Manage vault accounts

Vault

Accounts

View and manage information about all discovered and manually added accounts.

Vault can import, rotate, and manage up to 60,000 accounts.

Available information for shared accounts includes:

• Type: The type of account, specifically, whether it is a domain or a local account, or a generic password account.
• Name: The name of the account.
• Username: The username associated with the account.
• Group: The name of the account group to which the account belongs.
• Endpoint: The endpoint with which the account is associated.
• Account Policy: The account policy the Vault account is using.
• Description: Short description about the account.
• Last Checkout: The last time the account was checked out.
• Password Age: The age of the password.
• Status: This column displays when at least one of the accounts has a warning, error, or checked-out status to indicate. Accounts managed by Entra ID are identified in the Status column, as well as an alert if there is no service principal for the account. Accounts used to run a Windows service are indicated as Service Account in the Status column. Multiple statuses for an account are stacked and displayed in different colors. You can mouse-over a specific status to view more details about it.

The Status column is auto-hidden when none of the accounts have a status currently set.

You can filter the list of shared accounts displayed using the filters for Group and Password Age. Click the Select visible columns button above the grid to customize the columns displayed in the grid.

Based on this information, you can perform various actions, including credential check out, check in, and credential rotation.

Available information for personal accounts includes:

• Type: The type of account, specifically, whether it is a domain or a local account, or a generic password account.
• Name: The name of the account.
• Owner: The name of the person who created and owns the account.
• Description: Short description about the account.
• Password Age: The age of the password.

You can filter the list of personal accounts displayed by Owner and Password Age.

Add account

See Add and edit Vault accounts.

Rotate

Select one or more discovered (non-generic) accounts, click Rotate, and then click Start Rotation.

For more information, please see Rotate Privileged Credentials Using BeyondTrust Vault.

Search shared accounts

Search for a specific shared account or a group of accounts based on Name, Endpoint Name, and Description.

Check out and check in a shared account

Click Check Out to view and use a shared credential. When selected, the Account Password prompt appears, displaying the credential for 60 seconds to allow you to copy the password. Once the prompt is closed, the Check In option becomes available. When finished using the account, click Check In to check the password back into the system.

For more information, please see Check Out Credentials from the PRA /login Interface.

Ellipsis menu for shared accounts

Click the ellipsis (...) to view more actions, such as Rotate Password, Edit, and Delete. When Rotate Password is selected, the system automatically rotates or changes the password. When Edit is selected, you can modify the account's information. See Add and edit Vault accounts for details on editing accounts. The Delete option removes the account from the Accounts list.

For more information, please see Rotate Privileged Credentials Using BeyondTrust Vault.

Search personal accounts

Search for a specific personal account or a group of accounts based on Name and Description.

View password for personal account

Click View Password to view and use a personal credential. When selected, the Account Password prompt appears, displaying the credential for 60 seconds to allow you to copy the password.

Edit personal account

Click Edit Account to modify the account's information, specifically Name, Description, Username, and Password.