DocumentationRelease Notes
Documentation

Accounts tab | PS Cloud

Suggest Edits

What is the Accounts tab?

The Accounts tab lists the managed accounts for which you have permissions to request access to retrieve passwords and start sessions.

How is it useful?

From this grid, you can initiate an access request for the listed accounts, streamlining the request process. By populating the grid with managed accounts, users can easily see which accounts are available and take action without needing to navigate to other areas of the console You can populate the list of managed accounts in the grid using any one of the following options:

  • Click the Browse by Category buttons: Favorites, Recently Used, Local Accounts, Domain Linked Accounts, and Applications, to filter the list by category.
  • Select filter criteria from the Filter by dropdown to filter by selected account properties.
  • Search for accounts using the Quick Filter option.
  • Click Load All Accounts to load all associated accounts.

How do I access the Accounts tab?

  1. Use a browser to sign in to your BeyondInsight/Password Safe URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click .
    The Password Safe home page displays.
  3. Click the Accounts tab.
    The Accounts grid displays.

ℹ️

  • For optimum efficiency, the web portal screen resolution should be no less than 1280 × 800 pixels.
  • When you first log in to the Password Safe web portal, no accounts are available in the Favorites grid. Click the star next to any account to add it to the Favorites grid. Click Refresh above the grid to update the listed accounts.

The Accounts grid

Password Saffe Cloud Accounts tab
  1. Browse by different categories to filter results in the grid.
  2. Select Filter by to further filter results.
  3. Accounts grid.

Request a password release

To request a password release:

  1. Click to the right of the managed account.
    The Access panel displays.
  2. Select the Start Session tab.
  3. Enter a Reason for the password release.
  4. Select a ticket system and provide a ticket number if required.
  5. Check required options under Advanced Request Options.
  6. Click Start RDP Session. An RDP connection file downloads with a one-time use token that expires based on the Session Initialization timeout settings.
  7. Run the file to establish a connection to the target system.
  8. Enter the password that you use to authenticate into Password Safe.
  9. Click Access for the managed account for which you wish to request a password.
  10. From the Submit Request tab:
    • Set a start date and time for the password to be made available.
    • Set the length of time for the password to be available.
    • Check Password for the type of access you need.
    • Provide a reason for the request. The maximum allowed length is 200 characters.
    • Select a ticket system and provide a ticket number.

ℹ️

Reason, Ticket System, and Ticket Number fields might be optional or required, depending upon options configured in the access policy by your Password Safe administrator. Also, if your Password Safe administrator has set a specific ticket system in the access policy, you cannot select a different ticket system with your request.

  1. Click Submit Request. An email is sent to the approver if email notification is configured. You can view the status of your request from the Requests tab.

Retrieve a password

To retrieve a password:

  1. Click to the right of the managed account.
    The Access panel displays.
  2. Select the Start Session tab.
  3. Enter a Reason for the password retrieval.
  4. Select a ticket system and provide a ticket number if required.
  5. Check required options under Advanced Request Options.
  6. Click Retrieve Password to display the system account password.
  7. The password displays in a separate window. The visibility of the password might be limited, with a timer showing remaining time. Click Close Window to close the windows before the timeout.
  8. Click to copy the password to the clipboard.
  9. Use the password to log in to the system within the password release time period.

Retrieve a password using Quick Launch

If your access policy is configured for auto-approval for the managed system account you are accessing, Quick Launch is available and allows you to quickly retrieve the password for the managed account, bypassing the approval process. To use Quick Launch:

  1. Click to the right of the managed account.

  2. From the Quick Launch tab, click Retrieve Password.

  3. Click Show to display the password or click to copy it to the clipboard.

Request SSH or RDP Sessions

When configured by your Password Safe administrator, you can request access to a managed system using a remote session. Using the Password Safe request and approval system, you can request remote sessions that use RDP and SSH connection types.

Password Safe acts as a proxy, providing session management to target systems. No passwords are transmitted, allowing inherently secure session management. The below sections detail how to request and start sessions in Password Safe.

Request an RDP session

  1. Click to the right of the managed account.
    The Access panel displays.
  2. Select the Start Session tab.
  3. Enter a Reason for the RDP session.
  4. Select a ticket system and provide a ticket number if required.
  5. Check required options under Advanced Request Options.
  6. Click Start RDP Session. An RDP connection file downloads with a one-time use token that expires based on the Session Initialization timeout settings. Run the file to establish a connection to the target system.
  7. Enter the password that you use to authenticate into Password Safe.
  8. Click Access to the right of the managed account to request a session.
  9. From the Submit Request tab:
    • Set a session start date and time that corresponds with the access policy and is outside of a scheduled maintenance window.
    • Set the length of time for the session.
    • Check RDP Session for the type of access you need.
    • Provide a reason for the request. The maximum allowed length is 200 characters.
    • Select a ticket system and provide a ticket number.

ℹ️

Reason, Ticket System, and Ticket Number fields may be optional or required, depending upon options configured in the access policy by your Password Safe administrator. Also, if your Password Safe administrator has set a specific ticket system in the access policy, you cannot select a different ticket system with your request.

  1. Click Submit Request. An email is sent to the approver if email notification is configured.

Use Direct Connect for RDP session

You can also use the Direct Connect feature to initiate an RDP session. As the requester, you can access the system without ever viewing the managed account's credentials.

To use Direct Connect, you must download the RDP file from the Password Safe web portal. This is a one-time download. Each account and system combination requires that you download the unique RDP file associated with it.

If the requestor is granted approval for RDP sessions, a message displays, stating, Request requires approval. If the request is not approved within 5 minutes, this connection will close. After five minutes, the RDP client disconnects, and then you can send another connection request. When the request is approved, you are automatically connected.

To initiate a Direct Connect RDP session:

  1. Click to the right of the managed account.
    The Access panel displays.
  2. Select the Start Session tab.
  3. Enter a Reason for the direct connect session.
  4. Select a ticket system and provide a ticket number if required.
  5. Check required options under Advanced Request Options.
  6. Click Start RDP Session. An RDP connection file downloads with a one-time use token that expires based on the Session Initialization timeout settings. Run the file to establish a connection to the target system.
  7. Run the file to establish a connection to the target system.
  8. Enter the password that you use to authenticate into Password Safe.
  9. Find the account in the list. Click Access to the right of the managed account to request a session.
  10. From the Direct Connect tab, click Download RDP File.
  11. Run the file to establish a connection to the target system.
  12. Enter your password that you use to authenticate into Password Safe.

ℹ️

  • RDP Direct Connect supports only push two-factor authentication. An access-challenge response is not supported.
  • LDAP users that use the mail account naming attribute cannot use RDP Direct Connect.

Start an RDP session without submitting a request

Users who have permissions to bypass the request and approval process for accessing the managed system and Password Safe administrators are able to start sessions and retrieve passwords immediately from the Start Session tab. The Start Session tab does not display for users who do not have permissions to bypass the request and approval process. To start the session:

  1. Click to the right of the managed account.
    The Access panel displays.
  2. Select the Start Session tab.
  3. Enter a Reason for the RDP session.
  4. Select a ticket system and provide a ticket number if required.
  5. Check required options under Advanced Request Options.
  6. Click Start RDP Session. An RDP connection file downloads with a one-time use token that expires based on the Session Initialization timeout settings. Run the file to establish a connection to the target system.
  7. Run the file to establish a connection to the target system.
  8. Enter the password that you use to authenticate into Password Safe.

SSH Direct Connect

Using an SSH client, a user can use the Password Safe Request and Approval system for SSH remote connections. The requester's information, including the Reason and the Request Duration, are auto-populated with default Password Safe settings.

To access a managed account or application using Direct Connect, the requester has to connect to Password Safe's SSH Proxy using a custom SSH connection string with one of the following formats:

  • For UPN credentials: 
    <Requester>+<Username@Domain>+<System Name>@<Password Safe>
  • For down-level logon names\non-domain credentials: 
    <Requester>@<Domain\\Username>@<System Name>@<Password Safe>

You can override the default SSH port and enter port 4422. The requester is then prompted to enter their password, which they use to authenticate with Password Safe.

  • For UPN credentials: 
    ssh -p 4422 <Requester>+<Username@Domain>+<System Name>@<Password Safe>
  • For down-level logon names\non-domain credentials: 
    ssh -p 4422 <Requester>@<Domain\\Username>@<System Name>@<Password Safe>
  • For an SSH application: 
    ssh -p 4422 <Requester>@<Account name>:<Application alias>@<System name>@<Password Safe>

Once the requester is authenticated, they are immediately connected to the desired machine.

Updated 14 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.