Password Safe Administration Guide

Password Safe is your privileged access management solution to ensure your resources are protected from insider threats. It combines privileged password and session management to discover, manage, and audit all privileged credential activity.

Password Safe creates and secures privileged accounts through automated password management, encryption, secure storage of credentials, and a sealed operating system.

Password Safe is supported on a hardened U-Series Appliance that creates and secures privileged accounts through automated password management, encryption, secure storage of credentials, and a sealed operating system.

More specifically, you can use Password Safe to accomplish the following:

  1. Scan, identify, and profile all assets for automated Password Safe management, ensuring no credentials are left unmanaged.
  2. Control privileged user accounts, applications, SSH keys, cloud admin accounts, RPA accounts, and more.
  3. Use adaptive access control for automated evaluation of just-in-time context for authorization access requests.
  4. Monitor and record live sessions in real time and pause or terminate suspicious sessions.
  5. Enable a searchable audit trail for compliance and forensics, and achieve complete control and accountability over privileged accounts.
  6. Restrict access to critical systems, including assets and applications, keeping them safe from potential inside threat risks.

Log In to the BeyondInsight Console

The admin username used to sign into the BeyondInsight Console for the first time is configured during the installation process. Afterward, the credentials you use to log in to the console depend on the type of authentication configured for your BeyondInsight system.

The following authentication types can be used:

  • Password Safe Authentication
  • Active Directory: Create a BeyondInsight group and add Active Directory users as members.
  • LDAP: Create a BeyondInsight group and add LDAP users as members.
  • Smart Card: Configure Password Safe to allow authentication using a Smart Card PIN.
  • RADIUS: Configure multi-factor authentication with a RADIUS server.
  • Third Party Authentication: Configure Password Safe to use authentication for web tools which support SAML 2.0 standard such as PingID, Okta and ADFS.


  1. Open a browser and enter https://<servername>. You are redirected to the web console.
  2. Enter your username and password and then click Log In. The default username is Administrator, and the password is the password you set for Administrator in the configuration wizard.

You may need to accept a pre-login message, if one has been configured on your system.

For more information on configuring authentication using BeyondInsight groups, Smart Card, RADIUS, and third party SAML 2.0 web tools, please refer to the BeyondInsight and Password Safe Authentication Guide.

Select a Display Language

BeyondInsight and Password Safe can be displayed in the following languages:

  • Dutch
  • English
  • French
  • Japanese
  • Korean
  • Portuguese
  • Spanish

If the Show language picker option is enabled in Site Options, you can select a language from the list on the Log In page or by clicking the Profile and preferences button, and then selecting it from the Language list.

Navigate the Console

BeyondInsight Home Page

Once logged into the BeyondInsight console, you are taken to the Home page, where the BeyondInsight suite of features is easily accessible by clicking the container cards or by clicking Menu in the left navigation menu.


Available features include:

  • Assets: Display and manage all assets. Access the Smart Rules page to create and manage smart groups. Add assets to Password Safe management.
  • Smart Rules: View and mange Smart Rules.
  • Scan: Schedule discovery scans.
  • Scans: Review active, completed, and scheduled scans.
  • Endpoint Privilege Management: View and manage Endpoint Privilege Management events, policies, policy users, agents, file integrity monitoring, and session monitoring.
  • Managed Systems: View and configure properties for Password Safe managed systems, managed databases, managed directories, managed applications, and their associated Smart Rules.
  • Managed Accounts: View and configure properties for Password Safe managed accounts and their associated Smart Rules.
  • Password Safe: Access the Password Safe web portal to request passwords and remote access sessions and to approve requests.
  • Team Passwords: View and manage team credentials.
  • Analytics & Reporting: Access reports on collected data.
  • Configuration: Configure BeyondInsight and Password Safe components and objects, such as users and groups, authentication settings, connectors, and much more.

For more information on installing and configuring Resource Brokers and Zones, please refer to the Password Safe Cloud Resource Broker Configuration and Installation Guide.