DocumentationRelease Notes
Log In
Documentation

WORKFORCE PASSWORDS USER GUIDE

Suggest Edits

ℹ️

Note

In order to leverage Workforce Passwords, an additional license is required.

As enterprise applications continue to expand, so do access credentials for employees. Rather than using insecure credential storage methods, such as storing credentials on a desktop, in Notepad, or in an email, you can leverage Workforce Passwords within Password Safe as a secure enterprise credential storage method.

To enable Workforce Passwords, first click Configuration from the left sidebar. Under Role Based Access, click User Management. For the group you want to edit, click the vertical ellipsis, then select View Group Details. Under Group Details, click Features. From the Show dropdown, select either All Features or Disabled Features, then scroll down to Workforce Passwords and check the box. Click Assign Permissions above the grid. Select Assign Permissions Read Only or Assign Permissions Full Control.

Workforce Passwords provides a browser extension, available in Chrome, Edge, and Firefox, to seamlessly inject stored credentials for enterprise application URLs.

Once the extension is downloaded, you can access any credentials (with URLs) that are stored in Secrets Safe. You can manage your stored credentials by logging into Password Safe and also using the browser extension.

Workforce Passwords requires Password Safe 23.2 or a later release.

Manage credentials and folders in Secrets Safe

With Workforce Passwords, you have access to a Personal Folder located in Secrets Safe. Credentials within this folder are only accessible to you, the user who created them. Sub-folders can also be added within the Personal Folder. You can create multiple secrets within the Personal Folder or any of its sub-folders.

ℹ️

Note

Workforce Passwords should only be used for business credentials. Information stored in a personal folder is recoverable by an administrator of the site.

Add a new secret for Workforce Passwords

  1. Log in to Password Safe using the credentials and URL provided by your administrator.
  2. From the left menu, click Secrets Safe.
  3. Under Folders, select the Personal Folder or a sub-folder in which to create the secret.
  4. Under Secrets, click Add Secret, and then select one of the following:
    • Add Credential
    • Add File
    • Add Text
    • Import Secrets
  5. For Credential, File, and Text secret types:
    • Enter the following information in the Create New Secret form:
      • Title: Title of the secret.
      • Description: Description of the credential to highlight the use and purpose.
      • URL: The web address of the site you want to log in to.
      • Any other required information.
    • Click Create Secret to save the secret in the folder selected.
  6. For the Import Secret type:
    • Drag and drop the file into the Import CSV File box, or click in the box to select a file to upload.
    • Select a folder from the dropdown or create a new folder to save the secret to.
    • Click Import Secrets.

⚠️

Important

  • The CSV import functionality is only available if Workforce Passwords is enabled for the user
  • Import Secret file type must be CSV.
  • Files must be 200KB or less.
  • CSV files must contain the following:
    • CSV (comma is the only supported field separator)
    • a header row (the first row in the file is skipped and seconds are processed starting on line two)
    • Eight columns are required (not all columns are used): URL, Username, Password, TOTP (Not Used), Extra (Not Used), Name, Grouping (Not Used), and Fav (Not Used).

ℹ️

Note

You can either manually input a password or select Auto Generate under Set Password.

Add a sub-folder

  1. Under Folders, select your Personal Folder.
  2. Click Create New Folder.
  3. Give the folder a name, and then click Create Folder.
    Once the folder is created, a notification displays with the message that your folder has been created.
  4. Navigate to your Personal Folder to see your newly created sub-folder.

Setup Workforce Passwords browser extension

Add the Workforce Passwords extension

The Workforce Passwords extension is available in the Chrome Web Store, the Microsoft Edge Add-ons Store, and the Firefox Browser Add-ons Store.

To download from the Chrome Web Store:

  1. Navigate to the extension in the Chrome Web Store.
  2. Click the Add to Chrome button. 
  3. A pop up message asks if you want to Add BeyondTrust Workforce Passwords?. Click Add extension.
  4. A pop up message displays confirming the extension has been added to Chrome.
  5. To add the BeyondTrust Workforce Passwords icon to the toolbar:
    • Click the Extensions icon in the toolbar.
    • Click the Pin icon next to the BeyondTrust Workforce Passwords extension.
  6. The BeyondTrust Workforce Passwords icon displays in the toolbar.

To download from the Edge Add-ons Store:

  1. Navigate to the extension in the Edge Add-ons Store.
  2. Click the Get button. 
  3. A pop up message asks if you want to Add BeyondTrust Workforce Passwords to Microsoft Edge?. Click Add extension.
  4. A pop up message displays confirming the extension has been added to Edge.
  5. To add the BeyondTrust Workforce Passwords icon to the toolbar:
    • Click the Extensions icon in the toolbar.
    • Click the Show in toolbar icon next to the BeyondTrust Workforce Passwords extension.
  6. The BeyondTrust Workforce Passwords icon displays in the toolbar.

To download from the Firefox Add-ons Store:

  1. Navigate to the extension in the Firefox Browser Add-ons Store.
  2. Click the Add to Firefox button. 
  3. A pop up message asks if you want to Add BeyondTrust Workforce Passwords?. Click Add.
  4. A pop up message displays confirming the extension has been added. Click Okay.
  5. To add the BeyondTrust Workforce Passwords icon to the toolbar:
    • Click the Extensions icon in the toolbar.
    • Click the gear box icon next to the BeyondTrust Workforce Passwords extension.
    • Select the Pin to Toolbar menu option.
  6. The BeyondTrust Workforce Passwords icon displays in the toolbar.

ℹ️

Note

For version 23.3.0.2 of the Workforce Passwords browser extension and for Firefox browsers only, you must enable the Access your data for all websites permission for the extension before logging in to it.

  1. In your browser, click the Extensions icon in the toolbar, and then select Manage extensions.
  2. Click the ellipsis button for the BeyondTrust Workforce Passwords extension.
  3. Select Manage from the drop-down menu.
  4. Click the Permissions tab.
  5. Click the toggle to enable the Access your data for all websites permission.
  6. Refresh the browser to log in to the Workforce Passwords extension.

Log in to the browser extension

📘

Note

The following steps are based on the Chrome browser extension. Similar steps are used for the Edge and Firefox browser extensions.

You must authenticate through BeyondInsight to use Workforce Passwords. To do so, click the Workforce Passwords extension icon located in the toolbar, ensure you have input your Password Safe URL, and then use one of the following methods:

  • Use the Login button to launch the BeyondInsight login screen and input your credentials.
  • If an active authenticated BeyondInsight session is running that matches your Password Safe URL input, a Use Active Session button displays. Click the Use Active Session button to begin your Workforce Passwords session as that BeyondInsight user.
  1. In your browser, click the gray BeyondTrust Workforce Passwords icon in the toolbar.2_thumb_0_0.png)](../../resources/images/ps-user/ps-wp-login-23-2.png)
  2. If only a Log In button is available, enter the Password Safe URL and then click Log In.
  3. The standard log in screen for BeyondInsight and Password Safe displays. Enter the credentials provided by your administrator and then click Log In.This authenticates you to the site where your Workforce Passwords secrets are stored.
  4. If the Use Active Session button is available, click it to use the credentials from that session to sign you in to Workforce Passwords. You can also use the Login button from this dialog to use different login credentials.

ℹ️

Note

Ensure the Password Safe URL matches the SAML redirect URL; otherwise, the Workforce Passwords login does not work.

Upon successful log in, the Workforce Passwords browser extension icon in the toolbar changes from gray to orange.

Use the browser extension

Once the browser extension has been enabled and you have logged in to it, you can log into websites using your saved Workforce Passwords secrets.

  1. Click the orange BeyondTrust Workforce Passwords icon in the toolbar.
  2. Click the Personal Folder.
  3. Click the link for the credentialed site you want to access. You can also search for a secret using the Search Secret field.
  4. You are redirected to the URL saved to that credential.  
    • If one secret is saved with that URL, credentials are auto-injected.
    • If more than one secret is saved with that URL, select the appropriate credentials in the log in screen.
    • You can also copy and paste usernames and passwords into the log in screen using the Copy username and Copy password links available when accessing the credentialed site in the browser extension pop-out dialog.
  5. Once credentials are entered in the log in screen, click the Log In button to sign you in to your account associated with that URL.

Additional options

At the bottom of the browser extension Secrets pop-out dialog, you can also:

  • Synchronize to the most recently saved credentials by clicking the Last Synchronized ago link.
  • Go to the most recently logged in instance of a session by clicking the instance link.
  • Log out of the Workforce Passwords session.

ℹ️

Note

Automatic synchronization occurs only when logging in with the browser extension.

If a new secret is created, trigger a manual sync by clicking the Last Synchronized ago link.

If the link is not working, ensure you are running the latest version of the internet browser. If yes, log out of the Workforce Passwords browser extension and log back in.

Inline login

If you navigate to a website and have one or more valid credentials for that site, the orange BeyondTrust logo is embedded inline in the form field. Click the logo to bring up a list of available credentials to chose from. You also have the ability to create a new credential from here.

Click form field for menu

You can right-click on the form field to display a Workforce Passwords menu with different options, including Autofill with Workforce Passwords. From here you can autofill your credentials, or copy and paste username and password.

Enable keyboard accessibility

Keyboard accessibility is turned off by default. Enabling keyboard accessibility allows you to access the orange BeyondTrust logo located within form fields using your keyboard.

  1. Right-click the Workforce Passwords icon in the toolbar.
  2. Select Options. The BeyondTrust Workforce Passwords Options dialog displays.
  3. Check Enable keyboard support for inline form fields.

Set preferred language

On launch, Workforce Passwords attempts to use the browser's chosen language. If that language is not supported, Workforce Passwords remains in English. You can change your preferred language in several different ways.

To see available languages and make a change, set your preferred locale, as follows:

Via Workforce Passwords

  1. Right-click the Workforce Passwords icon in the toolbar.
  2. Select Options. The BeyondTrust Workforce Passwords Options dialog displays.
  3. Under Localization, select your language from the dropdown.

Via your Chrome browser

  1. Click the Extensions icon in the browser toolbar.
  2. Select Manage Extensions.
  3. Click the Change Language button in the notification displayed on the bottom left of the screen.

Via your Firefox browser

  1. Click the Extensions icon in the browser toolbar.
  2. Select Manage Extensions.
  3. Click the ellipsis to the right of the Workforce Passwords extension.
  4. Select Options.

Create, update, or delete credentials using the browser extension

Users with read/write access can create, update, or delete credentials using the Workforce Passwords Browser Extension.

Create credential

If you enter credentials that aren't recognized by Workforce Passwords, you are prompted to either add the credential or cancel. Click on the down arrow to display all editable credential fields.

Default values for these fields are pulled from the URL you want to log into. Editable fields are:

  • Title
  • URL

ℹ️

Note

A simple form of the URL for the site is stored by default. If the URL won’t work without the parts that are trimmed off, the credential won’t work by default. Edit the URL to include the full URL as required by the target site.

  • Username
  • Password

You can also select which folder to save the credentials to. Personal Folder is selected by default.

Once all credential information has been added, click Add Credential to save it, or Cancel to ignore the updates.

When you return to that URL and click on the orange icon in the Username field, the new credentials are available.

ℹ️

Note

Select Don’t prompt me to save credentials for this site to disable the prompt asking to save credentials. You can reverse this action by clicking Undo on the dialog.
To see a list of all sites with the save credentials prompt disabled, click on the orange icon next to the address bar and select Options. From here, you can remove that site from the list. It once again displays on the dialog.

Update credential

If you change a password for an already saved credential, you are prompted to update the password. Click Update Password or Cancel to cancel the update.

Delete credential

To delete credentials, click the orange icon in the toolbar, select the folder where the credentials are stored, select the credentials within that folder, and click Delete Credential. Confirm on the next dialog by clicking Delete or Cancel.

ℹ️

Note

Users with read-only access can delete credentials in their personal folder, but they cannot delete credentials from a shared folder if they are owned by another user.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.