BeyondTrust Integration
What It Is
The BeyondTrust integration connects Hydden Discovery to the BeyondTrust Password Safe platform. Hydden collects user accounts, groups, and access details from BeyondTrust, then correlates this data with identities discovered across your entire environment. The result is a unified view of who has privileged access and how that access is managed.
Why It Matters
Privileged access management (PAM) tools like BeyondTrust protect critical credentials, but they work best when they cover every account that needs protection. Hydden fills the visibility gap by discovering all accounts across connected systems and comparing them against what BeyondTrust already manages.
This integration helps security teams answer key questions: Which accounts have privileged access? Are those accounts tracked in BeyondTrust? Are there gaps in vault coverage? Without this integration, answering these questions requires manual data collection across systems.
How It Works
The integration follows a collect-correlate-act model.
Data collection — The BeyondTrust collector connects to your BeyondTrust Password Safe instance using API credentials. It retrieves user accounts, groups, MFA status, login data, and account status. The collector runs on a schedule or on demand.
Identity correlation — Hydden maps BeyondTrust accounts to identities discovered from other sources such as Active Directory, cloud platforms, and databases. This creates a cross-platform view of each person's access footprint.
Reporting and action — The collected data appears in the Hydden Search Library and Global Search. You can filter by the BeyondTrust platform to review account details, group memberships, and vault status. Hydden threat detection rules can flag high-risk patterns in privileged account usage.
What You Can Do
After you set up the integration, you can:
- View vault coverage — Open the Vaulted Account Management report in the Search Library to see which BeyondTrust accounts are managed and which need attention.
- Search by platform — Use Global Search to filter accounts and groups by the BeyondTrust platform. Review account types, data sources, and mapped identities.
- Detect access risks — Apply Hydden threat detection and account classification rules to BeyondTrust accounts. Identify dormant accounts, excessive permissions, and unusual access patterns.
- Support compliance audits — Combine BeyondTrust privileged access data with identity data from other systems for unified compliance reporting.
- Enforce least privilege — Use Hydden identity mapping and threat intelligence to find accounts with more BeyondTrust access than they need.
Key Capabilities
| Capability | Description |
|---|---|
| Account discovery | Collects user accounts with MFA status, login data, and enabled/disabled state |
| Group visibility | Discovers groups and group memberships from the BeyondTrust platform |
| Vault status tracking | Shows which accounts are managed by BeyondTrust Password Safe |
| Identity correlation | Maps BeyondTrust accounts to identities from all connected data sources |
| Threat detection | Applies Hydden threat rules to flag risky privileged account patterns |
| Compliance reporting | Provides unified access data for audits and access reviews |
Set Up the Integration
The following steps outline the BeyondTrust integration setup. Complete them in order.
Data Collector
The BeyondTrust collector discovers user accounts and groups from the BeyondTrust Password Safe. It retrieves MFA status, login data, and group membership details.
- Add the Vault module to a configured client. Refer to Adding the BeyondTrust Module.
- Create a BeyondTrust data source. Refer to How to Configure a BeyondTrust Data Source.
Next Steps
After the integration is configured and a collection has run:
- View the discovered BeyondTrust data in the Search Library and Global Search.