If this is an on-premises deployment, you can only see the reporting features in the admin portal. The user portal does not have the admin functions enabled and therefore cannot give visibility to them.

I have a 3-node architecture. users.vault.com for end users to retrieve their secrets. It includes Password Safe and Secrets Safe.

admins.vault.com which includes everything a user has access to. The users portal is a 2-node cluster and the admin portal is the standalone appliance with the admin console enabled.

You CANNOT have SAML for both. So, in my deployment, only those users requiring the use of the admin portal have username and password with mandatory TOTP enabled. Everyone else just has a SAML logon.

This architecture is also required for the manual rotation of passwords since the Account Management tab also requires the admin portal.

BeyondTrust, at the time of my deployment, did not support the admin console on more than 1 appliance, though I’ve not looked into that since the original deployment last year.