Set up Privilege Management for Mac and Password Safe Cloud

Starting with the Privilege Management for Mac 21.6 release, you can add macOS computers to Password Safe Cloud to rotate passwords on the endpoints.

This section applies to only Password Safe Cloud.

Packages in the 21.6 Release

  • BIAdapter_x.x.x.x.pkg
  • pwsclient_x.x.x.x.pkg: A standalone Password Safe client installer. In earlier versions, Password Safe was bundled with the BIAdapter package.
  • PrivilegeManagementForMac_x.x.x.x.pkg

Set up a New Password Safe Cloud Integration

For new installations, the workflow is:

  • Install the Privilege Management for Mac client.
  • Install the standalone Password Safe client.
  • Set advanced settings for Password Safe.
  • Add the computer to Password Safe as a managed asset.

Install the Privilege Management for Mac Client

Installation instructions for the Privilege Management for Mac are provided earlier in this guide.

For more information, please see Install the Privilege Management for Mac Client.

Install the Standalone Password Safe Client

When the new Password Safe client is installed, existing BeyondInsight settings are copied to a new location (from /Library/Application Support/BeyondTrust/Defendpoint/ to /Library/Application Support/BeyondTrust/PasswordSafe/) so that on-premises Password Safe installations continue to work as expected.

  1. Start up the installer and go through the wizard.
  2. Click Continue on the Introduction page.
  3. Read through the license agreement.
  4. Select the installation location.
  5. Set the installation type.
  6. The Summary page indicates the installation was successful.

Set Advanced Settings

After the Password Safe client is successfully installed, you must manually update the settings_app.xml file located in the /Library/Application Support/BeyondTrust/PasswordSafe/ directory.

In a future Rapid Deployment Tool release, support for creating an installable package with Password Safe settings will be available.

Add the following settings:

The Privilege Management for Mac settings file

  • RCSServer: The URL to the BeyondInsight server.
  • RCSCertificate: The name of the BeyondInsight client certificate used to communicate with BeyondInsight.
  • RCSWorkgroup: The name of the workgroup that is sent to BeyondInsight to assist when grouping assets.


After the settings_app.xml file is saved, the Password Safe client tries to connect to the BeyondInsight server and register. When successful, the computer can be added as a managed system.

The settings can be changed in the registry.

For more information about registry settings, please see Privilege Management for Windows Installation in Privilege Management for Windows BeyondInsight Integration Guide .

Add the macOS Computer to Password Safe Cloud as a Managed System

Add Privilege Management for Mac computer to Password Safe Cloud management

When adding the computer, select Mac OSX Secure Token from the Platform list.


For complete step-by-step instructions on adding managed systems and accounts, please see Add Assets to Password Safe .

Upgrade to Password Safe Cloud

You can upgrade to Password Safe Cloud from Password Safe on-premises deployment.

The upgrade workflow:

  • Install the Privilege Management for Mac client.
  • Install the BeyondInsight Adapter.
  • Install the standalone Password Safe client.