DocumentationRelease Notes
Documentation

Create and edit directory credentials | BI Cloud

Suggest Edits

What is a directory credential?

A directory credential is a username and password (or other authentication data) that provides access to an account within a directory service, such as Microsoft Active Directory (AD), LDAP, or Azure AD.

How is it useful?

Directory credentials make it easier and safer to control who can access what within an organization, while enabling automation and compliance through integration with products like Password Safe.

A directory credential is required for querying Active Directory (AD), Entra ID, and LDAP. It is also required for adding AD, Entra ID, and LDAP groups and users in BeyondInsight. Follow the steps below for creating each type of directory credential.

Create a directory credential

To create a directory credential in BeyondInsight:

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click .
    The Configuration page displays.
  3. Under Role Based Access, select Directory Credentials.
    The Directory Credentials page displays.
  4. Click + Create New Directory Credential.
  5. Select the Directory Type and follow the steps below that are applicable for that type.

Create an Active Directory credential

  1. Under Directory Type, select Active Directory.
  2. Provide a title for the credential.
  3. Enter the name of the domain where the directory and user credentials reside.
  4. Enable the Use SSL option to use a secure connection when accessing the directory.

ℹ️

If Use SSL is enabled, SSL authentication must also be enabled in the BeyondInsight configuration tool.

  1. Enter the credentials for the account that has permissions to query the directory.
  2. Enable the Use Group Resolution option to use this credential for resolving groups from the directory.

ℹ️

Only one credential can be set for group resolution per domain or server.

  1. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Create Credential.

Create an LDAP credential

  1. Under Directory Type, select LDAP.
  2. Provide a name for the credential.
  3. Enter the name of the LDAP server where the directory and user credentials reside.
  4. Enable the Use SSL option to use a secure connection when accessing the directory.

ℹ️

If Use SSL is enabled, SSL authentication must also be enabled in the BeyondInsight configuration tool.

  1. Enter the credentials for the account that has permissions to query the directory.
  2. Enable the Use Group Resolution option to use this credential for resolving groups from the directory.

ℹ️

Only one credential can be set for group resolution per LDAP server.

  1. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Create Credential.

Create an Entra ID credential

  1. Under Directory Type, select Microsoft Entra ID.
  2. Select a credential scope: Public or US Government (supports Azure GCC High). The scope cannot be changed after the directory credential is created.
  3. Provide a name for the credential.
  4. Paste the Client ID, Tenant ID, and Client Secret that you copied when registering the application in your Entra ID tenant.
  5. Enable the Use Group Resolution option to use this credential for resolving groups from the directory.

ℹ️

Only one credential is supported per Entra ID tenant.

  1. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Save Credential.

Edit a directory credential

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click .
    The Configuration page displays.
  3. Under Role Based Access, select Directory Credentials.
    The Directory Credentials page displays.
  4. Locate the directory credential in the grid.
  5. Click > Edit.
  6. Make the necessary changes.

ℹ️

For AD or LDAP credentials, if you change the Domain or LDAP Server, enable or disable the Use SSL option, or update the Username or Bind DN, you must change the password. Click Change Password to display fields to enter and confirm the new password.

  1. Click Test Credential to ensure the edited credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Save Credential.

Updated 3 months ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.