Documentation

Use credential rules

Suggest Edits

Use credential rules to apply default credentials to hosts either directly or using a range of IP addresses. When a credential rule is applied to a host, administrators no longer need to enter a user name / password credential; instead, the system evaluates the rules and selects a credential to use with the host.

There are two types of rules: host and network.

Multiple rules can apply to a single host. In terms of rule precedence, a host specific rule (bound by host ID) is used in preference to all others rules that might be applied to that host.

For either host or network rules, a privilege escalation method can be saved with the authentication credential. Actions that require elevated privilege take advantage of this saved method. Applying delegation to a host is optional.

Credentials must already be created on the Credentials page so they are available to select when creating a rule.

One-click actions

Using default credentials enables one-click actions; you can select an action on a host without entering a user name and password. Running a host profile is an example of an action that can be selected without providing the host credential.

Add a network credential rule

A network credential rule applies to an IP range added using CIDR notation.

  1. Go to the Hosts page, and then select Credential Rules.
  2. Click the Network Rules tab.
  3. Click Add New Credential Rule.
  4. Enter the IP address range following the CIDR notation format. For example, 10.100.1.0/24.
  5. Select a logon credential from the list.
  6. Select a delegation strategy and corresponding credential.
  7. Click Create Credential Rule.

Add a host credential rule

A host credential rule applies to specific hosts. Add the host name or IP address of the host. A credential rule is created for each host. A host using a default credential configured does not require a credential when running actions.

  1. Go to the Hosts page, and then select Credential Rules.
  2. Click the Host Rules tab.
  3. Click Create New Credential Rule.
  4. Search for hosts using either host name or IP address filters.
  5. Select a login credential from the list.
  6. Select a delegation strategy and corresponding credential.
  7. Click Create Credential Rule.

Delete a credential rule

You can delete a credential rule when it is no longer required.

  1. Go to the Hosts page, and then select Credential Rules.
  2. Click the tab for the credential rule type.
  3. Select the rule, and then click Delete Credential Rule.

ℹ️

Note

If you remove a credential from the Host Credentials page, then any credential rules using that credential are also deleted.

View credential rules on a host

You can view a list of all credential rules assigned to a host on the Host Details page. You can also create and change the host rule. Only one host rule is permitted for a host.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.