As of version 8.6, Secret Server supports password changing for Salesforce.com accounts.
The password changer can be enabled on Secrets that are created using the default Web Password Secret Template or any custom template that is configured to use the Web User Account Password Type.
Enabling Secret Server access to your Salesforce.com organization
The Secret Server web server's outbound IP Address must be added to the IP Address white list for your Saleforce.com organization. Please refer to the Salesforce.com documentation for instructions on how to set this up (See Restricting Login IP Ranges for Your Organization).
In cases where this is not set up correctly, you may see the follow error in the Remote Password Changing logs:
Login failed: LOGIN_MUST_USE_SECURITY_TOKEN: Invalid username, password, security token; or user locked out.