Title
Create new category
Edit page index title
Edit category
Edit link
Integrate Active Directory with BeyondTrust Password Safe
Starting from version 5.16.1 - MetaDefender Core can integrate with BeyondTrust Password Safe to manage Active Directory (AD)'s admin credential.
Note: Does not support for LDAP Directory
When adding Active Directory, please select BeyondTrust Password Safe in section "Privileged Access Management Manager"


There are several items need to be filled:
BeyondTrust Host
BeyondTrust Username: your Password Safe login account.
BeyondTrus API Key
Managed System ID
Managed Account ID
Get BeyondTrust Host and BeyondTrust API Key from Password Safe.
Login to Password Safe.
Navigate to Configuration → General → API Registrations → Create API Registration → API Key Policy.

Fill the name for the new API Key policy and create new Authentication Rule as below

Click Create Registration button to finish.
Click on the new API Key policy we just created to view details → show and copy the key as BeyondTrust API Key.

Continue to scroll down to bottom → copy API Base Endpoint as BeyondTrust Host.

Get Managed System ID and Managed Account ID of managed AD account from Password Safe
Login to Password Safe.
Navigate to Managed Systems → select your relevant system → click the 3-dots options on the right → select Go to Advanced Details…

The Managed System ID will show up in the URL

Next, navigate to Managed Accounts → select your AD account → click the 3-dots options on the right → select Go to Advanced Details…

The Managed Account ID will show up in the URL

When integrating AD with Password Safe, the users don't need to input "Bind password" - because this password will be managed by Password Safe, users don't need to care about this field anymore.
Enable auto-approve in Password Safe
We highly recommend that the user should enable auto-approve in Password Safe for seamlessly integration with Active Directory
Login to Password Safe.
Navigate to Privileged Access Management Policies → Access Policies → edit your Access policy → enable Auto Approve
