and usage data.