DocumentationAPI ReferenceRelease Notes
Documentation

Configure passwordless authentication | BI On-prem

What is passwordless authentication?

Passwordless authentication is a method of verifying a user’s identity without requiring a traditional password.

How is it useful?

Passwordless authentication strengthens security, simplifies login, and reduces administrative effort, all while protecting against one of the biggest weaknesses in cybersecurity, passwords.

BeyondTrust supports FIDO2-certified authenticators to securely log in to BeyondInsight without entering your password. Roaming authenticators, such as YubiKeys, and platform integrated biometric authenticators, such as Windows Hello are supported.

ℹ️

Passwordless authentication is available only for local BeyondInsight users. Support for Active Directory, LDAP, and Entra ID directory users is planned for a future release.

Enable passwordless authentication

  1. Open a browser and enter the URL for your Password Safe instance: https://<hostname>/WebConsole/index.html.

  2. Enter your username and password.

  3. From the left menu, click Configuration icon.
    The Configuration page displays.

  4. Under Authentication Management, select Authentication Options.
    The Authentication Options page displays.

  5. Under Passwordless Authentication:

    • Select the Default Authentication Method. This sets the default method displayed when logging into the console.

    • Check Enable Passwordless FIDO2 Authentication to enable it for BeyondInsight instance.

    • Click Update Passwordless Authentication Settings to save.

      The Passwordless Authentication settings screen shows a dropdown labeled “Default Authentication Method,” set to “Username & Password.” Below it, a checked option labeled “Enable Passwordless FIDO2 Authentication” is displayed. A Save button appears at the bottom.

Register a passwordless authenticator

  1. In the top-right corner of the console, click Profile icon > Account Settings.
    The Account Settings page displays.

  2. Under My Account, click Passwordless Authentication.

  3. Click + Register FIDO2 Authenticator.

    The Passwordless Authentication section of the My Account page is selected in the left menu. On the right, the Authenticators panel displays a button labeled “Register FIDO2 Authenticator.” The table below shows zero items with columns for Authenticator Name, Authenticator Type, Registered, and Last Used.

  4. Select the type of authenticator you wish to register: Roaming or Platform.

  5. Enter a unique name for your authenticator.

  6. Enter your BeyondInsight account password.

  7. Click Continue and follow your browser's instructions.

    The “Register FIDO2 Authenticator” screen displays two authenticator type options: Roaming, which describes external FIDO2 security keys, and Platform, which describes built‑in biometric authenticators. The Roaming option is selected. Below the options are fields for Authenticator Name and Account Password. At the bottom are Continue and Cancel buttons.

View and manage passwordless authenticators for users

  1. Open a browser and enter the URL for your Password Safe instance: https://<hostname>/WebConsole/index.html.
  2. Enter your username and password.
  3. From the left menu, click Configuration icon.
    The Configuration page displays.
  4. Under Role Based Access, select User Management.
    The User Management page displays.
  5. Select the Users tab.
  6. Click Main menu icon above the grid.
  7. Select Passwordless FIDO2 Authenticators from the list to add that column to the grid.
  8. The number of FIDO2 authenticators for each user is displayed in the column.
  9. Locate a user in the grid.
  10. Click Ellipsis icon > View User Details.
  11. Under User Details, select FIDO2 Authenticators.
  12. From the FIDO2 Authenticators grid, you can see the type of authenticator for each user, along with when it was registered, and last used.

Delete an authenticator for a user

  1. Open a browser and enter the URL for your Password Safe instance: https://<hostname>/WebConsole/index.html.
  2. Enter your username and password.
  3. From the left menu, click Configuration icon.
    The Configuration page displays.
  4. Under Role Based Access, select User Management.
    The User Management page displays.
  5. Select the Users tab.
  6. Locate a user in the grid.
  7. Click Ellipsis icon > View User Details.
  8. Under User Details, select FIDO2 Authenticators.
  9. Locate the authenticator name in the grid.
  10. Click Ellipsis icon > Delete.

Updated 21 days ago

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.