BeyondTrust Password Safe Connector

:spiral_notepad: Description BeyondTrust Password Safe
:balance_scale: Legal Agreement By using this CoLab item, you are agreeing to SailPoint’s Terms of Service for our developer community and open-source CoLab.
:hammer_and_wrench: Repository Link
:open_book: New to SaaS connectors in the CoLab? Read the getting started guide for SaaS Connectors in the CoLab.
:hospital: Supported by Community Developed


Password Safe was added to Identity Security Cloud as the first default PAM Source in March 2022. However, a SaaS Connector allows direct Cloud to Cloud communication without requiring a VA to be deployed on-premises, to Password Safe Cloud.

This SaaS Connector is an example for how to implement a fully working example based on SCIM and SCIM PAM extension.

Supported Use Cases

  • Account Create
  • Account Delete
  • Account Enable
  • Account Disable
  • Account List
  • Account Read
  • Account Update
  • Entitlement List
  • Entitlement Read
  • Test Connection


SailPoint Identity Security Cloud SaaS Connectivity
BeyondTrust Password Safe Cloud v23.3+


Use the SaaS Connectivity CLI to upload the Password Safe SaaS Connector to your Identity Security Cloud instance. Then create a new Source using the Password Safe SaaS Connector, by providing the Password Safe instance and authentication URLs, together with client credentials.

Before Importing Accounts, configure a Correlation Rule e.g. by using the email attribute.

For more information, take a look at the README file at the root of the Github project.