DocumentationRelease Notes
Log In
Documentation

Password Safe on Pathfinder

Suggest Edits

What is Password Safe?

BeyondTrust Password Safe (PS) is your Just-in-Time (JIT) privileged access management solution that ensures your resources are protected from insider threats.

Password Safe on Pathfinder executes password and remote session requests and approvals.

How is it useful?

Password Safe enables you to have complete visibility and control of privileged credentials and secrets used by human and non-human users, in a single solution. With Password Safe, you can:

  • Secure privileged accounts, applications, SSH keys, cloud admin accounts, DevOps secrets, service accounts and more, with a searchable audit trail for compliance and forensics.
  • Scan, identify, and profile all assets for automated onboarding, ensuring no credentials are left unmanaged.
  • Monitor and record live sessions in real time and pause or terminate suspicious sessions.
  • Use Secrets Safe to empower your teams with the confidence to securely develop and deploy cloud solutions.
  • Leverage Workforce Passwords to bring enterprise-level visibility, security, audit support, and ease of use to business application password management.

How do I access Password Safe?

To access the Password Safe grid, log into Pathfinder, select Password Safe from your available products, and in the top left menu, select Password Safe. You can also select the Password Safe container card from the Password Safe Home page.

From the Password Safe menu, you can also view:

  • accounts
  • approvals
  • active sessions
  • completed sessions
  • admin sessions

The Password Safe page

  1. Tabs: View accounts, approvals, sessions, and admin sessions.
  2. Browse by Category: Browse by favorites, recently used, local accounts, directory linked accounts, and applications.
  3. Filter dropdown: Select an item in the filter dropdown to filter information.
  4. Password Safe grids: Displays information based on tab, category, and filter selections.
  5. Grid display preferences: Set display preferences on the Assets grid using the following options represented by icons above the grid:
    • Refresh: Refresh the grid display.
    • Download all: Download all assets in the grid to an Excel spreadsheet.
    • Columns Chooser: Select the columns to change the column headings and information displayed in the grid.
    • Grid Configuration: If available, choose the grid layout: Compact, Default, or Expanded.
    • Expand Grid: Enlarge the display area. When selected, the icon changes to Collapse Grid. Click it to collapse the grid back to its original display.

Password Safe Tabs

Accounts tab

The Accounts tab lists the managed accounts for which you have permissions to request access to retrieve passwords and start sessions. From this grid, you can initiate an access request for the listed accounts. From the Accounts tab, populate the list of managed accounts in the grid using any one of the following options:

  • Click the Browse by Category buttons: Favorites, Recently Used, Local Accounts, Domain Linked Accounts, and Applications, to filter the list by category.
  • Select filter criteria from the Filter by dropdown to filter by selected account properties.
  • Search for accounts using the Quick Filter option.
  • Click Load All Accounts to load all accounts in the organization.

ℹ️

Note

The Status column from the Local Accounts and Domain Linked Accounts grids was removed in Password Safe version 23.1. This column, now called Account Status, has been re-added in Password Safe version 23.3.

ℹ️

Note

For optimum efficiency, the web portal screen resolution should be no less than 1280 × 800 pixels.

ℹ️

Note

When you first log in to the Password Safe web portal, no accounts are available in the Favorites tab. Click the star next to the account to add it to the Favorites tab. Click Refresh above the grid to update the listed accounts.

Requests tab

The Requests tab displays for users who have been assigned the Requestors role for any managed systems in Password Safe. It lists all requests that you have made. You can filter by approved and pending requests and view the request details by clicking the vertical ellipsis for the request, and selecting View Request Details. You can also check-in a request by clicking on the vertical ellipsis for the request, and selecting Check-in Request.

Approvals tab

The Approvals tab displays for users who have been assigned the Approver role for any managed systems in Password Safe and for Password Safe administrators. Approvers can view all requests for managed systems for which they have been assigned the Approver role. Password Safe administrators can view all requests for all managed systems. You can filter the requests by approved and pending requests, view request details, and approve or deny requests.

To view details of the request, click the vertical ellipsis for the request, and then click View Request Details.

To approve or deny a request from the Approvals grid, click the vertical ellipsis for the request, and then click Approve Request or Deny Request.

Sessions tab

The Sessions tab is displayed for users who have been assigned one or both of the two session reviewer roles for any managed systems: Recorded session reviewer and Active session reviewer. Depending on the roles assigned to your user account, you can view active or completed sessions using the buttons above the grid. By default sessions for all protocols are displayed. You can filter the list of sessions to display only RDP or only SSH sessions using the Protocol dropdown.

To view details of a completed session or to view the session, click the vertical ellipsis for the session, and then select View Details or View Session as required.

To view, lock, or terminate an active session, click the vertical ellipsis for the session, and then click View Session, Lock Session, or Terminate Session as required.

ℹ️

Note

Admin sessions are listed in the grid only for users who have read permissions to the Password Safe Admin Session Reviewer feature, as assigned by your Password Safe administrator.

Admin Session tab

The Admin Sessions tab is displayed only for users who have full control permissions to the Password Safe Admin Session feature and for Password Safe administrators. Admin sessions allow you to open ad hoc RDP and SSH sessions without going through the request process and allow you to select a node associated with another region to act as a proxy for the session. This is useful in larger environments when assets you need to access are not in your region. From Admin Session tab, you can start a session immediately by completing the form and clicking Connect.

Change theme

You can change the theme for light to dark, or match the system theme.

  1. In the top-right corner of the console, click the Profile and preferences icon.
  2. Select your desired theme from the Theme dropdown. The theme automatically changes to the theme chosen.

Manage user profile

Users can maintain the security and control of their account and protect it against unauthorized access. If you are logging in with local user account, you can change your password from the Manage Profile page.

Change user information

  1. In the top-right corner of the console, click the Profile and preferences icon.
  2. Click Manage Profile.
  3. From the Manage Profile page, scroll to User Information.
  4. Update First Name and Last Name fields, and then click Save User Information.

Change your password

  1. In the top-right corner of the console, click the Profile and preferences icon.
  2. Click Manage Profile.
  3. From the Manage Profile page, scroll to Update Password.
  4. Enter your current password.
  5. Enter your new password and confirm it.
  6. Click Update Password.

Enable two-factor authentication

Users can maintain the security and control of their account and protect it against unauthorized access. If you are logging in with a BeyondInsight local user account that has two-factor authentication enabled and registered with a device, you can update the authenticator app from the Account Settings page.

You cannot update the authenticator if you are logging in with Active Directory, LDAP, or Entra ID credentials, or if your account is locked out.

  1. In the top-right corner of the console, click the Profile and preferences icon.

  2. Click Manage Profile.

  3. From the Manage Profile page, scroll to MFA.

  4. Scan the QR code using your authentication app.

  5. Follow the directions on the app to obtain a security code.

  6. Enter code.

  7. Click Enable MFA.

Updated 1 day ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.