Documentation

Accounts

Suggest Edits

What is the Accounts page?

The Accounts page provides a view into the registered accounts associated with any registered connectors. View Accounts by source, linked identities, amount of privileged access, and more.

Accounts are displayed in order of privileged access and associated key entitlements. Privilege is sorted by Highest, High, Moderate, Low, None, and Undetermined, and is based on each account's administration and access capabilities.

How is it useful?

Use the Accounts page to discover which accounts possess high-level or administrative privileges, track membership in security groups or role access, and view areas of potential risk and remediation in the Detections and Recommendations columns.

The Accounts page

  1. Administration menu: Access Pathfinder administration pages if you are assigned as an administrator.
  2. Header: Select a tenant or Administration from the menu, manage your profile, and change the display theme.
  3. Filters: Select a filter to refine your results. Click Reset Filters to remove all filters from your results. Click Add Filter to create a filter.
Filter types

  • Name: Enter a digit in the Accounts field and, optionally, select a filter. Filters include is equal to, is not equal to, Is greater than, Is greater than or equal to, Is less than, and Is less than or equal to.

  • Provider:Enter or select a provider name in the Providers list.

  • Type:Select Users, Service Principals, or Identity Center Users from the Type drop-down list.

  • Direct Privilege: Enter or select a Direct Privilege. Direct privileges are the inherent rights of an account.

  • True Privilege: Enter or select a True Privilege. True Privilege is the full scope of access an account could potentially gain. A True Privilege score shows what detections and recommendations put highly privileged accounts at risk.

  • Labels: Enter or select a label name in the Labels list. Filters include Brute force ongoing, Disabled, Dormant, Human, Human daily driver, and Password Safe managed.

  • State: Select Activated or Deactivated in the State list.

  • Detections: Enter a Detection Name and, optionally, select a filter. Filters include is equal to, is not equal to, Contains, Starts with, Ends with, and Does not contain.

  • Detections Severity: Select from Critical, High, Moderate, and Low.

  • Recommendations: Enter a number for the total number of recommendations associated with an account. Filters include is equal to, is not equal to, Is greater than, Is greater than or equal to, Is less than, and Is less than or equal to.

  • Recommendations Severity: Select from Critical, High, Moderate, and Low.

  • Recommendations Name: Filters include is equal to, is not equal to, Is greater than, Is greater than or equal to, Is less than, and Is less than or equal to.

  • Recommendation Status: Select from New, Ignored, False Positive, Resolved, and Under Review.

  • Location: Enter the Location name. Filters include is equal to, is not equal to, Contains, Starts with, Ends with, and Does not contain.

  • Dormant Days: The number of days an account has been dormant. Dormant accounts are active accounts that have not been used in 60 or more days.

  • Key Entitlements: Enter a number for the total number of key entitlements associated with an account. Filters include is equal to, is not equal to, Is greater than, Is greater than or equal to, Is less than, and Is less than or equal to.

  1. List options:  Click to refresh the list, to download the list to a .csv file, and to select which columns to display on the page.
  2. Account list columns:
Column names

  • Account name: The name of the user account.

  • Provider: The name of the connector.

  • Location: The location of the provider.

  • Type: The user type.

  • Direct Privilege: Direct privileges are the inherent rights of an account.

  • True Privilege: True Privilege is the full scope of access an account could potentially gain.

  • Labels: Labels on the account such as Human, External user, and Dormant.

  • State: The state of the account, Activated or Deactivated.

  • Dormant Days: The number of days the account has been inactive.

  • Key Entitlements: Displays the number of entitlements on the account. Filter on a particular number to narrow the scope of accounts displayed.

  • Detections: Displays the number of detections on the account. Enter a number to filter the accounts displayed.

  • Recommendations: Displays the number of recommendations on the account. Enter a number to filter the accounts displayed.

Search and filter results

On the Accounts page, search results display automatically as you add search terms and select options.

Use a Saved filter

Select a Saved filter from the drop-down list.

Create your own filter

  1. Click Add Filter.
    The Filter Detections dialog box displays.
  2. Select And or Or to determine how you want the saved filter to refine the first data set you're entering.
  3. Optionally, click Add Filter to add a new set of filtering criteria, and select your criteria from the drop-down menus.
  4. Optionally, click Add Group to add a group of additional filters to further refine your filtered criteria.
  5. Click Apply Filter.

Customize your recommendations display

Select which columns to view in your results list via the Columns icon and reorder your results by column:

  1. Click the column header to activate it.
  2. Click the arrow icon in the activated column to sort alphabetically or numerically.

View the Account Details page

Click an account name to open the Account Details page.

The Account Details page summarizes the account status, source, and assigned privilege, as well as a description of the detection. It also includes additional attributes, depending on the account source.

  • Entitlements tab: At-a-glance access to the account's entitlements, enabling you to quickly identify areas of potential risk or elevated privilege.
  • Detections tab: A ranking of any areas of risk, according to possible severity. Click any individual detection to view detailed results to understand both the risk and its importance or severity.
  • Recommendations tab: A list of security posture recommendations that are available to mediate risk.

True Privilege graph

If an account is linked to an identity, the True Privilege graph appears under Account Details. True Privilege represents the level of access, either direct or indirect, to key entitlements or other high privileged accounts. Access can be gained from misconfigurations or permission inheritance.

Click View True Privilege graph or the icon under the Actions column on the Identities grid to open the graph.

Switch between graph views by selecting Toggle orientation and Return to original graph. Toggle orientation shows the graph vertically, while the default or "original" view is vertical.

The graph is composed of nodes. Click any node to open a side panel with detailed information.

  • Identities: The starting point for the graph, represented by a thumbprint.
  • Accounts: The accounts the identity is linked to, represented by a profile.
  • Entitlements: The high and highest entitlements the linked accounts hold.
  • Escalations: Linked from entitlements via an orange line. Includes users, groups, containers, organizations, computers, policies, and more.

Updated 12 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.