Login
    Contents x
    BeyondTrust Password Safe Integration
    • 23 Apr 2023
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    BeyondTrust Password Safe Integration

    • Updated on 23 Apr 2023
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    The BeyondTrust Password Safe integration enables Axonius to securely pull privileged credentials from the BeyondTrust Password Safe. The integration ensures that privileged credentials are secured in the BeyondTrust Password Safe, rotated to meet company guidelines, and meet complexity requirements.

    NOTE

    This integration has only been tested and supported with version 22.1.0.441. Please contact Axonius Support if you have a different version and it is not functioning as expected.

    Description of Product Integration

    Axonius uses the BeyondTrust Password Safe API to fetch credentials from the BeyondTrust Password Safe, refer to Password Safe Administration guide

    The credentials are only fetched by Axonius when:

    • Creating a new adapter connection
    • Updating an existing adapter connection
    • Running an enforcement set
    • Fetching asset information for adapters during discovery cycles

    Axonius does not store the credentials anywhere and deletes any trace of credentials.


    To enable fetching credentials from your BeyondTrust Password Safe, you need to:

    1. Install and configure Beyond Trust Password Safe.
    2. The managed account must have API access enabled.
    3. The user (the user who creates the connection in Axonius) must have permission to access the managed account.
    4. Enable and configure the External Password Managers - Enterprise Password Management Settings in Axonius.
    5. Configure adapter connection credentials to fetch passwords from BeyondTrust Password Safe.

    Enable BeyondTrust Password Safe Integration

    Enable BeyondTrust Password Safe integration and allow Axonius to securely pull privileged credentials from the BeyondTrust Password Safe.
    Following the guidelines in External Password Managers - Enterprise Password Management Settings.

    Working with BeyondTrust Password Safe

    Once the BeyondTrust Password Safe integration is enabled in Axonius, a new BeyondTrust Password Safe icon will appear in all password fields when configuring adapters or Enforcement sets, allowing you to enter a password manually or to fetch the secret from BeyondTrust Password Safe.

    BeyondTrustIPasswordSafeIcon

    To fetch the password from BeyondTrust Password Safe:

    1. In a password field, click the BeyondTrust Password Safe icon. If you have configured more than one password manager, click the vault icon Vaulticon.png and select BeyondTrust Password Safe from the drop-down. A BeyondTrust Password Safe dialog opens.

    BeyondTRustPWDSFDial

    1. In the dialog, specify the following parameters:
      1. System name (required) - The BeyondTrust system Name.
      2. Account name (required) - Your account name in BeyondTrust.
    2. Click Fetch.
    • If the fetch is successful, a green indication will be displayed next to the BeyondTrust Password Safe icon.

    BeyondTrustGreen

    • If the fetch is unsuccessful, a red indication will be displayed next to the BeyondTrust Password Safe icon. Hovering over the BeyondTrust Password Safe icon will show the error.
      BYTrusPWDSafeError
    NOTE
    Typing or deleting any character in the textbox will change the password field back to a manual password input.


    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout