DocumentationRelease Notes
Documentation

Configure passwordless authentication | BI Cloud

Suggest Edits

What is passwordless authentication?

Passwordless authentication is a method of verifying a user’s identity without requiring a traditional password.

How is it useful?

Passwordless authentication strengthens security, simplifies login, and reduces administrative effort, all while protecting against one of the biggest weaknesses in cybersecurity, passwords.

BeyondTrust supports FIDO2-certified authenticators to securely log in to BeyondInsight without entering your password. Roaming authenticators, such as YubiKeys, and platform integrated biometric authenticators, such as Windows Hello are supported.

ℹ️

Passwordless authentication is available only for local BeyondInsight users. Support for Active Directory, LDAP, and Entra ID directory users is planned for a future release.

Enable passwordless authentication

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click .
    The Configuration page displays.
  3. Under Authentication Management, select Authentication Options.
    The Authentication Options page displays.
  4. Under Passwordless Authentication:
    • Select the Default Authentication Method. This sets the default method displayed when logging into the console.
    • Check Enable Passwordless FIDO2 Authentication to enable it for BeyondInsight instance.
    • Click Update Passwordless Authentication Settings to save.

Register a passwordless authenticator

  1. In the top-right corner of the console, click > Account Settings.
    The Account Settings page displays.
  2. Under My Account, click Passwordless Authentication.
  3. Click + Register FIDO2 Authenticator.
  4. Select the type of authenticator you wish to register: Roaming or Platform.
  5. Enter a unique name for your authenticator.
  6. Enter your BeyondInsight account password.
  7. Click Continue and follow your browser's instructions.

View and manage passwordless authenticators for users

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click .
    The Configuration page displays.
  3. Under Role Based Access, select User Management.
    The User Management page displays.
  4. Select the Users tab.
  5. Click above the grid.
  6. Select Passwordless FIDO2 Authenticators from the list to add that column to the grid.
  7. The number of FIDO2 authenticators for each user is displayed in the column.
  8. Locate a user in the grid.
  9. Click > View User Details.
  10. Under User Details, select FIDO2 Authenticators.
  11. From the FIDO2 Authenticators grid, you can see the type of authenticator for each user, along with when it was registered, and last used.

Delete an authenticator for a user

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click .
    The Configuration page displays.
  3. Under Role Based Access, select User Management.
    The User Management page displays.
  4. Select the Users tab.
  5. Locate a user in the grid.
  6. Click > View User Details.
  7. Under User Details, select FIDO2 Authenticators.
  8. Locate the authenticator name in the grid.
  9. Click > Delete.

Updated 2 months ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.