The BeyondTrust Password Safe stores credentials as managed accounts that belong to an asset.

• Each managed account has an application associated with it. For example, WindowsUser is the application associated with credentials that are used by a robot to log in to Windows.
• An asset can be a physical device (a computer or server) or a container for managed accounts. For example, a container for pooled credentials is used to log into an application.

When Robot Runtime makes a credential request, it uses the following values to query the BeyondTrust Password Safe:

name

The name of the credential element.

systemName

This value maps to an asset in BeyondTrust.

applicationName

(Optional) This value maps to the first managed account belonging to the asset with a matching application name. If the applicationName value is omitted, the name value is used instead.

Runas

(Required, but can be overridden) This value is the BeyondTrust domain or local user authorized to retrieve the credentials. If NoRunasUserPassword is not enabled, store the passwords locally by using the CredMgrUi.exe program. For more information, see Using the Credential Manager utility to store API keys.

If you enable UseCurrentUserForASO or UseCurrentUserForCredStore, this value is overridden, based on the setting.

APIGroup

The name of the secret shared between Robot Runtime and BeyondTrust that authenticates that the request can be fulfilled.

accountNamePostfix

(Optional) This value is used to match the correct managed account when an asset contains more than one managed account for an application. This value matches the managed account name ending with this value, which also matches the application name. This value is removed from the managed account name before the credentials are returned.

Pega Robotic Automation stores these values in the CredentialManagerConfig.xml file, which is located in the C:\ProgramData\Pegasystems folder.