Discover Domains, Endpoints, and Accounts Using BeyondTrust Vault
With the BeyondTrust Vault add-on, you can discover Active Directory accounts, local accounts, and endpoints. Jumpoints are used to scan endpoints and discover the accounts associated with those endpoints.
To learn more about Jumpoints, please see BeyondTrust Remote Support Jumpoint Guide.
The first step to implementing BeyondTrust Vault into your environment is to use the built-in discovery tool to find these accounts. To initiate a discovery job, follow the steps below.
Initiate a Discovery Job
- From the /login interface, go to Vault > Discovery.
Choose an existing Jumpoint located within the environment you wish to discover accounts.
- Select the management account needed to initiate the discovery job. Choose to use a new account, which requires a Username, Password, and Password Confirmation to be entered. Or choose to use an existing account discovered from a previous job or added manually in the Accounts section. Once an account is selected, click Discover.
- When the confirmation prompt appears asking if you wish to continue, click OK.
The Jumpoint field is required for discovery. The Jumpoint should be the DNS name of a domain controller within the environment you wish to scan.
The discovery process can take some time. While discovery is in underway, the Discovery Progress screen appears and tracks the number of accounts and endpoints discovered.
Once the discovery job is complete, a Discovery Results page appears and lists all discovered endpoints, local accounts, and domain accounts.
From the results page, you can switch between the Endpoints, Local Accounts, and Domain Accounts tabs to view the discovered items.
- Endpoints: Shows the names of the endpoints discovered, as well as a description, if available.
- Local Accounts: Shows the Username, Endpoint (association), Description, Last Login Date, and Password Age for all discovered local accounts.
- Domain Accounts: Shows the Username, Distinguished Name, Description, Last Login Date, and Password Age for all discovered domain accounts.
Import Discovered Endpoints and Accounts
You can import endpoints, local accounts, or domain accounts into BeyondTrust Vault for continued management, use, and maintenance.
- Choose any of the tabs: Endpoints, Local Accounts, or Domain Accounts.
- Check the box located beside the endpoint or account you wish to import.
- Click Import Selected.
- The Import Discovered Items section will appear, listing the number of endpoints and accounts selected to be imported. Click Start Import.
Once the import is complete, the endpoint or account becomes available in the Endpoints and Accounts sections.
For imported endpoints, RDP Jump Shortcuts are created with an automatic association to local accounts.
For more information, please see Discover Domains, Accounts, and Endpoints.
Add Generic Credentials and SSH Keys
Outside of the discovery process, you can manually add individual credential accounts to BeyondTrust Vault. To add generic accounts, follow the steps below.
- Go to Vault > Accounts.
- Click Add New Account.
- Complete the information on the Generic Account :: Add page. The required fields are:
For more information about adding generic accounts, please see Generic Account :: Add.
- When finished, click Add Account.
At any point, you can edit the account's information by clicking ... > Edit.