DocumentationRelease Notes
Log In
Documentation

Options

Suggest Edits

What are options in Vault?

Options in Vault allow administrators to configure and customize settings related to how Vault operates, including security, access controls, and management preferences for storing and handling credentials.

How are options useful in Vault?

Options provide flexibility for administrators to tailor Vault's behavior to meet specific organizational needs. Configuring options ensures that Vault aligns with internal security policies, compliance requirements, and user access needs, making credential management more efficient and secure.

How do I access the Options page?

  1. Use a Chromium-based browser to sign in to your Remote Support URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click Vault.
    The Accounts page opens and displays by default.
  3. At the top of the page, click Options.
    The Options page displays.

Global options

Configure the settings for the global default account policy.

The global default account policy must define an option for each setting. If an account does not have a setting defined using a specific policy, it inherits the policy from the account group. If the account group does not have a setting defined using a specific policy, it inherits the policy from the global default account policy.

Automatic password management

Scheduled password rotation rules

  • Select Allow to schedule passwords for Vault accounts to automatically rotate when the password reaches a specified maximum age.
  • Select Deny to disable scheduled password rotation for Vault accounts.

Maximum password age

If scheduled password rotation is enabled, specify the maximum number of days a password can be in place for Vault accounts before it is automatically rotated.

Account settings

Automatically rotate credentials after check in rules

  • Select Allow to automatically rotate passwords after a credential is checked in.
  • Select Deny to disable the automatic rotation of passwords after a credential is checked in.

Allow simultaneous checkout rules

  • Select Allow to enable the ability for Vault credentials to be checked out simultaneously.
  • Select Deny to disable the ability for Vault credentials to be checked out simultaneously.

Generated passwords for account rotation

Define the length of passwords generated during account rotation for domain and local accounts. You may set a minimum length of 20 characters and a maximum length of 256 characters.

ℹ️

Note

Password lengths do not apply to SSH and personal accounts.

Password length

Set the minimum and maximum number of characters allowed for the password generated during manual, automatic, and scheduled password rotation for accounts that are rotated through Windows API (non-Microsoft Entra ID accounts).

Password length of Microsoft Entra ID DS accounts

Set the minimum and maximum number of characters allowed for the password generated during password rotation of Microsoft Entra ID Domain Services accounts through MS Graph API.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.