DocumentationAPI ReferenceRelease Notes
Documentation
Start typing to search…

Vault | PRA On-prem

How do I access the Vault page?

  1. Use a Chromium-based browser to sign in to your Privileged Remote Access URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click Vault.
    The Accounts page opens and displays by default.

The Vault page

  1. Add: Adds a new vault account.

  2. Rotate: Rotates privileged credentials. You must select an existing account in the list for Rotate to become available.

  3. Shared: Use this tab to manually create a credential account. This account can be used by all users who have been assigned to the account with the Inject or the Inject and Check Out Vault account role.

  4. Personal: Use this tab to create a personal account. This account can be used only by the account owner (the user who created the account). You can create up to 50 personal accounts.

  5. Filter: Select a Name, Description, or Endpoint to search a Shared account. Select a Name or Description to search a Personal account.

  6. Vault Account list columns: The list varies depending on the type of account you are using. Not all columns are displayed.

    Shared account columns
    • Type: The type of account (that is, generic password, single token, private key, etc.).
    • Name: Unique name of the account.
    • Username: The username of the account.
    • Group: The name of the group you want the account to be in.
    • Endpoint: The size of the policy (in KB).
    • Account Policy: Select an existing policy or specify a custom policy.
    • Last Checkout: Display when date/time when the policy was last checked out.
    • Password Age: Displays the age of the policy.
    Personal account columns
    • Name: Unique name of the account.
    • Owner: The owner name of the account.
    • Description: Unique description of the account.
    • Password Age: Displays the age of the policy.
    Status column

    A Status column displays when at least one of the accounts has a warning, error, or checked-out status to indicate. Accounts managed by Entra ID are identified in the Status column, as well as an alert if there is no service principal for the account. Accounts that run a Windows service are indicated as Service Account in the Status column. Multiple statuses for an account are stacked and displayed in different colors. You can hover over a specific status to view more details about it.

ℹ️

Click Select visible columns above the grid to customize the columns displayed in the grid.

The Status column is auto hidden when none of the accounts have a status set.

Information about Vault Accounts

ℹ️

Vault can import, rotate, and manage up to 100,000 accounts.

Updated about 2 months ago

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.