DocumentationRelease Notes
Documentation

Password Safe agents | PS Cloud

Suggest Edits

What is the password change agent?

Occasionally, passwords must be changed to guarantee system security. Password Safe automatic password changes are controlled by the change agent that runs as a service on the U-Series Appliance.

How is it useful?

The password change agent ensures that password changes are securely managed without the risk of human error. When the change agent runs, it checks the configuration to determine operational parameters of the U-Series Appliance. Logs provide a record of the change agent activities and messages, and indicate success or failure.

Configure the password change agent

The following overview explains how the change agent runs:

  1. The change agent retrieves a process batch from the database. A process batch consists of one or more managed accounts that have been flagged for a password change.
  2. The passwords are changed on the managed accounts, and the change is recorded.
  3. The change agent waits a set period of time for a response from the change job and moves to the next process batch in the database batch.

Recommendations

To maximize efficiency, we recommend a small batch size (such as 5) and a short cycle time (such as 60 seconds). If a password change fails, the change agent reprocesses it according to the retry value in the change agent settings.

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click .
    The Configuration page displays.
  3. Under Privileged Access Management Agents, select Password Change Agent.
    The Password Change Agent page displays.
  4. Set the following:
    • Enable Password Change Agent: Leave enabled to activate the agent when Password Safe starts.
    • Retry failed changes after (minutes): The amount of time before a failed password change is tried again.
    • Maximum retries: The maximum number of times an attempt is made to change the password after a failed password change attempt occurs.
    • Unlimited Retries: Enable to allow retries when a password change attempt fails.
  5. Click Save.

Configure the password test agent

The password test agent allows you to manually test all managed accounts and functional accounts. The test ensures that there is an open connection between the assets and Password Safe. A notification email is sent.

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click .
    The Configuration page displays.
  3. Under Privileged Access Management Agents, select Password Test Agent.
    The Password Test Agent page displays.
  4. Check the Enable Password Test Agent box.
  5. Set the schedule.
  6. Click Save.

Updated about 2 months ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.