Configure Password Safe Global Settings

  1. In the BeyondInsight Console, go to Configuration > Privileged Access Management > Global Settings.
  1. Set the options in each of the sections below. Click the Update button for each section to apply changes made in that section.

Sessions

Setting Description / Action
Connecting to systems using Choose how you want to connect to systems. Select DNS Name or IP Address, or All if you want multiple connection options to be available.
RDP session default port Change the default port for all RDP sessions.
Token timeout for remote session playback Change the default timeout. The default is 30 seconds. The range is 10 - 60 seconds.
Session initialization timeout Change the default session token value. The default is 30 seconds. The range is 5 - 600 seconds. Applies to SSH, RDP, and application sessions.
Default RDP screen resolution Change the default screen resolution. Range is 640x480 - 1920x2058 pixels.
Enable smart sizing Enable to resize the RDP window to match the size of the user's screen.
Allow users to select a remote proxy Enable if you want users to be able to select specific BeyondInsight instances when making requests.
Make smart card device available in remote desktop sessions When enabled, the user must log in to the session using smart card credentials when configured for the system. This setting applies to all RDP sessions and is turned off by default.

This is an advanced feature. Please contact BeyondTrust Technical Support for assistance with using this feature.
Hide record checkbox for ISA sessions Enable if you do not want the Record Session check box to be available on requests.

For more information, please see Configure Session Monitoring.

Requests

Setting Description / Action
Require a ticket system and ticket number for requests

Enable to have mandatory completion of the Ticket System and Ticket Number fields on all requests.

Display who has approved sessions Enable this option on all requests.
Reason is required for new requests Enable this option on all requests.
Auto-select access policy for OneClick Enable to automatically select the best access policy. When this option is selected, the access policy with the most available actions, or multiple access policies will be selected if each one has a different action. When this option is not selected, all the available access policy schedules will display in OneClick.
Bypass SSH Landing Page for OneClick Enable to save time for users when connecting using OneClick.
Bypass SSH Landing Page for regular or ISA requests Enable to bypass the SSH landing page when running an SSH Session or SSH Application Session, and instead directly open PuTTY. This setting applies only to regular requests, ISA requests, and admin sessions. It does not apply to sessions initiated using OneClick.

For more information, please see Add Ticket Systems to the List on the Requests Page.

Session Monitoring

For information on Session Monitoring options, please see Configure Session Monitoring.

Purging

Setting Description / Action
Minimum retention for old password

Set the number of days to retain old passwords. The default is 30 days. The range is 1 - 360 days.

Number of old passwords to retain

Set the number of past passwords to retain. The default is 5 passwords. The range is 1 - 30 passwords.

Password Safe will retain, at minimum, a number of passwords equal to the total of the current password (1) plus the value for Past Passwords. Password Safe will delete all passwords that are older than the number of days equal to the value of Minimum Retention Days.

Retention period for sent mail log

Set the number of days to store log entries for sent email. The default is 30 days. The range is 1 - 365 days.

Retention period for admin log

Set the number of days to store the administrator activity logs. The default is 90 days. The range is 30 - 365 days.

Retention period for password change log Set the number of days to store password change logs. The default is 90 days. The range is 30 - 365 days.
Retention period for password test results Set the number of days to store success and failure results for automated password tests. The default is 30 days. The range is 10 - 90 days.
Retention period for system event log

Set the number of days to store system event logs. The default is 365 days. The range is 5 - 1095 days.

Miscellaneous

Setting Description / Action
Unlock accounts on password change

Enable for locked accounts to automatically unlock when their password has changed.

This only applies to BeyondInsight local user accounts.

Enable Rebex debug logging Enable Rebex debug logging to troubleshoot custom platform issues.
Jumphost connect format Select Hostname or IP Address.

Changes made to Global Settings can be seen on the User Audits page:

  1. Go to Configuration > General > User Audits.
  2. Changes that were made to Password Safe Global Settings are indicated as PMM Global Settings in the Section column. Click the i button for the audit item to view more details about the action taken.

User Audits Page in BeyondInsight Console

Network traffic can create delays in establishing the connection. Increase the token timeout if you are experiencing network timeouts. For more information on multi-node session playback, please see Configure Session Monitoring.