Cybersecurity firm Thycotic Inc., whose software for managing employee passwords is used by a quarter of the Fortune 100, today announced that it has acquired fellow cybersecurity provider Onion ID Inc. and its three products.

Thycotic and Onion ID both compete in the so-called privileged access management market. Their products help companies manage how employees access systems such as databases to ensure security policies are being met.

Making sure employees can log into applications securely has become a particularly big focus for enterprises in recent months with the switch to remote work. With the acquisition, Thycotic could be better-positioned to address following the acquisition.   

Washington D.C.-based Thycotic is best known for its flagship Secret Server platform. Secret Server is a kind of virtual vault designed to store the passwords of sensitive employee accounts, such as administrator accounts with access to a company’s cybersecurity tools or network devices. Secret Server keeps login credentials in an encrypted format and provides tools for managing them.

Hayward, Calif.-based Onion ID helps companies control what employees do with those login credentials. The startup, which counts among its customers IBM Corp.’s Red Hat subsidiary, sells access control software that makes it possible to restrict what an employee can and can’t do in an application based on their role. Its three products are designed to manage access to databases, cloud environments and logins from remote workers, respectively.

Thycotic will offer the products to its customers following the acquisition. They’re being relaunched under the names Thycotic Database Access Controller, Thycotic Cloud Access Controller and Thycotic Remote Access Controller. The company is positioning that last offering, which is based on Onion ID’s product for securing logins from remote workers, as an alternative to the traditional virtual private network tools historically used to this end. 

James Legg, Thycotic’s chief executive, said in a statement that “with the addition of Onion ID, we are now able to implement fine-tuned role based access controls across any web-based application, IaaS console, and cloud-hosted database, while providing flexible multifactor authentication that gives security leaders a significantly easier way to ensure secure access paths for remote employees.”

The terms of the deal were not disclosed. 

Image: Thycotic