What are domains in Vault?

In Vault, domains represent the logical grouping of systems based on common attributes, such as network or organizational structure. Domains help organize and manage the access to accounts and resources within Vault.

How are domains useful in Vault?

Domains enable Vault administrators to organize endpoints and accounts more efficiently, making it easier to manage access and apply policies. By grouping systems into domains, administrators can streamline access controls and ensure that appropriate policies are enforced across related systems and accounts.

How do I access the Domains page?

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Privileged Remote Access > Vault.
    The Vault page opens and the Accounts tab displays by default.
  3. Click the Domains tab.
    The Domains tab displays.

The Domains page


  1. Left menu: Easy access to all pages in Privilege Remote Access, including Home, Status, Consoles & Downloads, My Account, Configuration, Jump, Vault, Console Settings, Users & Security, Reports, Management, and Appliance pages.

  2. Status: Takes you to the Status page.

  3. Header: Change tenant site and obtain user profile setting information.

  4. Add:- Adds a new domain.

  5. Domain columns: The list of Domains columns.

    Domains columns
    • Domain Name: Unique name of the account.
    • JumpPoint: The name of the JumPoint account.
    • Managment Account: The domain account name. For example, [email protected]
  6. List options- You can discover, edit or delete a domain.

  7. Add-Adds a new Entra ID Service Principal account.

  8. Microsoft Entra ID Service Principals columns The list of Microsoft Entra ID Service Principals columns.

    Microsoft Entra ID Service Principals columns
    • Domain Name: The Domain name of the account.
    • Name: Internal descriptive name to easily identify the Service Principal.
    • Tenant ID: The ID of the tenant.
    • Status: The status of the principal account. If the attributes were incorrectly added and saved, the status shows as disabled or failed.

Add a domain

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Privileged Remote Access > Vault.
    The Vault page opens and the Accounts tab displays by default.
  3. Click the Domains tab.
    The Domains tab displays.
  4. Click the Add button.
    The Add Domain page displays.
  5. In the DNS Name of the Domain field, enter a valid fully qualified DNS name for the domain you are performing the discovery action on.
  6. In the Jumpoint field, view the Jumpoint used to discover accounts and endpoints on the domain.
  7. For Management Account, this account is used to connect and perform the discovery of accounts and endpoints of the specified domain. You can choose to use a new account, which requires a Username, Password, and Password Confirmation or choose to use an existing account discovered from a previous job or added manually in the Accounts section where is the name of your domain you want to discover.

📘

Note

This account should be a functional account and only requires password change and reset permissions.


Schedule domain discovery

To enable scheduled discovery, click the Enable Scheduled Discovery checkbox.

  1. Select the day of the week and time you want the discovery job to run.
  2. Select the objects you want Vault to discover:
    • Domain Accounts
    • Endpoints
    • Local Accounts
    • Services

❗️

Important

In order to discover Services, you must also discover domain accounts, endpoints, and local accounts. Only Windows accounts are discovered.

You can enter a Search Path, or leave it blank to search all OUs and containers. You can also use an LDAP Query to narrow the scope of user accounts and endpoints searched.

Edit a domain

From a domain list, select the appropriate domain and then click the pencil to edit. Make your changes, and then click Save.


Delete

To delete a domain from the Domains list, click the trash can.

Add a Microsoft Entra ID Service Principal

To create an Entra ID Service Principal, see Register a Microsoft Entra app and create a service principal.


©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.