BeyondTrust Remote Support Vault Guide

BeyondTrust Vault for Remote Support mitigates the risk of shared privileged account credentials by enabling secure credential management, including credential discovery, masking, injection, and rotation.

BeyondTrust Vault fits seamlessly into your service desk workflow by integrating directly with the Remote Support solution, allowing administrator accounts to access systems without exiting BeyondTrust. With just one click in the Remote Support representative console, users can select the correct credential and log directly in to a remote system, keeping your privileged accounts more secure.

This document covers the following topics:

  • Vault Configuration: Enable the user permissions needed to start using BeyondTrust Vault.
  • Discovery & Import: Find privileged accounts commonly used by your privileged users, along with their associated endpoints, as well as Windows service accounts, and import them into the BeyondTrust Vault.
  • Add Credentials Manually: Manually add shared and personal generic accounts into the BeyondTrust Vault.
  • Credential Grouping: Use account groups to logically group Vault accounts and grant users access to multiple accounts at one time.
  • Vault Account Policies: Use account policies to define account settings related to password rotation and credential checkout and apply those settings to multiple accounts at once.
  • Credential Rotation: Rotate passwords, manually or automatically, after each use.
  • Check In and Check Out: Retrieve credentials for use outside of a BeyondTrust session.
  • Credential Injection: Inject credentials into a remote system directly from the BeyondTrust representative console.
  • Reporting: View and track credential activity, including the use of shared credentials.
  • Use Vault with Azure AD Domain Services accounts: Create a Microsoft Azure AD service principal and use Vault to discover and manage Azure AD Domain Services accounts.

For more information, please see BeyondTrust Vault for Remote Support.