PowerBroker Password Safe:
Privileged Password and Session Management

Control and audit access to privileged accounts such as shared administrative accounts, application accounts, and local administrative accounts.

Easy and Secure Password and Session Management

PowerBroker Password Safe is an automated password and session management solution offering access control and auditing for any privileged account, such as shared administrative accounts, application accounts, and local administrative accounts. Password Safe is easily deployable and offers broad and adaptive device support. The solution even simplifies traditionally challenging tasks, such as managing privileged passwords for service accounts, between applications (A2A), and to databases (A2DB).

  • Secure and automate the process for managing privileged account passwords
  • Control how people, services, applications and scripts access credentials
  • Auto-logon users onto RDP and SSH sessions, without revealing the passwords
  • Record all user and administrator activity in a comprehensive audit trail
  • Alert in real-time as passwords are released and session activity is started
PowerBroker Password Safe Product Architecture
Frost & Sullivan 2014 PowerBroker Password Safe Product Review

"BeyondTrust PowerBroker Password Safe is a solid tool for the secure procurement and dissemination of passwords."

- Frost & Sullivan full product review
PowerBroker Password Safe

BeyondInsight Built-In

PowerBroker Password Safe is part of the BeyondInsight IT Risk Management Platform, which unifies PowerBroker privileged account management solutions with Retina CS Enterprise Vulnerability Management. Capabilities include:

BeyondInsight Built-In
  • Centralized solution management and control via common dashboards
  • Asset discovery, profiling and grouping
  • Reporting and analytics
  • Workflow and ticketing
  • Data sharing between Retina and PowerBroker solutions

The result is a fusion of user and asset intelligence that allows IT and security teams to collectively reduce risk across complex environments.


Network-Based Asset Discovery

Network-Based Asset Discovery

Leverage a distributed network discovery engine to scan, identify and profile all users and services – and then automatically bring the systems and accounts under Password Safe management.

Dynamic Rules and Asset Groupings

Dynamic Rules and Asset Groupings

Utilize collected system details from the discovery process to categorize assets. Smart Rules can be triggered to generate alerts or auto provisioning based on system categorization.

Agentless Session Management

Agentless Session Management

Password Safe Session Management using standard desktop tools such as PuTTY and Microsoft Terminal Services Client. This ensures administrators can leverage commonly used management tools without the need for Java.

Analytics and Reporting

Analytics and Reporting

The BeyondInsight data warehouse enables you to collect, correlate, trend and analyze key metrics. Built-in reports, such as the Password Age report, identify areas that require action. You can also customize reports to meet specific business needs.


Discovery and Profiling

  • Find and manage all accounts: Discover and profile all known and unknown assets, shared accounts, user accounts, and service accounts.
  • Stay organized: Quickly identify assets with common traits and automatically place them under Password Safe management via Smart Rules.

Password Protection

  • Keep passwords fresh: Randomize passwords on a scheduled basis or upon check-in to eliminate risk of passwords leaving the organization.
  • Ensure password strength: Define and enforce password policy to meet any complexity requirement.
  • Eliminate old passwords: Analyze password ages and proactively report policy violations.
  • Identify potential backdoors: Identify uncontrolled privileged accounts.

Session Monitoring, Auditing and Reporting

  • Enforce accountability: Record privileged sessions in real time via a proxy session monitoring service for SSH and RDP.
  • Adhere to compliance mandates: Meet password protection and audit regulations listed in SOX, HIPAA, GLBA, PCI DSS, FDCC, FISMA, and other mandates.
  • Communicate and comply: Build reports for usage, audit, forensics, and regulatory compliance purposes.


  • Streamline workflow: Leverage true Role-Based Access Controls (RBAC) with Active Directory and LDAP integration for assigning roles and rights to users.
  • Simplify requests: Manage checkout workflow with seamless connectivity to RDP & SSH via native desktop tools such as puTTY and Microsoft MSTSC.
  • Accommodate firecall requests: Ensure access to password-managed systems after hours, on weekends, or in other emergency situations.


  • Simplify deployment: Implement hardware appliances, virtual appliances, or both.
  • Speed user adoption: Provide a modern, HTML-5 requester interface – no Javascript or agents required.
  • Support any system: Employ out-of-the-box connectors, plus a custom connector builder for all systems that support Telnet or SSH.

Security and Uptime

  • Ensure solution security: Rely on hardened appliances with FIPS 1402-validated components, AES256 encryption and HTTPS/SSLv3 communications.
  • Understand asset risk: Review an asset’s vulnerability profile and understand security exposures prior to granting access.
  • Increase uptime: Deploy appliance pairs and replicate settings for high availability.

Related Products

To learn more about our products for securing your environment, select a product area below:

PowerBroker Identity Services

Quickly and easily integrate your Linux and Unix servers into your Active Directory Infrastructure

PowerBroker UNIX & Linux

Quickly and easily manage root access on UNIX and Linux servers, without ever disclosing the system password

PowerBroker for Windows

Implement least privilege for your Windows desktop environment, reducing attack surface and driving down costs

PowerBroker Auditorfor Active Directory

Track unauthorized changes to Active Directory and Group Policy configurations


  • PowerBroker Password Safe 5.2: A New Approach to an Age-Old Problem
    PBPS 5.2: A New Approach to an Age-Old Problem
  • PowerBroker Password Safe 5.2 BeyondInsight Overview
    PBPS 5.2 BeyondInsight Overview
  • PowerBroker Password Safe UVMv20 Configuration
    PBPS UVMv20 Configuration


  • PowerBroker Password Safe view request details
    After completing a password request, the requester can review the request, submit a new request, or view all outstanding requests.
  • Add to PowerBroker Password Safe from Retina CS
    Leverage Smart Groups to automatically discover new systems and bring them under PowerBroker Password Safe management.
  • PowerBroker Password Safe set up systems and accounts
    PowerBroker Password Safe makes it easy to add new systems and accounts — manually or automatically via automated discovery and profiling.
  • PowerBroker Password Safe requests that require approval
    Workflow is managed via seamless connectivity to RDP and SSH via native desktop tools such as PuTTY and MSTSC.
  • PowerBroker Password Safe password request history
    The requester interface is in HTML-5 and does not require Javascript or agents.
  • PowerBroker Password Safe retrieve password
    Passwords are displayed for limited time periods and can be automatically rotated upon check-in.