Beyond Trust password safe cloud credential provider

We are trying to connect to AD using beyond trust credentials using credential provider. We are getting below error. Has anyone faced this issue?

Error Received:

Authentication Failed! Please check the configuration of currently associated credential provider.

Hi @utkarsh-bajpai-cyd

1. Double-check the credential provider setup in ISC – make sure the connector is actually pointing to the right provider.
2. Try pulling the credential directly from BeyondTrust (outside of ISC) to confirm it’s valid.
3. Manually test the AD bind account stored in BeyondTrust to ensure the username and password are still working.
4. Look at the ISC connector logs – they usually tell you if the problem is bad credentials or a provider configuration issue.
5. Confirm network connectivity – ISC needs to reach both AD and BeyondTrust without being blocked by firewall or proxy rules.
6. Verify the PFX certificate, client ID, and client secret – make sure they’re valid and tied to the correct BeyondTrust application with the right permissions.

Thanks

Hi Gopi,

Thanks for response.

Can you please tell me how do we find the host URL for BT which we need to specify in the Credential provider configuration in ISC.

{B27F2800-7426-464F-B49A-77BD8E956CD1}1696×220 16.8 KB

can it be

https://.xx.beyondtrustcloud.com or something else.

also in the secret url, can we mention the below format url if our account is in AD

credential provider name is the name of the cred provider that we have configured in ISC

secrets:///systemName%3DActive%20Directory%26accountName%xxxxxxx%40xxxxxx.com

Hi, you need to approach the team that administers BeyondTrust Password Safe.

secret format:

secrets://BeyondTrust Password Safe/systemName=&accountName=

I have generated the secret safe url. But what is the system name we put in this url? will it be active directory, if there is an AD account or it will be the something else?

Also host URL details I am not able to get

secrets://BeyondTrust Password Safe/systemName=Active Directory&accountName=svc_ad_admin

systemName=Active Directory → The system (your AD domain) in Password Safe.

accountName=svc_ad_admin → The specific AD account stored under that system.

secrets://BeyondTrust Password Safe/→ Tells the system to fetch the secret from BeyondTrust Password Safe.

Note: all the above details you can able to request from beyondtrust administators

thanks Gopi, do you know what will be the format of host URL –

https://name.ps.beyondtrustcloud.com/ or we need to append something in the end

try using this format

https://your.beyondtrust.server/BeyondTrust/api/public/v3/

this format is giving the same error message

May I know the instance type which you’re using cloud or on-premise

cloud type, it is saas

Cloud instances: https://the-cloud-instance-url/BeyondTrust/api/public/v3

it is giving this new error now. I have updated the hosturl and secret url as discussed above

We have detected an error from the managed system.

Error Received:

Error while fetching secret secrets://BeyondTrust%20Password%20Safe/systemName%3Ddomain.domain%26accountName%3Dsaccountname : Failed to fetch Managed Account with provided details. Please check provided secret expression., Please verify provided secret expression

secret url is below -

secrets://BeyondTrust%20Password%20Safe/systemName%3Ddomain.domain%26accountName%3Dsaccount

Are you sure that the systemName and accountName specified are correct, and that those accounts were created under the specific path in BeyondTrust?

it worked now, the system name needs to be ad domain prefix and account name needs to the serviceaccount@domain

That’s great …

if secret path is not retreiving the expected password, make sure systemName and accountName are correct

thanks Gopi for the help

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.