DocumentationRelease Notes
Documentation

Configuration | BI Cloud

Suggest Edits

What is configuration within Password Safe?

Configuration refers to setting up and customizing Password Safe's features, components, or settings to meet specific requirements or preferences.

How is configuration useful?

Configuring Password Safe tailors the product to a user's specific needs.

How do I access the Configuration page?

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click .
    The Configuration page displays.

The Configuration page

Password Safe for Cloud Configuration Page
  1. Left menu: Easy access to all pages in BeyondInsight/Password Safe, including the Home, Assets, Smart Rules, Discovery Scanner, Management Systems, Managed Accounts, Password Safe, Secrets Safe , Analytics and Reporting, Configuration, and About pages.
  2. Header: Navigate to your favorite pages, view your notifications, access your connected apps, and set your account preferences.
  1. Search: Search for a configuration item or
  2. Select a configuration item from the body of the page.

Configure a cloud connector

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.

  2. From the left menu, click .
    The Configuration page displays.

  3. Under General, select Connectors.
    The Connectors page displays.

  4. In the Connectors pane, click Create New Connector.

  5. Provide a name for the connector.

  6. Select a Connector Type from the list.

  7. Click Create Connector.

  8. Enter the connector information in the right pane:

    • For AWS cloud connections, required fields are: Region, Access Key ID, and Secret Access Key ID.

      Instances associated with the region are displayed in the Connection Test Results section.

    • For Azure, required fields are: Region, Client ID, Client Server, Tenant ID, and Subscription ID.

    • For Google Cloud, required fields are Server (the region), Project Name (the project ID), and the Key File. Upload the key that you downloaded from the Google Cloud.

    • Hyper-V server, required fields are: Server (IP address), Username, and Password.

    • For Rackspace, required fields are Account Type, Username, and API Key.

  9. After you configure the connector, click Test Connector to ensure the connector works.

  10. Click Create Connector.

After you create a cloud connector, you can run a scan and review the results to determine what cloud assets were discovered..

Cloud connector Smart Groups

You can create Smart Groups based on the cloud connectors that you are using.

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click .
    The Smart Rules page displays.
  3. Click Create Smart Rule.
  4. Select a category, and then enter a name and description.
  5. Under Selection Criteria, select Cloud Assets.
  6. Select the cloud connector type to filter on (AWS, Azure, Hyper-V).
  7. For AWS, click Select AWS Instance Types to pick specific instance types.
  8. For AWS, Azure, and Google, check the Use Private IP Address box to scan internal IP addresses.
  9. Under Actions, select Show asset as Smart Group.
  10. Click Create Smart Rule.

Configure BeyondInsight AWS connector

This section provides information on setting up an Amazon AWS connector, including details on the AWS configuration.

Set up a policy

  1. Log in to the AWS Management Console.
  2. Select Identity & Access Management.
  3. Select Policies from the Details menu.
  4. Select Create Policy.
  5. Select Create Your Own Policy.
  6. Enter a policy name and description.
  7. Paste the following JSON into Policy Document:
{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "elasticloadbalancing:DescribeLoadBalancers",
            "ec2:DescribeInstances",
            "ec2:DescribeRegions",
            "ec2:DescribeInstanceStatus",
            "ec2:DescribeImages"
        ],
        "Resource": "*"
    }
]
}

ℹ️

For "Resource": "*", you must determine what JSON is required for your current needs. You may also need a condition with this, such as if you want only the dev group to have access to certain instances.

Grant access to a third party (optional)

ℹ️

The ARN and External Name fields are for granting access to a third party. For more information, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.

After you configure the AWS settings, you can create the AWS Scan Target Collector connector and Smart Group in the BeyondInsight console.

ℹ️

When creating, editing, or viewing the connector, the Cloud Scan Targets grid only shows results immediately after a test is completed. The targets are not automatically loaded into the BeyondInsight UI each time the connector is viewed or edited.

Updated about 1 month ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.