Use Credential Injection During Access Sessions

After BeyondTrust Vault has been configured and accounts imported or manually added, the access console can begin to use credentials stored in BeyondTrust Vault to log into remote systems. Credential injection is available to log into remote systems and any other events requiring privileged account information during an access session.

Credential injection is not available for Mac Jump Clients.

Screenshot of the Enter Credentials dialog for credential injection.

  1. While in an access console session, you can inject credentials by clicking the key icon. A dropdown credential dialog appears, listing the credentials available for selection from BeyondTrust Vault.
  2. Select the appropriate credentials.


The access console retrieves the selected credentials from BeyondTrust Vault and injects them into the session.


Choose from Favorite Credentials for Injection

After you have used a set of credentials to log into an endpoint, the system stores your preferred credentials for the endpoint and the context in which they were used (to log in, to perform a special action, to elevate, or to push) in the B Series Appliance database. The next time you use a credential to access the same endpoint, the credential injection menu makes a recommendation for which credentials to use. The credentials are displayed at the top of the credentials list, followed by any remaining credentials. If no credential history exists for an endpoint, the B Series Appliance simply displays all possible credentials.

The credential list recommends no more than five credentials.