DocumentationRelease Notes
Documentation

Map directory credentials to a domain | BI Cloud

Suggest Edits

What is a directory credential?

A directory credential is a username and password (or other authentication data) that provides access to an account within a directory service, such as Microsoft Active Directory (AD), LDAP, or Azure AD.

How is it mapping a directory credential useful?

Mapping a directory credential provides secure, automated, and fault-tolerant access to directory services, ensuring BeyondInsight can reliably authenticate users and manage accounts.

Domain management allows you to map a default primary directory credential and an optional fallback credential as preferred binding credentials used for account resolution against domains in your environment when logging in to BeyondInsight.

ℹ️

If credentials are not mapped, or both mapped credentials fail, BeyondInsight attempts login following the legacy process of not using mapped credentials.

Follow these steps to add or edit primary and secondary credentials for a domain:

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click .
    The Configuration page displays.
  3. Under Role Based Access, select Domain Management.
    The Domain Management page displays.
  4. Click Create New Domain + to create a new one.
  5. Provide the name of the domain or LDAP server.
  6. Select the type of platform.
  7. Select a Primary Credential from the dropdown.
  8. Select a Fallback Credential from the dropdown.
  9. Click Create Domain.
  10. To edit credentials for an existing domain, select the domain from the left pane, make your edits, and then click Save Domain.

ℹ️

Primary and fallback credentials can include Password Safe managed accounts.

When domain management is configured for a domain and user selects the domain when logging into BeyondInsight, the specified primary and fallback credentials are used to resolve their account. The credentials used for authentication are shown in the Login Details for the specific login activity on the Configuration > General > User Audits page.

Updated about 2 months ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.