Create and edit directory credentials | PS Pathfinder

What is a directory credential?

A directory credential is a username and password (or other authentication data) that provides access to an account within a directory service, such as Microsoft Active Directory (AD), LDAP, or Azure AD.

How is it useful?

Directory credentials make it easier and safer to control who can access what within an organization, while enabling automation and compliance through integration with products like Password Safe.

A directory credential is required for querying Active Directory (AD), Entra ID, and LDAP. It is also required for adding AD, Entra ID, and LDAP groups and users in BeyondInsight. Follow the steps below for creating each type of directory credential.

Create a directory credential in Password Safe

1. At the top left of the page, click > Password Safe > Configuration.
   The Configurationpage displays.
2. Under Role Based Access, click Directory Credentials.
3. Click + Create New Directory Credential.
4. Select the Directory Type and follow the steps below that are applicable for that type.

Create an Active Directory credential

1. Select Active Directory for the Directory Type.
2. Provide a name for the credential.
3. Enter the name of the domain where the directory and user credentials reside.
4. Enable the Use SSL option to use a secure connection when accessing the directory.

ℹ️

If Use SSL is enabled, SSL authentication must also be enabled in the Password Safe configuration tool.

5. Enter the credentials for the account that has permissions to query the directory.
6. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
7. Click Create Credential.

Create an LDAP credential

1. Select LDAP for the Directory Type.
2. Provide a name for the credential.
3. Enter the name of the LDAP server where the directory and user credentials reside.
4. Enable the Use SSL option to use a secure connection when accessing the directory.

ℹ️

If Use SSL is enabled, SSL authentication must also be enabled in the Password Safe configuration tool.

5. Enter the credentials for the account that has permissions to query the directory.
6. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
7. Click Create Credential.

Create an Entra ID credential

1. Select Microsoft Entra ID for the Directory Type.
2. Select a credential scope: Public or US Government (supports Azure GCC High). The scope cannot be changed after the directory credential is created.
3. Provide a name for the credential.
4. Paste the Client ID, Tenant ID, and Client Secret that you copied when registering the application in your Entra ID tenant.

ℹ️

Only one credential is supported per Entra ID tenant.

5. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
6. Click Save Credential.

Edit a directory credential

1. At the top left of the page, click > Password Safe > Configuration.
   The Configurationpage displays.
2. Under Role Based Access, click Directory Credentials.
3. Locate the credential in the grid.
4. Click > Edit.
5. Make the changes required.

ℹ️

For AD or LDAP credentials, if you change the Domain or LDAP Server, enable or disable the Use SSL option, or update the Username or Bind DN, you must change the password. Click Change Password to display fields to enter and confirm the new password.

6. Click Test Credential to ensure the edited credential can successfully authenticate with the domain or domain controller before saving the credential.
7. Click Save Credential.