BeyondTrust Remote Support Vault Whitepaper
Service desk technicians are often required to use administrative credentials with elevated privileges to resolve support issues. Although compromised privileged account credentials are a common target for hackers, credential management best practices are often secondary to the need to resolve issues quickly. With the pressure to provide support as quickly and efficiently as possible, many service desk teams share and store credentials in plain text for convenience. BeyondTrust Vault for Remote Support mitigates that risk in your service desk by enabling secure credential management without sacrificing convenience and business productivity.
BeyondTrust Vault fits seamlessly with service desk workflow because it is integrated directly with the Remote Support solution. Technicians do not have to learn to use another tool or even exit BeyondTrust to retrieve passwords. With just one click in the Remote Support representative console, users can select the correct credential from the dropdown and log directly into a remote system - without ever having to know or even see the actual password.
In this document, we cover the following topics:
- Vault Configuration: Enable the user permissions needed to start using BeyondTrust Vault.
- Discovery & Import: Find privileged accounts commonly used by your privileged users, along with their associated endpoints, as well as Windows service accounts, and import them into the BeyondTrust Vault.
- Add Credentials Manually: Manually add shared and personal generic accounts into the BeyondTrust Vault.
- Credential Grouping: Use account groups to logically group Vault accounts and grant users access to multiple accounts at one time.
- Vault Account Policies: Use account policies to define account settings related to password rotation and credential checkout and apply those settings to multiple accounts at once.
- Credential Rotation: Rotate passwords, manually or automatically, after each use.
- Check In and Check Out: Retrieve credentials for use outside of a BeyondTrust session.
- Credential Injection: Inject credentials into a remote system directly from the BeyondTrust representative console.
- Reporting: View and track credential activity, including the use of shared credentials.
- Using Vault with Azure AD Azure AD Domain Services accounts: Create a Microsoft Azure AD service principal and use Vault to discover and manage Azure AD Domain Services accounts.
For more information, please see BeyondTrust Vault for Remote Support.