Accelerated Time to Value
Achieve agile privileged password management that proactively manages privileged accounts, credentials, secrets, and sessions for people and machines, ensuring complete control and security, while also enabling zero trust to improve your security posture.
BeyondTrust Professional Services Password Safe packages offer scalable services engagements, with a drive toward providing customer self-sufficiency at all points along the engagement. The outcomes you receive are rooted in our best practices and are delivered in several Tiers, each representing increasingly comprehensive solutions.
Customer Outcomes
Tier 1 Outcomes
Delivers essential Password Management & Session Management functionality for the assets in your environment. Reduces time to value as you quickly gain control of your credential and secrets usage. You gain visibility of credential and secrets usage through the Analytics & Reporting engine while satisfying your audit and compliance needs.
Tier 2 Outcomes
Delivers expert guidance when integrating installed enterprise systems such as SIEM tools or ITSM Ticketing systems. Implementation leverages structured approaches to developing and deploying advanced use cases for a variety of different asset types.
Tier 3 Outcomes
Delivers workshops to accelerate your enterprise-wide roll out using API frameworks and integrating with your Remote Desktop Services environments, for example. Provides working sessions to create customized oversight solutions and build on your self-sufficiency by developing a knowledge base.
Professional Services Criteria | Tier 1 | Tier 2 | Tier 3 |
|---|---|---|---|
| Infrastructure and High Availability | |||
Appliances | Up to 2 | Up to 4 | Up to 9 |
Active/Passive | Yes | Yes | Yes |
Active/Active[1] | Yes | Yes | Yes |
Analytics & Reporting[1] | Yes | Yes | Yes |
| Privileged Account Management | |||
Asset Import from Active Directory or Address Group with Discovery Scan | 2500 | 5000 | 7500 |
Automated rotation of passwords, Session Management and Password Retrieval (per Use Case) | 5 | 10 | 15 |
Remote Application Session Management per Application [1] | 5 | ||
Define Access Policy and Password Complexity aligned with organizational standards | Yes | Yes | Yes |
| Features Configured | |||
Desired number of completed Password Safe Use cases, from Common Use Case list below | 5 | 10 | 15 |
Number of User Groups with Password Safe Roles assigned to Smart Groups | 5 | 10 | 15 |
AD Integration count for User Security Group, Computer and Account Discovery, or LDAP integration per Domain | 1 | 2 | 5 |
Authentication Integration (SAML, RADIUS or TOTP) integration for Password Safe (1 Provider) | Yes | Yes | Yes |
Enterprise Integrations[2] (Ticketing Systems) | Yes | Yes | |
Syslog/SIEM connector from available built-in connectors | Yes | Yes | |
Create custom platform connector(s) for SSH Sessions | 1 | 3 | |
Configure Secret Safe | Yes | Yes | Yes |
Configure Workforce Passwords | Yes | Yes | |
Secrets Cache installation, configuration, and example API PowerShell script to pull from Cache | Yes | Yes | |
Review Built-in Reports | Yes | Yes | Yes |
| Knowledge Transfer | |||
Provide knowledge transfer for daily maintenance of the system | Yes | Yes | Yes |
Implementation Closure Report | Yes | Yes | Yes |
- 1.Requires specific prerequisites in place prior to being able to implement this task
- 2.Some connectors may require additional licensing
FAQ
A custom engagement can be scoped to cover Architect Workshops, for an additional fee.
The numbers above represent the maximum number within each deliverable category. If requirements or critiera fall outside of the typical deliverables noted, a custom scoped engagement is also available.
Common Use Cases
Based on each Tier, certain Password Safe use cases are available to be configured, as listed below:
Use Case Info | Tier 1 | Tier 2 | Tier 3 |
|---|---|---|---|
Use Case 1 - Rotate password and proxy RDP session - Local Windows Administrator to domain joined Windows Server | Yes | Yes | Yes |
Use Case 2 - Rotate password and proxy SSH session - Local root/privileged account to Linux/ Unix server | Yes | Yes | Yes |
Use Case 3 - Rotate password and proxy SSH session - Local Administrator to Network device | Yes | Yes | Yes |
Use Case 4 - Rotate password and proxy RDP session - Active Directory Windows Administrator to Windows Server | Yes | Yes | Yes |
Use Case 5 - Rotate password and proxy SSH session - Active Directory Administrator to Linux/ Unix server - requires established Active Directory bridge | Yes | Yes | Yes |
Use Case 6 - Rotate password and proxy SSH session - Active Directory Administrator to Network device - requires established Active Directory bridge | Yes | Yes | Yes |
Use Case 7 - Rotate and RDP - Dedicated Active Directory Administrator to Windows Server - ensure only the individual can see their administrator account - requires naming convention to match with suffix or prefix | Yes | Yes | Yes |
Use Case 8 - Rotate and Retrieve Password - Local Database Administrator on Database | Yes | Yes | Yes |
Use Case 9 - Rotate SSH Key and proxy SSH session - Local Administrator with Password and/or SSH Key to Linux/Unix server | Yes | Yes | Yes |
Use Case 10 - Rotate SSH Key and proxy SSH session - Local Administrator with Password and/or SSH Key to Network device | Yes | Yes | Yes |
Use Case 11 - Local Windows Administrator to non-domain joined Windows Servers using local functional account (ie DMZ) | Yes | Yes | Yes |
Use Case 12 - Rotate password on Windows Services or Scheduled Tasks - Propagation Actions - Windows Services Log on as, Scheduled Tasks run as, and Application Pools run as | Yes | Yes | |
Use Case 13 - Retrieve Password - Administrator on Cloud platform | Yes | ||
Use Case 14 - Application Session - Managed local or Active Directory Administrator account - requires established script and Remote App configured on RDS | Yes | ||
Use Case 15 - Local Windows Administrator to Windows desktop or server via EPM Client with off network management integrations | Yes |
