Password glossary
The following is an alphabetical list of Password Safe and U-Series product-specific terms with their descriptions and links to related information in the documentation.
| Term | Definition |
|---|---|
| Access Policy | A rule set that controls how users request and obtain access to managed accounts and sessions (that is, approvals, time limits, just‑in‑time access). Access Policies tie to connection options and enforcement in Password Safe Cloud. |
| Active/Active | Sometimes called multi-active<.b>, this deployment type allows multiple nodes (Password Safe instances) to be active simultaneously. Each node connects directly to the database. |
| Active Directory (AD) Account (Managed) | A directory account brought under Password Safe management (that is, for rotation/checkout) via Smart Rules or onboarding workflows. Often discovered through directory queries and governed by password policies. |
| Active/Passive | Two U-Series Appliances are required for active/passive. The internal databases are replicated, and a heartbeat sent from the primary indicates to the secondary if it should take over operations. |
| Admin Session | Allows you to open ad hoc RDP and SSH sessions without going through the request process and allow you to select a node associated with another region to act as a proxy for the session. Displays only for users who have full control permissions to the Password Safe Admin Session feature and for Password Safe administrators. |
| Asset | Any host, device, database, or account‑bearing resource known to BeyondInsight/Password Safe and eligible for management, grouping, and policy application. |
| Asset‑based Smart Rule | A Smart Rule type targeting assets stored in the Password Safe database or returned by a Directory Query to classify and onboard them. |
| BeyondInsight | Provides centralized management, reporting, and analytics for Password Safe and other BeyondTrust products. This acts as the management console for administrators to perform the implementation where data is stored in the database and management console. |
| BeyondTrust Cloud Region Availability | A listing of the geographic cloud regions where BeyondTrust cloud services can be deployed to meet data residency, compliance, and latency requirements. |
| BT Updater | BT Updater is an application that downloads and installs updates for BeyondTrust products. |
| Connection Profile | A reusable definition of connection parameters (protocol, client settings, brokered access) used when launching or brokering sessions to managed systems under policy. |
| Credential Auto‑Generate (Secrets Safe) | When enabled on a Secrets Safe credential, the password value is generated from a selected Password Safe password policy (requires Allow use for Secrets Safe on that policy). |
| Dedicated Account (Smart Rule Use Case) | A specific account type commonly targeted in Smart Rules for specialized handling (that is, application or service accounts), often with rotation and linkage logic. |
| Default Password Policy | The built‑in policy used to generate new passwords for auto‑managed accounts. It can be edited (length, complexity, character classes) but cannot be deleted. |
| Directory Credential | A username and password (or other authentication data) that provides access to an account within a directory service, such as Microsoft Active Directory (AD), LDAP, or Azure AD. |
| Directory Query | A query against directory services (that is, AD) used as selection criteria in Smart Rules to discover and onboard assets/accounts dynamically. |
| Discovery Scan | A scheduled or ad‑hoc scan that identifies assets/accounts and updates inventory; often coordinated with Smart Rules to streamline onboarding and grouping. |
Updated about 3 hours ago
