Let's say you have outsiders coming into your devices, let's say a vendor support contractor or a third party needing to troubleshoot one of your devices. Let's also say they need local admin access on the box to do their work.
Previous to BT, you had to create them an AD account with a longevity cut off, set them up in the needed groups - or worse yet - have them setup on the device as a local admin user you created, that's (hopefully) deleted later.
Vault credentials are SO much better. What vault let's you do is store AD credentials in a "vault" inside BT that can be used by anyone but no one knows them. You can remove, update or change who has access to these credentials - all from inside BT.
Setting up Shared Vault Credentials is super easy. First make sure the credentials are either in Active Directory, or on the local machine first. You will need to know the username and password for them.
Login to Beyond Trust with the admin credentials, or someone with access to add Vault credentials. Click the Vault option on the left and select Accounts at the top, then choose to either Add or Edit an existing account.
Next you need to do the following
Create a Name for the account. This is a descriptive name that the end user will see from the Vault user list. Make it as descriptive as possible so there's no confusion.
Add a description of what it will be used for.
Copy the username from the account you setup either in AD or locally on the machine
Copy the password from the account you setup either in AD or locally on the machine
Duplicate the password you filled from step 4
Assign these credentials to user accounts that are existing in Beyond Trust.
From the tech point of view when they get the login prompt on the server/workstation, they click the little key icon in the top left and it will show all the credentials that have been assigned to them.
Combining this with limiting to jump groups and you have a solid secure entry into your environment that prevents outside folks from getting access, or knowing how to access any of your devices.