DocumentationAPI ReferenceRelease Notes
Documentation

Account Policies | RS Pathfinder

Suggest Edits

What are account policies?

Vault account policies define settings related to password rotation, credential checkout, and other account management rules for Vault accounts. These policies can be applied to multiple accounts simultaneously, simplifying the management of account security settings.

Multiple account policies that apply to a single Vault account are applied in the following order, from top to bottom:

  • The account policy associated with the Vault account
  • The account policy associated with the Vault's account group
  • The global default account policy settings

If multiple account policies define a setting, then the value from the first applied policy is used.

⚠️

Important info

The global default account policy must define an option for each setting. If an account does not have a setting defined using a specific policy, it inherits the policy from the account group. If the account group does not have a setting defined using a specific policy, it inherits the policy from the global default account policy.

If multiple account policies define a setting, then the value from the first applied policy is used.

How are account policies useful to my organization?

Vault account policies ensure consistent application of security settings across multiple accounts, reducing administrative effort and ensuring compliance with organizational security requirements. By applying policies in a defined order, organizations can prioritize specific settings for individual accounts or groups, while still retaining a global default for broader governance. This hierarchical approach provides flexibility in managing account security.

How do I access the Account Policies page?

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the left menu, click Remote Support > Vault.
    The Vault page opens and the Accounts tab displays by default.
  3. At the top of the page, click Account Policies.
    The Account Policies page displays.

The Account Policies page


  1. Left menu: Easy access to all pages in Remote Support, including Status, Consoles & Downloads, My Account, Configuration, Jump, Vault, Console Settings, Users & Security, Reports, Public Portals, Dashboards, Management, and Appliance pages.
  2. Status: Opens the Status page.
  3. Header: Change your tenant site, manage your profile, and access documentation.

  1. Add: Adds a new Account Policy.

  2. List option: Click Expand All to get detailed information about the policy. The default value is collapse.

  3. Account Policies columns: The list of columns varies on what you choose to display.

    Account Policies columns
    • Display Name: Unique name of the account.
    • Code Name: Set a code name for integration purposes. If you do not set a code name, one is created automatically.
    • Description: A brief description of the Account Policy.

  4. Account Policies options: Copy an account policy, edit an account policy or delete an account policy.

Add an account policy

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.

  2. From the main menu, click Remote Support > Vault.
    The Vault page opens and the Accounts tab displays by default.

  3. Click the Account Policies tab.
    The Account Policies tab displays.

  4. Click Add.

  5. In the Name field, enter a name for the account.

  6. In the Code Name field, create a code name for integration purposes. If you do not set a code name, one is created automatically.

  7. In the Description field, enter a useful description for the account.

  8. Set your Permissions.

    Scheduled Password Rotation Rules
    • Not Defined: Uses the default Global setting.
    • Allow: When this option is set, if the account policy is connected with an account or account group, the credentials rotate after the set maximum password age.
    • Deny: When this option is set, if the account policy is connected with an account or account group, the credentials do not rotate after the set maximum password age.

    Automatically Rotate Credentials after Check in Rules
    • Not Defined: Uses the default Global setting.
    • Allow: When this option is set, if the account policy is connected with an account or account group, the credentials auto rotates when account is checked in.
    • Deny: When this option is set, if the account policy is connected with an account or account group, the credentials do not auto rotate when account is checked in.

    9. Allow Simultaneous Check Out Rules
    • Not Defined: Uses the default Global setting.
    • Allow: When this option is set, if the account policy is connected with an account or account group, the credentials can be checked out simultaneously by multiple users.
    • Deny: When this option is set, if the account policy is connected with an account or account group, the credentials cannot be checked out simultaneously by multiple users.

  1. In the Allowed Users section, add a user and select their Vault role from the New Member Role dropdown, and then click Add. Users can be assigned one of two member roles:

    • Inject: Users with this role can use this account in Secure Remote Access sessions (default value).
    • Inject and Checkout: Users with this role can use this account in Secure Remote Access sessions and can check out the account on Support for Admins. The Checkout permission has no effect on generic SSH accounts.

  2. Click Save.

After an account policy is created, it is listed in the grid on the Account Policies page. You can copy or edit any of the listed polices by clicking the Copy or Edit button for the policy in the grid and modifying the settings as required.

ℹ️

If a setting in an account policy is not defined, it inherits the settings from the global default account policy, configured from the Vault > Options page.

Copy an account policy

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.

  2. From the main menu, click Remote Support > Vault.
    The Vault page opens and the Accounts tab displays by default.

  3. Click the Account Policies tab.
    The Account Policies tab displays.

  4. Select an existing policy in the list, click to copy.

  5. The Add Account Policy page displays.

  6. Make the necessary changes, and then click Save.

Edit an account policy

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.

  2. From the main menu, click Remote Support > Vault.
    The Vault page opens and the Accounts tab displays by default.

  3. Click the Account Policies tab.
    The Account Policies tab displays.

  4. Select an existing policy in the list, click the pencil .

  5. The Edit Policy page displays.

  6. Make the necessary changes and then click Save.

Delete an account policy

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.

  2. From the main menu, click Remote Support > Vault.
    The Vault page opens and the Accounts tab displays by default.

  3. Click the Account Policies tab.
    The Account Policies tab displays.

  4. Select an existing policy in the list, click the trash can to delete the account policy.

  5. A confirmation dialog box appears, click Yes.

Updated about 1 month ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.