Add and Manage Vault Accounts

You can add and manage credential accounts manually from the Accounts page.

Add Generic Credentials and SSH Keys

Outside of the discovery process, you can manually add individual credential accounts to BeyondTrust Vault. You can add shared generic accounts and personal generic accounts. Shared generic accounts may be used by all users who have been assigned to the account with the Inject or the Inject and Check Out vault account role. Personal generic accounts may be used only by the account owner (the user who created the account). To add generic accounts, follow the steps below.

  1. From the /login interface, go to Vault > Accounts.
  2. Click Add.
  3. Select Shared Generic Account.
  4. Complete the information on the Add Shared Account page. The required fields are:
    • Name
    • Username
    • Authentication
    • Password
  5. Check Allow Simultaneous Checkout if you want to allow this credential to be checked out by multiple users at the same time.
  6. Select an Account Group from the list to add this account to a group.

Adding a credential account to an account group allows all users who have been assigned to that group to use this credential. If an account group is not selected, you must add account users individually to this new credential and assign their role.

  1. If you are not adding this new credential account to an account group, add users and their vault role individually in the Account Users section.
  1. Click Save at the top of the page to save the new shared credential account.
  1. From the /login interface, go to Vault > Accounts.
  2. Click Add.
  3. Select Personal Generic Account.
  4. Complete the information on the Add Personal Account page. The required fields are:
    • Name
    • Username
    • Authentication
    • Password
  5. Click Save at the top of the page to save the new personal credential account.

Vault administrators can view personal accounts but cannot edit them, inject them, or view their passwords. Only the user who created the personal account can modify, inject, or view the account's password.

Edit a Vault Account

  1. From the /login interface, go to Vault > Accounts.
  2. For shared accounts:
    • From the Shared tab, locate the account you wish to edit.
    • Click the ellipsis (...).
    • Select Edit.
  3. For personal accounts:
    • From the Personal tab, locate the account you wish to edit.
    • Click Edit Account (pencil icon).
  4. Modify options as necessary, and then click Save.

Delete a Vault Account

  1. From the /login interface, go to Vault > Accounts.
  2. For shared accounts:
    • From the Shared tab, locate the account you wish to delete.
    • Click the ellipsis (...).
    • Select Delete.
  3. For personal accounts:
    • From the Personal tab, locate the account you wish to delete.
    • Click Delete Account.
  4. Click Yes to confirm.