I began using Thycotic as a replacement to my team's internal KeePass database. The tool itself has a wealth of functionality, including the ability to automatically change passwords, pass credentials through to Remote Desktop, the ability to set extremely gradual permissions on 'secrets,' and the ability to require a second form of 'approval' before a user is able to access the secret.. What's perhaps even better is the fact that basically all actions are logged, so I can keep track of exactly who has accessed usernames and passwords for our applications.
There are a few points that detract from the overall experience, however, these are fairly minor.
First and foremost, from a user interface standpoint is, quite frankly, ugly (in my opinion). This could be the theme our IT staff chose to implement, or it may simply 'be the way the app is.' Regardless though, the interface is somewhat cumbersome and cluttered, and reminds me of a time when web applications were just beginning to embrace responsive design, etc.
Additionally, our implementation requires the use of two factor authentication. From a security standpoint, this is spectacular. From an practicality standpoint, I find it frustrating that if I successfully authenticate with my username and password, and then get my 2 factor authentication code incorrect, I am taken back to the main login screen, where I need to re-enter my username and password all over again.
Begin by identifying what problems your organization is attempting to solve (ex. centralization of passwords, logging of the use of account passswords, ensuring that accounts are reset on a regular basis), to ensure that Thycotic will meet your needs. More than likely, the question will come down to what particular edition of the Thycotic application is necessary for your own organization. Also, try out the Thycotic Secret Server before you buy -- Thycotic offers free trials, and they also offer a (feature limited) free version as well.
By using Thycotic (from my perspective as an IT user), we have:
-Centralized all of our account credentials and other 'secrets'
-Eliminated the need for users and teams to maintain and manage their own individual password safes/password management tools
-Provided better visibility into what accounts/secrets are being used, and when
-Provided a more automated mechanism to ensure that critical account passwords are rotated automatically