Welcome to BeyondInsight (BI) | BI On-prem

What is BeyondInsight (BI)?

BeyondInsight is a central management, policy, reporting, and analytics console for many products within the BeyondInsight portfolio.

How is it useful?

BeyondInsight enables IT and security professionals to collaboratively reduce user-based risks, mitigate threats to information assets, address security exposures across large, diverse IT environments, and comply with internal, industry, and government mandates.

ℹ️

When working in BeyondInsight, times and time zones match the web browser on the local computer unless stated otherwise.

How do I access BeyondInsight?

After accepting the email invite and activating your access to BeyondInsight, you can sign in using your credentials. The admin credentials used to log in for the first time are configured during the installation process and depend on the type of authentication configured in BeyondInsight.

Sign in with a username and password

1. Open a browser and enter the URL for your Password Safe instance: https:///WebConsole/index.html.
2. Enter your username and password.
3. If applicable, select a domain or LDAP Server from the Log in to list.

   ℹ️

   The Log in to list displays on the Login page when there are either AD or LDAP user groups created in BeyondInsight. Administrators can enable or disable the display of this list to their users.

You are automatically signed in, and the BeyondInsight Home page displays.

Sign in with passwordless FIDO2

1. Open a browser and enter the URL for your Password Safe instance: https:///WebConsole/index.html.
2. Enter your username and password.
3. Click Log in.
4. Follow the on-screen prompts.

Sign in using SAML authentication

1. Open a browser and enter the URL for your Password Safe instance: https:///WebConsole/index.html.
2. Enter your username and password.
3. Below the Log In button, click Use SAML Authentication link.
   The single sign-on access site for the default SAML identity provider configured by your administrator displays.

ℹ️

If your initial SAML login attempt fails, and two-factor authentication (2FA) is enabled, you are redirected to the 2FA page for security reasons.

Change login passwords

Users can maintain the security and control of their account and protect it against unauthorized access. If you are logging in with a BeyondInsight local user account, you can change your password from the Account Settings page.

You cannot update your password if you are logging in with Active Directory, LDAP, or Entra ID credentials, or if your account is locked out.

1. In the header, located in the top-right corner of the console, click .
2. Click Account Settings.
3. From the My Account panel, select Change Password.
4. Enter your current password.
5. Enter your new password and confirm it.
6. Click Change Password.

Reset your password

If you forget your console password, you can reset it when logging in:

1. Open a browser and enter the URL for your Password Safe instance: https:///WebConsole/index.html.
2. Click the Forgot Password link.
3. Enter your username.
4. Click Reset Password. An email containing a reset link is sent to the address associated with your username.
5. Click the link in the email to be taken to the Enter New Password page, where you can change your password.

ℹ️

Resetting the console password is not available to users logging in with Active Directory, LDAP, or Entra ID credentials.

Reconfigure two-factor authenticator

Users can maintain the security and control of their account and protect it against unauthorized access. If you are logging in with a BeyondInsight local user account that has two-factor authentication enabled and registered with a device, you can update the authenticator app from the Account Settings page.

You cannot update the authenticator if you are logging in with Active Directory, LDAP, or Entra ID credentials, or if your account is locked out.

1. In the header, located in the top-right corner of the console, click .
2. Click Account Settings.
3. Click Account Settings.
4. In the My Account panel, select Two-Factor Authentication.
5. Click Replace Authenticator App.
6. Click Reconfigure Authenticator App to register a new authenticator app.

Register Passwordless Authenticators

Users can maintain the security and control of their account and protect it against unauthorized access. If you are logging in with a BeyondInsight local user account, and if passwordless authentication is enabled for your BeyondInsight instance, you can register FIDO2-certified authenticators from the Account Settings page.

ℹ️

Passwordless authentication is available only for local BeyondInsight users. Support for Active Directory, LDAP, and Entra ID directory users is planned for a future release.

1. In the header, located in the top-right corner of the console, click .
2. Click Account Settings.
3. In the My Account panel, select Passwordless Authentication.
4. Click + Register FIDO2 Authenticator.
5. Select the type of authenticator you wish to register: Roaming or Platform.
6. Enter a unique name for your authenticator.
7. Enter your BeyondInsight account password.
8. Click Continue and follow your browser's instructions.

Manage your FIDO2 authenticators

1. In the header, located in the top-right corner of the console, click .
2. Click Account Settings.
3. In the My Account panel, select Passwordless Authentication.
4. Locate the listed authenticator in the grid.
5. Click > Edit to update the name for the authenticator.
6. Click > Delete to remove the authenticator.

Select a display language

The Password Safe web portal can be displayed in the following languages:

• English
• French
• German
• Japanese
• Korean
• Portuguese
• Spanish

If your BeyondInsight administrator has the option enabled, you can select a language from the list on the Log In page or by clicking the Profile and preferences button, and then selecting it from the Language list.

ℹ️

If no languages are available, please contact your BeyondInsight administrator.