Privileged Credential Management - Control Access, Automate Rotation, Reduce Risk of Compromise

Products
Privileged Password Management

Discover, manage, audit, and monitor privileged accounts and credentials.

Password Safe

DevOps Secrets Safe
Endpoint Privilege Management

Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

Windows and Mac

Unix and Linux

Active Directory Bridge
Secure Remote Access

Centrally manage remote access for service desks, vendors, and operators.

Remote Support

Privileged Remote Access
Cloud Privilege Protection

Enforce least privilege and manage access across cloud infrastructure.

Cloud Privilege Broker
BeyondInsight

Experience the industry’s most innovative, comprehensive platform for privileged access management.
Solutions
Use Cases
Industry Applications
Solutions

The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.
Resources
Learn
Attend
- Events
- Go Beyond
- Training
- Webinars
Support
Universal Privilege Management

Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.
Company
- About
- Leadership
- Core Values
- Partners
- Careers
Watch Demo
Contact Sales

Open

Control Access to Privileged Credentials, Automate Rotation and Reduce the Risk of Compromise

Password Safe enables organizations to securely store, rotate and control access to privileged account passwords and other credentials to better protect sensitive assets and more easily meet compliance requirements. Password Safe helps your teams to:

Keep passwords fresh: Rotate passwords on a scheduled basis or upon check-in to mitigate the risk of abuse or misuse.
Rotate SSH keys: Automatically rotate keys according to a defined schedule and enforce granular access control and workflow.
Eliminate application credentials: Get control over scripts, files, code, and embedded keys.
Ensure password strength: Define and enforce password policy to meet any complexity requirement.
Eliminate old passwords: Analyze password ages and proactively report policy violations.
Solve the problem of remote users: Use BeyondTrust Privilege Management for Windows and Mac as an agent to update passwords on remote devices.
Active/active targeted password change: Selectively process password change, password test, and account notification queue items for designated workgroups.

Use Access Policies to Control and Protect Access to Privileged Credentials

In Password Safe, groups of users are associated with groups of accounts via Access Policies. The Access Policy defines when, where, and how access is granted and what level of approval is required for each.

Access can be granted by password retrieval, session, or application session (by injecting credentials into the application within an SSH or RDP session). Managed Accounts include configuration indicating whether the credential should be rotated at the end of the request and the frequency of rotation irrespective of any other password change activity. This feature also allows for bulk password changes as determined by policy. This granularity level in access and password change propagation makes Password Safe a robust, flexible, and scalable solution for organizations of all sizes.

Secure Application Credentials

Password Safe eliminates hard-coded or embedded application credentials automatically, simplifying management for IT and better securing the organization from exploitation of those credentials. Password Safe:

Enables removal of hard-coded passwords from applications and scripts
Provides an extensible REST interface that supports many languages, including C/C++, Perl .NET, and Java
Ensures that passwords can be automatically reset upon release
Enforces extensive security controls to lock down access to only authorized applications

Simplify SSH Key Management

Traditional methods of SSH key management are very labor intensive, with many organizations not properly rotating their keys. As well, it is common practice for administrators to share keys. Between the lack of rotation and the sharing of keys, organizations lose accountability over their systems, which could lead to those systems being vulnerable to exploits. Password Safe adds security and simplifies the management of SSH keys by:

Storing private keys like any other privileged credential
Automatically rotating SSH keys according to a defined schedule
Allowing designated ‘secondary’ accounts and SSH keys to be grouped to a ‘primary’ account to manage rotation interval, complexity and duration of SSH keys
Enforcing granular access control and workflow
Alerting when a key is released
Automatically logging users onto Unix or Linux systems through the proxy with no user exposure
Recording every privileged session with full playback and key usage auditing
Offering failover to a managed password for complete redundancy
Allowing SSH sessions to be easily established via your existing desktop tools without having to initiate with a web interface
Password Safe greatly simplifies the management and secures the use of SSH keys for better control, accountability and security over Unix and Linux systems.