PowerBroker Password Safe:
Automated Password and Session Management

Control and audit access to privileged accounts such as shared administrative accounts, application accounts, and local administrative accounts.

Easy and Secure Password and Session Management

PowerBroker Password Safe is an automated password and session management solution offering access control and auditing for any privileged account, such as shared administrative accounts, application accounts, and local administrative accounts. Password Safe is easily deployable and offers broad and adaptive device support. The solution even simplifies traditionally challenging tasks, such as managing privileged passwords for service accounts, between applications (A2A), and to databases (A2DB).

  • Maintain an indelible audit trail of all changes and replay any privileged session
  • Deploy across several operating systems, applications and devices; includes connector builder for SSH and Telnet
  • Leverage automated workflows for secure credential storage and retrieval
  • Age, rotate and audit passwords; proxy option prevents password disclosure
  • Rely on hardened appliances with FIPS 140-2 validated components
PowerBroker Password Safe UI
Frost & Sullivan 2014 PowerBroker Password Safe Product Review

"BeyondTrust PowerBroker Password Safe is a solid tool for the secure procurement and dissemination of passwords."

- Frost & Sullivan full product review


Access Control

PowerBroker Password Safe automatically provisions users and maps permissions using an organization’s existing LDAP or Active Directory environment

Audit Ready

This rapidly deployable solution comes complete with audit-ready logging and reporting to ensure compliance

Password Security

PowerBroker Password Safe allows for automatic, random password resets with definable password composition rules (including A2A)

Device Support

BeyondTrust offers complete support for any OS, application, account, and device, and is available as a physical appliance or virtual machine

  • Auto Discovery

    Enables you to quickly and easily discovery and incorporate new assets and start managing passwords with the least amount of effort
  • Approval Workflow

    Free for all PowerBroker Servers for UNIX and Linux customers. Advanced features including dynamic asset discovery and targeting, flexible alerting and reporting, advanced analytics, and centralized I/O index and search capabilities.
  • Integration with BeyondTrust Management & Analytics Console (Optional)

    Choose between automatic approval of requests or specify a number of approvals required prior to password release.
  • Application to Application Password Management (A2A)
  • Application to Database Password Management (A2DB)
  • Automatic Password Management

    Auto checking and resetting of passwords to comply with policy
    For maximum security, passwords can be changed upon check-in as well as on a scheduled basis. Additionally, define password complexity policies to ensure security and compliance.
  • Auditing and Reporting

    All system and user activity is securely recorded and made available in the reporting console
  • Accountability for Privileged and Shared Account
  • Quick Deployment
  • Role Based Access Control
  • Web based
  • Strong Authentication
  • High Availability

Why BeyondTrust for Enterprise Password Management

  • Automate the management of users/applications with authorized access to critical data
  • Employs commercially supported FIPS 140-2 validated components for all encryption
  • Deployable as a physical or virtual password appliance
  • Agentless technology allows for simplified deployment and management
  • System administration and user access is fully managed using the web based interface
  • Seamless integration with Active Directory or LDAP for authentication and authorization
  • Build reports for usage, audit, forensics, and regulatory compliance
  • Absolute accountability for the use of controlled privileged accounts
  • Eliminate the risk of privileged password leaving the organization
RCS ISA user log in Asset Show Action menu with Add to Password Safe

Related Products

To learn more about our products for securing your environment, select a product area below:

PowerBroker Identity Services

Quickly and easily integrate your Linux and Unix servers into your Active Directory Infrastructure

PowerBroker UNIX & Linux

Quickly and easily manage root access on UNIX and Linux servers, without ever disclosing the system password

PowerBroker for Windows

Implement least privilege for your Windows desktop environment, reducing attack surface and driving down costs

PowerBroker Auditorfor Active Directory

Track unauthorized changes to Active Directory and Group Policy configurations


  • Basic Workflow
    Basic Workflow
  • Secondary Administrator Account Retrieval
    Secondary Administrator Account Retrieval
  • Managing Systems and Accounts
    Managing Systems and Accounts
  • Automatic Authentication and Authorization using Active Directory
    Automatic Authentication and Authorization
    using Active Directory
  • Activity Reporting
    Activity Reporting


  • PowerBroker Password Safe view request details
    After completing a password request the requestor is prompted to review the request details, submit a new request or view all outstanding requests
  • Add to PowerBroker Password Safe from Retina CS
    Leverage the Smart Groups in Retina CS to discover new a systems then add then to PowerBroker PasswordSafe for management
  • PowerBroker Password Safe set up systems and accounts
    Inside of Retina CS administrators will be able to setup systems and accounts as you can today from PowerBroker PasswordSafe
  • PowerBroker Password Safe requests that require approval
    For requests that require an approval, request details are presented and the approver can provide comments with their approval or denial of the request
  • PowerBroker Password Safe password request history
    Users can review their password request history
  • PowerBroker Password Safe retrieve password
    Password retrieved by the requestor are displayed for a limited amount of time