Recently active topics

We have a requirement to onboard Cisco devices into Password Safe. For privilege escalation, we need to use the 'enable' secret. The non-privileged user account and the enable secret use separate passwords.Is there a way to manage this scenario in Password Safe?

Hi Everyone , For our Password Safe cloud instance,  We have created the Mainframe system and onboarded the accounts on it . On this account under password safe, we have enabled check password and enabled “reset password on mismatch” option.However when the password of account is changed outside of Password Safe i. e directly on Mainframe system, at that time , even though reset password on mismatch is enabled on account under password safe, doesn’t trigger the password change option and hence password remain mismatched unless Admin reset is manually .My requirement , If password of account managed in password safe, gets changed outside of BT, then password should get reset under BT as well. At any given point , BT should have the correct password .Can anyone please let me know how to achieve this? With current setup I have done , what’s the thing I am missing ? Thanks in Advance. Regards,Imran

trying to scan SQL server databases getting all the databases but no local accounts any help will be greatly appreciated

In AWS, we created a Global Accelerator service and associated the Windows machines used by the Risk-Team with this accelerator service.Then, the Risk Team will access the Windows machine using the IP provided by the acceleration service.In terms of user experience, it is much smoother than directly connecting to a Windows machine, and it is convenient to operate on a Windows machine.However, after connecting to the Windows machine via PRA-Console, the fluidity decreases, operations become sluggish, which is not conducive to data processing actions. So, I would like to know if PRA has its own built-in acceleration service. Or, can I configure AWS Global Accelerator for PRA? This would improve the user experience for staff working in China.

Hello everyone,We have encountered a challenging requirement during our discovery scans for a range of IP addresses. In the scan results, some assets appear with their asset names as IP addresses instead of hostnames.We need to filter out these assets and prevent them from being added to Password Safe. Does anyone know how we can filter out assets without hostnames that are still being added to Password Safe? Thank you,Prasad

Hi everyone,We’re currently working on implementing BeyondTrust Password Safe Cloud in a multi-tiered architecture and are looking for detailed documentation or a white paper that outlines recommended setup for Data Center (DC), Disaster Recovery (DR), and UAT environments.If anyone has access to or has previously received the official BeyondTrust Password Safe Cloud architecture white paper ?Appreciate any pointers from the community 🙏

I am getting an invalid credential when launching a web application. I tested the managed account and password is correct but when I inject this using the ps_automate, it comes up with an invalid credential. I have also added the “FixupPassword=1” under the General section since my password contains spaces. Anything I am missing here or should be trying out? 2025/11/04 13:56:52 [TaskSequence1] BEGIN2025/11/04 13:56:52 [Function] execute_task_sequence_webapp (TaskSequence1)2025/11/04 13:56:52 [TaskSequence1] [INI] WaitLoginWindowDelay=02025/11/04 13:56:52 [TaskSequence1] [INI] XPathElement=//*[@id="username"]2025/11/04 13:56:52 [TaskSequence1] [INI] XPathValue=%username%2025/11/04 13:56:52 [TaskSequence1] [INI] XPathAction=2025/11/04 13:56:52 [Function] insert_custom_strings (*MASKED*)2025/11/04 13:56:52 [Custom string] username2025/11/04 13:56:52 [TaskSequence1] END2025/11/04 13:56:54 [TaskSequence2] BEGIN2025/11/04 13:56:54 [Function] execute_task_sequence_webapp (TaskSequence2)2025/1

We recently encountered a recurring issue impacting the accessibility of Jumpoints, which we have traced back to behaviors described in KB0021363. The root of the problem appears to be interference between the old and new network management features, particularly when IP assignments are modified either through binding on virtual machines' NICs or via IP changes on bare metal systems.ObservationsWhen these changes occur, the resulting network configuration across the multiple management interfaces becomes inconsistent. This inconsistency causes the Jumpoint to: Attempt to resolve to its own address, Become entirely unresolvable, or Exhibit packet fragmentation or corruption during analysis. Network inspection tools and bomgar logs show erratic behavior. Logs typically reveal incomplete packets or generalized packet errors, but offer no definitive indicators as to the root cause. The symptoms include: Dropped connections, Fluctuating tunnel availability, Inconsistent routing beha

We have been using Remote Support for around two years. Usually the Rep Console auto-runs at startup, but I’ve noticed recently that stopped happening. I think I traced the issue down to a change in the autorun entry (and what looks like a change to the whole directory structure for the software) during updates to Remote Support this year. The old entry pointed to bomgar-rep.exe I believe, where it looks like the Bomgar references were all removed at some point in the timeline.After installing 25.2.2 didn’t help, I uninstalled the Rep Console from my laptop completely, and reinstalled it, and it looks like the autorun entry has been replaced with the proper path. Starting the console after updating the server and letting it download the new console app did not take care of this; it needed a full uninstall/reinstall to generate the new autorun.Anyway, I didn’t see this mentioned anywhere so I wanted to post the solution.

The following articles were published last week. New Knowledge Base Articles: KB0022853 - Is it possible for RS or PRA users to see credentials injected to a remote session from Password Safe? KB0023031 - Can a Jump Client use daisy-chained Jumpoints as a proxy?

The following articles were published last week. New Knowledge Base Articles: KB0022853 - Is it possible for RS or PRA users to see credentials injected to a remote session from Password Safe? KB0023031 - Can a Jump Client use daisy-chained Jumpoints as a proxy?

The following articles were published last week. New Knowledge Base Articles: KB0022837 - Sailpoint Identity Security Cloud integration with EPM Cloud KB0022929 - Best Practices when using the Server Roles policy template

The following articles were published last week. New Knowledge Base Articles: KB0021339 - Unable to SSH receive error: "An error occured while trying to start the session" KB0021621 - Is it possible to integrate both Privileged Remote Access and Remote Support into one Password Safe environment? KB0022570 - Some group memberships are missing from SAML claim KB0022578 - BeyondTrust SCIM PrivilegedData API returns type, description and name starting with uppercase instead of lowercase KB0022591 - AD Bind account username is formatted incorrectly when using an LDAP filter Smart Rule "The user name or password is incorrect" KB0022812 - After updating Appliance Management remote SQL server port get reset to port 1433 KB0022814 - SQL memory shows 0% on appliance dashboard KB0023039 - Can Password Safe send Secrets Safe notifications? KB0023041 - Can users restrict a BeyondTrust

The following articles were published last week. New Knowledge Base Articles: KB0021709 - After a new AD Bridge install - gpupdate and gporefresh hangs or does not complete KB0022869 - Collector Status error - Can not contact the database server

Hi Everyone, I have the following use case:How can i target the git command in the terminal?The Git binary was installed by the user via Homebrew.I’ve tried matching File / Folder Name criteria with git, and also using the absolute path /usr/local/Cellar/git/2.51.1/bin/git in the Application Groups, but it still didn’t work.I tried matching it with parent process and even using the hash (SHA-256).I tested sample commands like ls -la, as shown in the documentation website, and the ls -la were successfully captured.The git command filtering is only work when i use a sudo command application type. i.e. if i type sudo git pull...But the case i want is not using sudo.Does EPM-M only process binary that are signed by Apple?Because the git from homebrew is not signed. I’m using macOS 13 Ventura and PMC 25.6.580 Thanks

Hi, I need to analyze all event logs and see which ones belong to end users who used privileged elevations to categorize them into the high-flex category. The filters in the Analytics tab seem limited and there are a lot of event logs.How can I quickly go about identifying which users belong in the high flex category?  Thanks all!

Hello Is it possible to disable the personal folder in secret safe? can btadmin see the secrets in personal folder? If a user stores in personal folder , and the user leaves organization, we still need to be able to fetch the secrets saved by the user for the enterprise applications. So can we not show personal folders and only show the safes we create for the users?