> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/rdm/knowledge-base/how-to-articles/beyondtrust-configuration.md).

# BeyondTrust configuration

The [BeyondTrust Password Safe](https://www.beyondtrust.com/products/password-safe) integration makes it easy for users to sign into systems using credentials stored in BeyondTrust. Remote Desktop Manager Windows leverages credentials from Password Safe to bridge the gap between connecting to remote systems and securing secrets.

Four BeyondTrust entry types are available. Here is an overview to help you understand their roles and configuration.

{% hint style="info" %}
The BeyondTrust integration requires the [Privileged access management solutions package](https://docs.devolutions.net/resources/getting-started-packages/privileged-access-management-package/) license.
{% endhint %}

### BeyondTrust Password Safe (credentials type)

Remote Desktop Manager connects to the BeyondTrust instance to retrieve credentials, enabling account brokering during sessions.

1. Create a new entry and select ***BeyondTrust Password Safe*** (credentials type).
2. Enter a name.
3. Go to the ***General*** tab
4. Enter the ***Host***, which is the URL of your BeyondTrust portal.
5. Check [Use My account settings](https://docs.devolutions.net/rdm/commands/file/my-account-settings/) to use the credentials configured in your account settings.
6. Enter the ***Username*** and ***Password*** of an account that has the permissions to connect to BeyondTrust.
7. Enter the domain.
8. Enter the ***Application API key***, which is the key of one of your BeyondTrust ***API Registrations***. Note that the API key needed must be associated to a user from a group in BeyondTrust.
9. Link an entry by clicking on the ellipsis button or by checking the ***Always prompt with list*** option.
10. Click ***Add*** to save the entry and close the window.

### BeyondTrust Password Safe (session type)

To directly access endpoints via BeyondTrust, you can use the BeyondTrust Password Safe (session type) entry. This entry connects through the proxy, just like the dashboard does.

1. Create a new entry and select ***BeyondTrust Password Safe*** (session type).
2. Enter a name.
3. Go to the ***General*** tab
4. Enter the ***Host***, which is the URL of your BeyondTrust portal.
5. Enter the ***Username*** and ***Password*** of an account that has the permissions to connect to BeyondTrust.
6. Enter the domain.
7. Enter the ***Application API key***, which is the key of one of your BeyondTrust ***API Registrations***. Note that the API key needed must be associated to a user from a group in BeyondTrust.
8. Go to the ***Advanced*** tab.
9. In the System field, click the ellipsis button (...) to browse and select from available systems in your BeyondTrust vault.
10. The ***Account*** field automatically displays the account associated with the selected system.
11. Select a template from your template list if needed.
12. Choose the ***Session type*** by selecting ***RDP*** or ***SSH***.
13. Specifies which field should be used to resolve the host address for the session. Select from the following options: ***System name***, ***IP address***, or ***DNS name***.
14. Click ***Proxy***, ***Direct***, or ***Admin session*** to determine how the session will connect.
15. Check the ***Check-in-request on close*** to automatically trigger a check-in for the credentials used after the session ends.
16. Click ***Add*** to save the entry and close the window.

### BeyondTrust Password Safe dashboard (session type)

The dashboard is used to view all your secrets and seamlessly connecting to endpoints through the Password Safe proxy, thus enabling the use of conditional access policies from BeyondTrust.

1. Create a new entry and select ***BeyondTrust Password Safe*** ***dashboard*** (session type).
2. Enter a name.
3. Go to the ***General*** tab
4. Enter the ***Host***, which is the URL of your BeyondTrust portal.
5. Enter the ***Username*** and ***Password*** of an account that has the permissions to connect to BeyondTrust.
6. Enter the domain.
7. Enter the ***Application API key***, which is the key of one of your BeyondTrust ***API Registrations***. Note that the API Key needed must be associated to a user from a group in BeyondTrust.
8. Go to the ***Advanced*** tab.
9. Check the auto-refresh box to enable automatic refreshing of the dashboard data.
10. Set the interval (in minutes) between automatic refreshes.
11. Click ***Add*** to save the entry and close the window.

### BeyondTrust Admin session (session type)

The ***BeyondTrust Admin session*** is designed to store administrator credentials, which can be used to connect to BeyondTrust Password Safe entries as well as BeyondTrust Password Safe dashboard entries, without the need to check in or check out the connection.

1. Configure a ***BeyondTrust Admin session*** entry by clicking ***Add new entry*** – ***BeyondTrust Admin session***.
2. Enter the ***Username***, ***Domain*** and ***Password***.
3. Once the entry is created, you can link it to an existing ***BeyondTrust Password Safe*** entry by going to ***Advanced*** – ***Connect mode*** – ***Admin session***.
4. Navigate to ***Credential mode*** and select ***Linked (vault)*** to link the previously created ***BeyondTrust Admin session*** entry.
5. Click ***Save*** to close the window.
6. Open the session.

Note that you can also use the credentials saved in the ***BeyondTrust Admin session*** entry to connect to the ***BeyondTrust Password Safe dashboard*** entry. To do so, select the dashboard entry and click ***Open admin session***. Click ***Linked (vault)*** to link your credentials.

### See also

* [BeyondTrust and Remote Desktop Manager](https://devolutions.net/integration-center/beyondtrust/)
* [Devolutions Academy – Configure BeyondTrust in Remote Desktop Manager](https://academy.devolutions.net/student/page/2811658-configure-beyondtrust-in-remote-desktop-manager?curriculum_activity_id=4263921\&path_id=2628397\&sid=090ebcff-e031-4be1-a23c-cd8edc4d757b\&sid_i=0)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.devolutions.net/rdm/knowledge-base/how-to-articles/beyondtrust-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.