PowerBroker Password Safe version 6.4 improves on key features and capabilities in session management, adaptive workflow, and password management with unmatched levels of security, scalability and control.

New Features: PowerBroker Password Safe 6.4

Streamlined Single Interface

BeyondTrust PowerBroker Password Safe now has a single interface for users, administrators, and auditors alike. Improved contextual navigation allows admins to quickly jump from configuration to managing account properties to releasing sessions, in an instant. The Password Safe user portal and menu have additionally been localized into Spanish, Japanese, Korean, and Brazilian Portuguese. This new, intuitive interface makes it even easier for users to speedily navigate through the application. A new slide out navigation bar on the left allows common activities to be quickly selected, and Smart Links at the top of the screen provide quick access to related tasks.

Account Management Improvements

Execute tasks en masse using multi-select option

To help IT administrators streamline operational functions, PowerBroker Password Safe version 6.4 lets administrators filter and select managed accounts to perform tasks like:

  • Managed Account Deletion: Remove accounts in bulk
  • Bulk Password Change: Instantly schedule mass password changes in the event of emergencies
  • Bulk Unlinking: Remove all linked systems from a managed Active Directory Account

Quick Groups

PowerBroker Password Safe version 6.4 includes a new Quick Groups feature, which allows administrators to create ad hoc groups of managed accounts in seconds. These groups may be used in exactly the same manner as Smart Groups, for access control. Create, populate, and edit managed account groups in a few clicks directly from the UI New reprocessing options enhance group scalability up to 100 times better than before.

Session Management Improvements

Protect Privileged Session Privacy with Auto Disconnect and Logoff

Often it is necessary to log a user out of a running session when the session time expires. PowerBroker Password Safe Version 6.4 adds auto log-off capability, selectable via Access Policy. Additionally, for cases where users may be accidentally disconnected from the session proxy and potentially sensitive information may be exposed in the RDP session to the next user, a new ‘Log-off on disconnect’ option is now available in the access policy. To help Admins know when their sessions will be logged out, a new countdown timer overlay displays in the top left corner of a running RDP session, and on the window title bar of an active SSH session.

Other Session Management Improvements

  • Proxy error message improvements
  • Keystroke logging / Enhanced Session Auditing may be disabled via access policy
  • The session token timeout may be configured in global settings
  • Font Smoothing is now enabled by default
  • Support for full 2FA is provided for DirectConnect

Active Sessions
  • Improved polling for instant status update
RDP Security
  • All text pasted into RDP sessions is now audited and indexed

Maintain Productivity with Remote Proxy Selection

Often, in large distributed installations, network latency can slow down performance of either a remote web portal, or remote proxy. PowerBroker Password Safe 6.4 allows organizations to enjoy the best of both worlds, and have users choose a portal that is performant, and then identify a Session Management Proxy that provides the fastest connection to any given managed resource.

Password Safe Worker Nodes may be configured independently for easy identification, and default assignment to specific sets of managed resources.

Additional Improvements

Active Directory

  • Capture and store UPN and SAM account name on Functional Accounts
  • Unix/Linux Systems - Account Name format

Connector Enhancements

  • New PostgreSQL connector
  • Cloud Accounts - concurrent request support
  • Max password rotation up to 999 days
  • Max concurrent requests supported for Database platforms


  • Improved Auditing - Access Policies


  • Managed Credentials for AD Groups and Directory Queries
  • Services - Dependencies Supported Smart Rule Assignment tab for Managed Accounts
  • Managed Account Smart Rule identification tab

API Changes

New APIs

  • Updates an existing Asset by ID.
  • Get and delete a Smart Rule by title
  • Locks an active session.
  • Password Safe 'Applications' endpoint
  • Password Safe Application-based request and session support
  • Password Safe 'LinkedAccounts' endpoint
  • Password Safe 'QuickRules' endpoint
  • Supporting Password Safe 'ManagedAccounts' APIs for Smart Rules and Quick Rules
  • Password Safe Remote Session Proxy support

API Enhancements

  • POST Auth/SignAppin and all subsequent requests have improved performance.
  • POST Requests - Allow concurrent requests for database platforms.
  • POST Assets - Now accepts OperatingSystem.
  • All Asset API response bodies now return CreateDate.

Other Changes

  • Users with 'Password Safe Account Management' permission and/or the ISA role are now authorized to call these APIs.
  • 'Enable for API access' property is no longer required to be set on the Managed Account.