DocumentationAPI ReferenceRelease Notes
Documentation
Start typing to search…

Password Safe for Mobile App Users

What is the Password Safe Mobile App?

The Password Safe Mobile App offers secure, on-the-go access to your privileged credentials, secrets, and Workforce Passwords, all from your mobile device.

How is it useful?

With the app, you can:

  • Request access to privileged credentials.
  • Approve access requests.
  • Streamline your daily workflows with simplified privileged management - anytime, anywhere.

How do you access the app?

  1. From the login screen, enter your BeyondTrust site hostname,
  2. Follow the instruction at Supported Platforms & Login URLs.
  3. Enter the username and password associated with your BeyondTrust user account, and then tap Login.

Sign in to the Password Safe using SAML for mobile

SAML for mobile provides an easy and secure method for authenticating to the Password Safe. To learn more about SAML single sign-on, see Security Assertion Markup Language. Follow the steps below to log into the mobile app using SAML.

  1. From the login screen, select SAML. You are presented with your SAML provider's page.
  2. On your provider's page, enter your credentials.
ℹ️

Before attempting to log into the mobile app using SAML, verify that a SAML provider has been configured for your /login administrative environment:

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click .
    The Configuration page displays.
  3. Under Authentication Management, select SAML Configuration.

If SAML is not configured in /login, SAML is not available as an authentication method for the Password Safe web console. To learn more about integrating SAML single sign-on into your BeyondTrust Password Safe SAML generic security provider, see Configure SAML in BeyondInsight.

Prerequisites

Before using the mobile app, ensure that :

  • You have Password Safe version 25.1 or later installed.
  • Managed Accounts must be enabled for API access in order to appear in the mobile app.
ℹ️

For more information on enabling managed accounts, see Enable API setting for Managed Accounts.

Key Features

The following features are available in the mobile app.

Password Safe (Read-Only)

  • View a list of managed accounts
  • Use filtering options for quick navigation
  • Request access and approve credentials
  • Check out passwords
  • Manage your favorites

Secrets Safe

  • View list of Secret Safes
  • Browse folders and secrets
  • Search for safes and individual secrets
  • View secret details
  • Create credentials and text-based secrets
  • Use password injection and autofill functionality
ℹ️

Some mobile app-specific settings can be configured via the Password Safe Configuration page. For more information, see the Password Safe Configuration Guide.

User Management Requirements

Mobile app users must have the following Password Safe user management features, depending on their access requirements. This does not apply to administrators.

  • Mobile App (must have)
  • Password Safe Configuration Management
  • Password Safe Domain Management
  • Password Safe System Management
  • Secret Safe Access
  • Workforce Passwords

Supported Platforms & Login URLs

The Password Safe Mobile App supports all deployment types.

Login URLs by Deployment Type:

  • Pathfinder Users: Use beyondtrust.io. This appears as a dropdown option during login.
  • Cloud Users: Use your cloud instance URL, e.g., your-instance.ps.beyondtrustcloud.com.
  • On-Premises Users: Use the IP address or hostname of your Password Safe instance.

Ensure the mobile app can access the URL over HTTPS, and that your instance has a valid SSL certificate trusted by mobile devices.

Using TOTP codes with Managed Account credentials

TOTP for Managed Accounts now allows you to copy a one-time code to your clipboard for use alongside the associated credential.

🚧

Important information

This feature only works with BIPS 25.3 or later.

With TOTP enabled, you can perform the following actions:

Visibility and Access

The TOTP field, reveal (eye) icon, and copy icon are displayed only for managed accounts with TOTP configured and only to users with an approved, active request for that account.

Default Display

The TOTP area initially shows masked content (that is, ••••••) along with a progress bar and/or numeric countdown indicating the remaining seconds.

Reveal Code

Clicking the eye icon immediately reveals the current TOTP code. TOTP secrets and codes are never written to logs or telemetry.

Expiration Behavior

After a code expires, it is masked again. To view the next code, click the eye icon.

Copy to Clipboard

Clicking the copy icon copies the currently visible code to the operating system clipboard and displays a temporary confirmation message.

For more information about TOTP and how to configure Managed Accounts, see Enable TOTP for Managed Accounts.

Updated 14 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.