Password Safe Cloud Administration Guide
Password Safe Cloud is your privileged access management solution to ensure your resources are protected from insider threats. It combines privileged password and session management to discover, manage, and audit all privileged credential activity.
Password Safe Cloud creates and secures privileged accounts through automated password management, encryption, secure storage of credentials, and a sealed operating system.
Password Safe Cloud is supported on hardened secured virtual machines in an Azure environment that create and secure privileged accounts through automated password management, encryption, secure storage of credentials, and a sealed operating system.
More specifically, you can use Password Safe to accomplish the following:
- Scan, identify, and profile all assets for automated Password Safe management, ensuring no credentials are left unmanaged.
- Control privileged user accounts, applications, SSH keys, cloud admin accounts, RPA accounts, and more.
- Use adaptive access control for automated evaluation of just-in-time context for authorization access requests.
- Monitor and record live sessions in real time and pause or terminate suspicious sessions.
- Enable a searchable audit trail for compliance and forensics, and achieve complete control and accountability over privileged accounts.
- Restrict access to critical systems, including assets and applications, keeping them safe from potential inside threat risks.
Log In to Password Safe Cloud
The admin username used to sign into the BeyondInsight Console for the first time is configured during the installation process. Afterward, the credentials you use to log in to the console depend on the type of authentication configured for your BeyondInsight system.
The following authentication types can be used:
- Password Safe Authentication
- Active Directory: Create a BeyondInsight group and add Active Directory users as members.
- LDAP: Create a BeyondInsight group and add LDAP users as members.
- Smart Card: Configure Password Safe to allow authentication using a Smart Card PIN.
- RADIUS: Configure multi-factor authentication with a RADIUS server.
- Third Party Authentication: Configure Password Safe to use authentication for web tools which support SAML 2.0 standard such as PingID, Okta and ADFS.
To log in:
- Open a browser and enter https://<servername>. You are redirected to the web console.
- Enter your username and password and then click Log In. The default username is Administrator, and the password is the password you set for Administrator in the configuration wizard.
You might need to accept a pre-login message, if one has been configured on your system.
Select a Display Language
BeyondInsight and Password Safe can be displayed in the following languages:
If the Show language picker option is enabled in Site Options, you can select a language from the list on the Log In page or by clicking the Profile and preferences button, and then selecting it from the Language list.
Navigate the Console
Once logged into Password Safe Cloud, you are taken to the Home page, where you can quickly access the following functionality from the container cards:
- Setup Resource Brokers and Zones to allow for connectivity to network segments.
- View and manage assets.
- Access Password Safe to execute password requests and approvals.
- Access configuration settings for BeyondInsight and Password Safe components and objects.
You can also view the following dynamically updated dashboard cards to see the most recent information for your Resource Zones and Resource Brokers:
- List of Resource Zones and how many Resource Brokers are checked in for each zone
- List of Resource Brokers, along with the Zone they are in, and their health status
To access the suite of features in the BeyondInsight Console, click Menu in the left navigation menu.
Available features include:
- Assets: Display and manage all assets. Access the Smart Rules page to create and manage Smart Groups. Add assets to Password Safe management.
- Smart Rules: View and mange Smart Rules.
- Scan: Schedule Discovery Scans.
- Scans: Review active, completed, and scheduled scans.
- Managed Systems: View and configure properties for Password Safe managed systems, managed databases, managed directories, managed applications, and their associated Smart Rules.
- Managed Accounts: View and configure properties for Password Safe managed accounts and their associated Smart Rules.
- Password Safe: Access the Password Safe web portal to request passwords and remote access sessions and to approve requests.
- Team Passwords: View and manage team credentials.
- Analytics & Reporting: Access reports on collected data.
- Configuration: Configure BeyondInsight and Password Safe components and objects, such as users and groups, authentication settings, connectors, and much more.