Log In to the BeyondInsight Console

The admin credentials used to log in to the BeyondInsight console for the first time are configured during the installation process. Afterward, the credentials you use to log in to the console depend on the type of authentication configured for your BeyondInsight system. Logging into the console varies depending on the type of authentication configured for your system.

The following authentication types can be used:

  • BeyondInsight: Create local users in BeyondInsight and add them to groups to assign permissions to features. Local users can log in to the console from the BeyondInsight login page.
  • Active Directory: Add Active Directory users in BeyondInsight and add them to groups to assign permissions to features. Active Directory users can log in to the console from the BeyondInsight login page.
  • Microsoft Entra ID: Add Entra ID users in BeyondInsight and add them to groups to assign permissions to features. Entra ID users can log in to the console from the BeyondInsight login page.

To use Entra ID credentials for logging into BeyondInsight, the accounts must use SAML authentication. For more information on configuring Entra ID SAML with BeyondInsight, please see Configure Microsoft Entra ID SAML with BeyondInsight SAML.

  • LDAP: Add LDAP users and add them to groups to assign permissions to features. LDAP users can log in to the console from the BeyondInsight login page.
  • Two-Factor Authentication: Configure two-factor authentication with a RADIUS server or time-based one-time password (TOTP) authenticator app, and assign it to users in BeyondInsight. Users are prompted for their two-factor login options after providing their credentials on the BeyondInsight login page.
  • Smart Card: Configure BeyondInsight to allow authentication using a smart card PIN. Users can bypass the BeyondInsight login page and navigate to the smart card site access URL provided by the administrator to use smart card authentication.
  • SAML Authentication: Configure SAML identity providers in BeyondInsight to use authentication for web tools that support SAML 2.0 standard, such as PingID, Okta, and ADFS. Users can authenticate with the default SAML identity provider configured in BeyondInsight by clicking the Use SAML Authentication link on the BeyondInsight login page. To log in using a SAML identity provider other than the default provider, users can navigate to the SAML site access URL provided by the administrator.
  • Claims-Aware: Configure a claims-aware website to bypass the current BeyondInsight login page and authenticate against any configured Federated Service that uses SAML to issue claims.

When working in the console, the times displayed match the web browser on the local computer unless stated otherwise.

To log in:

  1. Open a browser and enter the URL for your BeyondInsight / Password Safe instance: https://<hostname>/WebConsole/index.html.

You might need to accept a pre-login message, if one has been configured on your system.

  1. Enter your username and password. The default username is Administrator, and the password is the administrator password you set in the Configuration Wizard.
  2. If applicable, select a domain or LDAP Server from the Log in to list.

The Log in to list is only displayed on the Login page when there are either AD or LDAP user groups created in the BeyondInsight console. The Log in to list is displayed by default, but may be disabled / enabled by an admin user by toggling the Show list of domains/LDAP servers on login page setting from Configuration > System > Site Options page.

  1. Click Log In.
  2. To log in using SAML Authentication, click the Use SAML Authentication link below the Log In button. You are redirected to the single sign-on access site for the default SAML identity provider configured by your administrator in BeyondInsight.

If the initial login attempt fails, and two-factor authentication (2FA) is enabled, the user is taken to the 2FA page for security reasons.

For more information, please see the BeyondInsight and Password Safe Authentication Guide.

Log Out of the Console

BeyondInsight Profile and Preferences window showing the Logout option.

To log out of the console, click Profile and preferences in the top-right corner, and then click Log Out.

 

Select a Display Language

BeyondInsight and Password Safe can be displayed in the following languages:

  • English
  • French
  • German
  • Japanese
  • Korean
  • Portuguese
  • Spanish

If the Show language picker option is enabled in Configuration > System > Site Options > Localization, you can select a language from the list on the Log In page or by clicking the Profile and preferences button, and then selecting it from the Language dropdown.