BeyondTrust Session entry + Team == Managed account reuse
I'm working on setting up a team using a SQL backend to use our Beyondtrust Password Safe for RDP, but I'm finding that API keys and the managed account used by BeyondTrust entries are stored in the database. I need every user/team member to use their own accounts, and api keys so we have accountability and auditing.
Is there something that I'm missing or is this a feature request?
All Comments (4)
Hello,
They could create their own Beyondtrust Password Safe entry in their user vault. You can then set the RDP entries credentials property to Find by name (User vault) and set the name. This implies that users' Beyondtrust entry has the exact same name.
Then for auditing in RDM, enable the Log user vault activities option in Administration - System Settings - Vault Management - User Vault.
Let us know if that helps.
Best regards,
Érica Poirier
f02d32ff-908c-4723-b09a-b41b555307de.png
cf05052f-6dfd-4bdb-a2e7-935bcf129d88.png
Hello,
In fact I provided an incorrect information about the Credentials property of an entry but the scenario would be similar if the users create their own Beyondtrust Password Safe session in their user vault with their own username/password and API key.
And the Log user vault activities option is still valid for auditing purpose.
Let us know if you have further questions about this.
Best regards,
Érica Poirier
For some reason I had disabled user vault! Thanks, that works :D
Hello,
Thank you for your feedback and glad the provided solution has helped.
Best regards,
Érica Poirier