DocumentationRelease Notes
Log In
Documentation

QUICK START

Suggest Edits

What is Password Safe?

BeyondTrust Password Safe (PS) is your Just-in-Time (JIT) privileged access management solution that ensures your resources are protected from insider threats.

How is it useful?

Password Safe allows you to have complete visibility and control of privileged credentials and secrets used by human and non-human users, in a single solution. With Password Safe, you can:

  • Secure privileged accounts, applications, SSH keys, cloud admin accounts, DevOps secrets, service accounts and more, with a searchable audit trail for compliance and forensics.
  • Scan, identify, and profile all assets for automated onboarding, ensuring no credentials are left unmanaged.
  • Monitor and record live sessions in real time and pause or terminate suspicious sessions.
  • Use Secrets Safe to empower your teams with the confidence to securely develop and deploy cloud solutions.
  • Leverage Workforce Passwords to bring enterprise-level visibility, security, audit support, and ease of use to business application password management.

How do I access Password Safe?

  1. Open a browser and enter the URL for your Password Safe instance: https:///WebConsole/index.html.

ℹ️

Note

You may need to accept a pre-login message, if one has been configured on your instance.

  1. Enter your username and password. The default username is Administrator, and the password is the administrator password you set in the initialization email.
  2. If applicable, select a domain or LDAP Server from the Log in to list.

ℹ️

Note

The Log in to list is only displayed on the Login page when there are either AD or LDAP user groups created in BeyondInsight. The Log in to list is displayed by default, but may be disabled / enabled by an admin user by toggling the Show list of domains/LDAP servers on login page setting from Configuration > System > Site Options page.

  1. Click Log In.
  2. To log in using SAML Authentication, click the Use SAML Authentication link below the Log In button. You are redirected to the single sign-on access site for the default SAML identity provider configured by your administrator in BeyondInsight.

ℹ️

Note

  • If the initial login attempt fails, and two-factor authentication (2FA) is enabled, the user is taken to the 2FA page for security reasons.
  • When working in the console, the times displayed match the web browser on the local computer unless stated otherwise.

The admin credentials used to log in for the first time are configured during the installation process and depend on the type of authentication configured in BeyondInsight.

ℹ️

Note

For more information on configuring Password Safe authentication, see Authentication for BeyondInsight and Password Safe.

Updated 10 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.