DocumentationRelease Notes
Log In
Documentation

Account Policies

Suggest Edits

What are account policies?

Vault account policies define settings related to password rotation, credential checkout, and other account management rules for Vault accounts. These policies can be applied to multiple accounts simultaneously, simplifying the management of account security settings.

Multiple account policies that apply to a single Vault account are applied in the following order, from top to bottom:

  • The account policy associated with the Vault account
  • The account policy associated with the Vault's account group
  • The global default account policy settings

If multiple account policies define a setting, then the value from the first applied policy is used.

How are account policies useful to my organization?

Vault account policies ensure consistent application of security settings across multiple accounts, reducing administrative effort and ensuring compliance with organizational security requirements. By applying policies in a defined order, organizations can prioritize specific settings for individual accounts or groups, while still retaining a global default for broader governance. This hierarchical approach provides flexibility in managing account security.

How do I access the Account Policies page?

  1. Use a Chromium-based browser to sign in to your Remote Support URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click Vault.
    The Accounts page opens and displays by default.
  3. At the top of the page, click Account Policies.
    The Account Policies page displays.

Account policies

Add, view, and manage account policies.

Add account policy

Click Add to add an account policy.

Copy account policy

Click Copy to copy an existing account policy.

Edit account policy

Click Edit to modify an existing account policy.

Add account policy

Add a new account policy.

Display name

Enter a name for the account policy.

Code name

Set a code name for integration purposes. If you do not set a code name, Remote Support creates one automatically.

Description

Enter a brief and memorable description of the account policy.

Permissions

Automatic password management

Scheduled password rotation rules

  • Select Allow to schedule passwords for Vault accounts to automatically rotate when the password reaches a specified maximum age.
  • Select Deny to disable scheduled password rotation for Vault accounts.

Maximum password age

If scheduled password rotation is enabled, specify the maximum number of days a password can be in place for Vault accounts before it is automatically rotated.

Account settings

Automatically rotate credentials after check in rules

  • Select Allow to automatically rotate passwords after a credential is checked in.
  • Select Deny to disable the automatic rotation of passwords after a credential is checked in.

Allow simultaneous checkout rules

  • Select Allow to enable the ability for Vault credentials to be checked out simultaneously.
  • Select Deny to disable the ability for Vault credentials to be checked out simultaneously.

ℹ️

Note

If a setting in an account policy is not defined, it inherits the settings from the global default account policy, configured from the Vault > Options page in /login.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.