Documentation

Accounts | Insights

Suggest Edits

What is the Accounts page?

The Accounts page provides a view into the registered accounts associated with any registered connectors. View Accounts by source, linked identities, amount of privileged access, and more.

Accounts are displayed in order of privileged access and associated key entitlements. Privilege is sorted by Highest, High, Moderate, Low, None, and Undetermined, and is based on each account's administration and access capabilities.

How is it useful?

Use the Accounts page to discover which accounts possess high-level or administrative privileges, track membership in security groups or role access, and view areas of potential risk and remediation in the Detections and Recommendations columns.

The Accounts page

  1. Navigation menu: Access BeyondTrust apps and their menus, and Pathfinder administration pages if you are assigned as an administrator.
  2. Header: Select a site or Administration from the menu, manage your profile, and change the display theme.
  3. Controls: Click Controls to expand and set filters to narrow your results. Click Reset Filters to remove all filters from your results.
Controls list

  • Account Name: Type in the Search box to start a search or, optionally, select a filter.

  • Provider: Enter or select a provider name in the Providers list.

  • Type: The list varies and depends on what Insights discovers in the configured environments.

  • Direct Privilege: Enter or select a Direct Privilege value. Direct privileges are the inherent rights of an account.

  • True Privilege: Enter or select a True Privilege value. True Privilege is the full scope of access an account could potentially gain.

  • Label: Enter or select a label name in the Labels list.

  • State: Select Activated or Deactivated in the State list.

  • Dormant: The number of days an account has been dormant. Dormant accounts are active accounts that have not been used in 60 or more days.

  1. Bookmark, Filter, and Export settings: Add bookmarks to save a view, create a filter, and export the current view to a PDF file.
  2. Account list columns:
Column names

  • Account name: The name of the user account.

  • Provider: The source of the data discovered by Insights.

  • Type: The user type.

  • True Privilege: True Privilege is the full scope of access an account could potentially gain.

  • Labels: Labels on the account such as Human, External user, and Dormant.

  • State: The state of the account, Activated or Deactivated.

  • Dormant Days: The number of days the account has been inactive.

  • Key Entitlements: Displays the number of entitlements on the account. Filter on a particular number to narrow the scope of accounts displayed.

  • Detections: Displays the number of detections on the account. Enter a number to filter the accounts displayed.

  • Recommendations: Displays the number of recommendations on the account. Enter a number to filter the accounts displayed.

View the account panel

Click an account name to open the side panel. The panel summarizes the account status, source, and assigned privilege, as well as a description of the detection. It also includes additional attributes, depending on the account source.

  • Detections tab: A ranking of any areas of risk, according to possible severity. Click any individual detection to view detailed results to understand both the risk and its importance or severity.
  • Entitlements tab: At-a-glance access to the account's entitlements, enabling you to quickly identify areas of potential risk or elevated privilege.
  • Recommendations tab: A list of security posture recommendations that are available to mediate risk.

True Privilege graph

If an account is linked to an identity, the True Privilege graph displays. True Privilege represents the level of access, either direct or indirect, to key entitlements or other high privileged accounts. Access can be gained from misconfigurations or permission inheritance.

Click .

Click any node to open a side panel with detailed information.

  • Identities: The starting point for the graph, represented by a thumbprint.
  • Accounts: The accounts the identity is linked to, represented by a profile.
  • Entitlements: The high and highest entitlements the linked accounts hold.
  • Escalations: Linked from entitlements via an orange line. Includes users, groups, containers, organizations, computers, policies, and more.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.