DocumentationRelease Notes
Log In
Documentation

Vault reports

Suggest Edits

What is Vault reporting?

Vault reporting provides insights into the activity and management of privileged accounts stored in BeyondTrust Vault. It tracks actions such as account checkouts, policy enforcement, and user interactions with Vault accounts.

How is Vault reporting useful?

Vault reporting helps administrators monitor account activity, ensure compliance with security policies, and identify potential risks or anomalies in account usage, ensuring secure and efficient management of privileged credentials.

How do I access the Vault page?

  1. Use a Chromium-based browser to sign in to your Remote Support URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click Reports.
    The Support page opens and displays by default.
  3. At the top of the page, click Vault.
    The Vault page displays.

How to generate a Vault report

Date range

Select a start date for which to pull reporting data. Then select either the number of days for which to pull your report or an end date.

Account

To see all events which involved a specific BeyondTrust Vault stored account, type in the account name, or select the account from the dynamic pop-up list.

Performed by

To see all events involving a specific user, type the username or part of it, and then select the user from list. To see all events performed by the system, click in the box, and then select System from the list. To see all events involving an API account, type api in the box, and then select the API account from the list.

ℹ️

Note

If a user has been anonymized in an effort to follow compliance standards, the Vault Account Activity report may display pseudonyms for user data or may indicate information has been deleted. To learn more about data anonymization and deletion for compliance efforts, see Compliance reports.

ℹ️

Note

For more information, please see the Vault guide.

Vault account activity report results

Because users can be granted separate access to use and check out accounts, the Vault Account Activity Report distinguishes between the two. This allows administrators to tell the difference between a user who is able to view the account's password and a user who is only able to inject credentials in a session.

In the Vault Account Activity Report, the Data column shows information associated with the event. The Credentials Checked Out event contains a Details link in the new Data column when credentials are checked out while in a session. This link redirects to the Support Session Detail Report in which the credentials were used.

ℹ️

Note

If the credentials are checked out from /login, then no Details link is present in the Data column.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.