Password Safe Cloud Administration Guide
Password Safe Cloud is your privileged access management solution to ensure your resources are protected from insider threats. It combines privileged password and session management to discover, manage, and audit all privileged credential activity.
Password Safe Cloud creates and secures privileged accounts through automated password management, encryption, secure storage of credentials, and a sealed operating system.
Password Safe Cloud's random password generator algorithm does not use any common phrases or dictionary words as inputs or in its generation. It selects each password character randomly from the list of allowable characters, numerals, and symbols to build the password.
Password Safe Cloud is supported on hardened secured virtual machines in an Azure environment that create and secure privileged accounts through automated password management, encryption, secure storage of credentials, and a sealed operating system.
More specifically, you can use Password Safe to accomplish the following:
- Scan, identify, and profile all assets for automated Password Safe management, ensuring no credentials are left unmanaged.
- Control privileged user accounts, applications, SSH keys, cloud admin accounts, RPA accounts, and more.
- Use adaptive access control for automated evaluation of just-in-time context for authorization access requests.
- Monitor and record live sessions in real time and pause or terminate suspicious sessions.
- Enable a searchable audit trail for compliance and forensics, and achieve complete control and accountability over privileged accounts.
- Restrict access to critical systems, including assets and applications, keeping them safe from potential inside threat risks.
Log In to Password Safe Cloud
The admin username used to sign into the BeyondInsight Console for the first time is configured during the installation process. Afterward, the credentials you use to log in to the console depend on the type of authentication configured for your BeyondInsight system.
The following authentication types can be used:
- BeyondInsight and Password Safe Authentication: Create a BeyondInsight user in the console, add the user to a group, and assign roles.
- Active Directory: Create a BeyondInsight group and add Active Directory users as members.
- LDAP: Create a BeyondInsight group and add LDAP users as members.
- Smart Card: Configure Password Safe to allow authentication using a Smart Card PIN.
- RADIUS: Configure multi-factor authentication with a RADIUS server.
- Third Party Authentication: Configure Password Safe to use authentication for web tools which support SAML 2.0 standard such as PingID, Okta and ADFS.
When working in the console, the times displayed match the web browser on the local computer unless stated otherwise.
To log in:
- Open a browser and enter the URL for your BeyondInsight
- Enter your username and password. The default username is Administrator, and the password is the administrator password you set in the
- If applicable, select a domain or LDAP Server from the Log in to list.
- Click Login.
The Log in to list is only displayed on the Login page when there are either Active Directory or LDAP user groups created in the BeyondInsight console. The Log in to list is displayed by default, but may be disabled / enabled by an admin user by toggling the Show list of domains/LDAP servers on login page setting from Configuration > System > Site Options page.
For more information on configuring authentication using BeyondInsight groups, Smart Card, RADIUS, and third party SAML 2.0 web tools, please refer to the BeyondInsight and Password Safe Authentication Guide.
Select a Display Language
BeyondInsight and Password Safe can be displayed in the following languages:
If the Show language picker option is enabled in Configuration > System > Site Options > Localization, you can select a language from the list on the Log In page or by clicking the Profile and preferences button, and then selecting it from the Language list.
Navigate the Console
Once logged into Password Safe Cloud, you are taken to the Home page, where you can quickly access the following functionality from the container cards:
- Setup Resource Brokers and Zones to allow for connectivity to network segments.
- View and manage assets.
- Access Password Safe to execute password requests and approvals.
- Access configuration settings for BeyondInsight and Password Safe components and objects.
You can also view the following dynamically updated dashboard cards to see the most recent information for your Resource Zones and Resource Brokers:
- List of Resource Zones and how many Resource Brokers are checked in for each zone
- List of Resource Brokers, along with the Zone they are in, and their health status
To access the suite of features in the BeyondInsight Console, click Menu in the left navigation menu.
Available features include:
- Assets: Display and manage all assets. Access the Smart Rules page to create and manage Smart Groups. Add assets to Password Safe management.
- Smart Rules: View and mange Smart Rules.
- Discovery: Run and schedule discovery scans, review active, completed, and scheduled scans, and view the list of discovery scanners.
- Managed Systems: View and configure properties for Password Safe managed systems, managed databases, managed directories, managed applications, and their associated Smart Rules.
- Managed Accounts: View and configure properties for Password Safe managed accounts and their associated Smart Rules.
- Password Safe: Access the Password Safe web portal to request passwords and remote access sessions and to approve requests.
- Team Passwords: View and manage team credentials.
- Analytics & Reporting: Access reports on collected data.
- Configuration: Configure BeyondInsight and Password Safe components and objects, such as users and groups, authentication settings, connectors, and much more.
- About: Access helpful links. View the current BeyondInsight version information, as well as the history of installed versions.