DocumentationRelease Notes
Log In
Documentation

Create and edit directory credentials

Suggest Edits

A directory credential is required for querying Active Directory (AD), Entra ID, and LDAP. It is also required for adding AD, Entra ID, and LDAP groups and users in BeyondInsight. Follow the steps below for creating each type of directory credential.

To create a directory credential in BeyondInsight:

  1. From the left sidebar, click Configuration.
  2. Under Role Based Access, click Directory Credentials.
  3. Click + Create New Directory Credential.
  4. Select the Directory Type and follow the steps below that are applicable for that type.

Create an Active Directory credential

  1. Select Active Directory for the Directory Type.
  2. Provide a name for the credential.
  3. Enter the name of the domain where the directory and user credentials reside.
  4. Enable the Use SSL option to use a secure connection when accessing the directory.

ℹ️

Note

If Use SSL is enabled, SSL authentication must also be enabled in the BeyondInsight configuration tool.

  1. Enter the credentials for the account that has permissions to query the directory.
  2. Enable the Use Group Resolution option to use this credential for resolving groups from the directory.

ℹ️

Note

Only one credential can be set for group resolution per domain or server.

  1. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Create Credential.

Create an LDAP credential

  1. Select LDAP for the Directory Type.
  2. Provide a name for the credential.
  3. Enter the name of the LDAP server where the directory and user credentials reside.
  4. Enable the Use SSL option to use a secure connection when accessing the directory.

ℹ️

Note

If Use SSL is enabled, SSL authentication must also be enabled in the BeyondInsight configuration tool.

  1. Enter the credentials for the account that has permissions to query the directory.
  2. Enable the Use Group Resolution option to use this credential for resolving groups from the directory.

ℹ️

Note

Only one credential can be set for group resolution per LDAP server.

  1. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Create Credential.

Create an Entra ID credential

  1. Select Microsoft Entra ID for the Directory Type.
  2. Select a credential scope: Public or US Government (supports Azure GCC High). The scope cannot be changed after the directory credential is created.
  3. Provide a name for the credential.
  4. Paste the Client ID, Tenant ID, and Client Secret that you copied when registering the application in your Entra ID tenant.
  5. Enable the Use Group Resolution option to use this credential for resolving groups from the directory.

ℹ️

Note

Only one credential is supported per Entra ID tenant.

  1. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Save Credential.

Edit a directory credential

  1. From the Directory Credentials grid, click the vertical ellipsis for the credential, and then select Edit.
  2. Make the changes required.

ℹ️

Note

For AD or LDAP credentials, if you change the Domain or LDAP Server, enable or disable the Use SSL option, or update the Username or Bind DN, you must change the password. Click Change Password to display fields to enter and confirm the new password.

  1. Click Test Credential to ensure the edited credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Save Credential.

Updated 6 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.