Documentation

BeyondTrust Password Safe Cloud

Suggest Edits

You can connect Identity Security Insights to both cloud and on-premises instances of Password Safe to automatically scan for associated accounts and track your organization’s identities in summarized visualizations.

For Password Safe 24.1.1 and newer releases, when an Identity Security Insights connector installation key is enabled in Password Safe, discovery scan events are forwarded from the event service to Identity Security Insights. This provides visibility into possible attack paths, identity-based threats, and identity hygiene issues.

Create a new API registration in BeyondInsight

You can connect Identity Security Insights to both cloud and on-premises instances of Password Safe to automatically scan for associated accounts and track your organization’s identities in summarized visualizations.

To connect to Password Safe, Identity Security Insights requires you to create a new API registration in BeyondInsight:

  1. Log in to BeyondInsight.

  2. From the left menu, select Configuration > General > API Registrations.

  3. Click Create API Registration.

  4. Select API Key Policy from the dropdown.

  5. Enter the API's Details:.

    1. Enter a name for the new registration.
    2. Select your desired rule options.
    3. Optionally, check the User password required box to add a password for the connector.

  6. Add three Authentication Rules (one for each IP address required for Insights).

    1. Under Authentication Rules, click Add Authentication Rule.

    2. From the Type drop-down menu, select Single IP Address.

      1. For instances of Password Safe Cloud, add the following IP addresses:

        • US tenants:
          • 50.16.236.14
          • 54.163.153.193
          • 54.225.135.48
        • EU tenants:
          • 3.72.126.244
          • 3.78.41.126
          • 3.125.93.216
        • You can determine the location of your tenant by clicking Manage Tenants on the Insights Home page.

      2. For on-premises instances of Password Safe, authorize the IP address of the server where you will install the Insights Connector.

      3. Click Create Rule.

      4. Repeat this process for all remaining IP addresses.

The API Registration window in Password Safe Cloud
  1. On the registration's details page, check the Active box.
  2. Click Create Registration.
    The API is registered.

Create a new user in Password Safe

You can connect Identity Security Insights to both cloud and on-premises instances of Password Safe to automatically scan for associated accounts and track your organization’s identities in summarized visualizations.

To access account and identity information, Identity Security Insights requires you to create a user and group with properly provisioned roles within Password Safe.

ℹ️

Note

We recommend you create a new user dedicated to Identity Security Insights. Because this user allows Identity Security Insights to access Password Safe, we recommend creating a new, specific user for this purpose.
If you opt to use an existing user account, see Create and configure a new group.

  1. Log in to Password Safe.
  2. From the left menu, select Configuration > Role Based Access > User Management.
  3. Click Users.
  4. Click +Create New User.
  5.  Click Create a New User.
  6. Enter all Identification fields.
    These fields are required.
  7. Optionally, enter the user’s contact information.
  8. Select an Activation Date and an Expiration Date for the user account.
  9. Check User Active to activate the user account.
  10. Set Two-Factor Authentication to None.
  11. Click Create User.
    The user is created in Password Safe and ready for group assignment.

Create a new group in Password Safe

You can connect Identity Security Insights to both cloud and on-premises instances of Password Safe to automatically scan for associated accounts and track your organization’s identities in summarized visualizations.

To access account and identity information, Identity Security Insights requires you to create a user and group with properly provisioned roles within Password Safe.

ℹ️

Note

Because this user allows Identity Security Insights to access Password Safe, we recommend you create a new user for this purpose. To use an existing user, see step 4 below.

  1. Sign in to Password Safe.

  2. Create a new group in Password Safe.

    1. From the left menu, select Configuration > Role Based Access > User Management.
    2. Click Groups.
    3. Click +Create New Group.
    4.  Click Create a New Group.
    5.  Enter a group Name.
    6. Enter a group Description.
    7. Click Create Group.
      The group is created in Password Safe.

  3. Optionally but recommended, create a new user for the group.

  4. Assign the chosen user to the group.

    1. Under Group Details, select Users.
    2. From the Show drop-down list, select Users not assigned.
      A list of all users not currently assigned to a group displays.
    3. Locate the user you wish to add to the group.
    4. Click Assign User.
      The user assigns to the group.

  5. Configure API access for the group.

    1. Under Group Details, select API Registrations.
    2. Check the box next to the API registration created for Identity Security Insights.

  6. Assign features permissions to the group.

    1. Under Group Details, select Features.
    2. From the Show dropdown menu, select All Features.
    3. Select the following features:
      • Analytics and Reporting
      • Asset Management
      • Password Safe Account Management
      • Password Safe Role Management
      • Password Safe System Management
      • Ticket System
      • User Accounts Management
    4. Click Assign Permissions >  Assign Permissions Read Only.
    5. Click User Audits > Assign Permissions Full Control.

  7. Assign Smart Groups permissions and roles to the group.

    1. Under Group Details, select Smart Groups.
    2. From the Show dropdown menu, select All Smart Groups.
    3. Select the All Assets Smart Group.
    4. Click Assign Permissions above the grid, and select Assign Permissions Read Only.
    5. Click the vertical ellipsis button for the All Assets Smart Group.
    6. Select Edit Password Safe Roles.
    7. Check the Auditor box.
    8. Click Save Roles.

Create a new Password Safe Cloud connector

You can connect Identity Security Insights to both cloud and on-premises instances of Password Safe to automatically scan for associated accounts and track your organization’s identities in summarized visualizations.

For Password Safe 24.1.1 and newer releases, when an Identity Security Insights connector installation key is enabled in Password Safe, discovery scan events are forwarded from the event service to Identity Security Insights. This provides visibility into possible attack paths, identity-based threats, and identity hygiene issues.

  1. Ensure you've registered your API in BeyondInsight.

  2. Ensure you've created a user, and assigned that user to a properly-provisioned group, within Password Safe.

  3. In Identity Security Insights, navigate to your Tenant dashboard.

  4. In the header, click Menu > Connectors.
    The Connectors page displays with the Configured tab open by default.

  5. Click the Available tab.
    All available connector types display.

  6. Locate Password Safe Cloud in the list.

  7. Click + Create Connector.
    The Create Password Safe Cloud Connector panel displays.

  8. Enter the connector details.

    1. Enter a Name for your Password Safe Cloud connector.
    2. Ensure Password Safe Cloud is configured to perform scans.
    3. Enter your Password Safe Cloud Domain (such as https://company.ps.beyondtrustcloud.com).
    4. Enter the API key created during API registration.
    5. From the drop-down list, select:
      • Yes if the User password required option is selected in Password Safe Cloud.
      • No if the User password required option is not selected in Password Safe Cloud.
        • To check your Password Safe Cloud password setting:
          1. In the Password Safe Cloud left menu, click Configuration > General > API Registrations.
          2. In the Details panel, in the Authentication Rules Options section, note if the User password required option is selected.
    6. Enter the username added to the Password Safe group made for Identity Security Insights.

  9. Click Create Connector.
    An installation key displays for the connector.

  10. Copy the installation key.
    Do not close the connector before you have enabled it in Password Safe in the below steps.

  11. Configure and enable the installation key for Password Safe 24.1.1 and newer releases.

    1. Open Password Safe Cloud.
    2. From the left menu, click Configuration > Identity Security Insights > Connect to Identity Security Insights.
      The Identity Security Insights page displays.
    3. In the Connector Key field, input the installation key you copied in step 10 above.
    4. Click Update Settings.
    5. Confirm the toggle is Enabled.

  12. Optionally, verify the connector in Identity Security Insights.

    1. From the top left menu in Identity Security Insights, click Connectors > Configured.
    2. Locate Password Safe Cloud in the list.
    3. Click Icon > View Connector.
    4. Review any connector settings.

Create a new Password Safe on-premises connector

You can connect Identity Security Insights to both cloud and on-premises instances of Password Safe to automatically scan for associated accounts and track your organization’s identities in summarized visualizations.

For Password Safe 24.1.1 and newer releases, when an Identity Security Insights connector installation key is enabled in Password Safe, discovery scan events are forwarded from the event service to Identity Security Insights. This provides visibility into possible attack paths, identity-based threats, and identity hygiene issues.

  1. Ensure you've registered your API in BeyondInsight.

  2. Ensure you've created a user, and assigned that user to a properly-provisioned group, within Password Safe.

  3. Navigate to your Tenant dashboard.

  4. In the header, click Menu > Connectors.
    The Connectors page displays with the Configured tab open by default.

  5. Click the Available tab.
    All available connector types display.

  6. Locate Insights Collector in the list.

  7. Click + Create Connector.
    The Create Insights Collector panel displays.

  8. Enter a Name for your Password Safe on-premises connector.

  9. Click Create Connector.
    The installation key generates and displays in the panel.

  10. Copy the installation key.
    Do not close the connector before completing all of the below steps. The installation key is required for installing the collector and for configuring the Connector Key in Password Safe.

  11. From the Create Insights Collector panel, download the installer, and then run it on the same server as the Password Safe application.

  12. During installation, enter the connector details.

    1. Paste in the Installation Key you copied from step 10 above.
    2. Enter your Password Safe URL (such as https:///).
    3. Enter the API key created during API registration.
    4. Enter the Password Safe Username for the user account you created and assigned to a properly-provisioned group, within Password Safe.
    5. Enter the Password Safe User Password for the account, if the User password required option is selected in Password Safe. To check your Password Safe password setting:
      1. In the Password Safe left menu, click Configuration > General > API Registrations.
      2. In the Details panel, in the Authentication Rules Options section, note if the User password required option is selected.

  13. Configure and enable the installation key for Password Safe 24.1.1 and newer releases.

    1. Open Password Safe.
    2. From the Password Safe left menu, click Configuration > Identity Security Insights > Connect to Identity Security Insights.
      The Identity Security Insights page displays.
    3. In the Connector Key field, input the installation key you copied in step 10 above.
    4. Click Update Settings.
    5. Confirm the toggle is Enabled.

  14. In Identity Security Insights, in the Create Insights Collector panel, click Close Key.

  15. In the confirmation message, click Close Credentials.

  16. Optionally, verify the connector in Identity Security Insights.

    1. From the top left menu in Identity Security Insights, click Connectors > Configured.
    2. Locate Insights Collector in the list.
    3. Click Icon > View Connector.
    4. Review any connector settings.

Updated 18 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.