When a credential request is made and the API Group value is not stored locally, a request is made to BeyondTrust to retrieve the API Group value from the Pega Access asset on the server. If successful, the credential request continues to be processed using the API Group value returned. If not, the credential request fails.

Note: If your security requirements do not permit using Pega Access, use the CredMgrUI.exe utility to store the required BeyondTrust API groups and BeyondTrust Runas users locally.

Enable the UseCurrentUserForASO and UseCurrentUserForCredStore attributes to control the Runas user that requests application credentials from the ASO Manager or the Credential Store, respectively.

1. Open BeyondTrust Password Safe.
2. Enable the appropriate options for your security needs:
   • If you enable the UseCurrentUserForASO option, requests for credentials that are made to the ASO Manager use the current logged-in user instead of the Runas user who is specified in the CredentialManagerConfig.xml file.
   • If you enable the UserCurrentUserForCredStore option, requests for credentials made to the Credential Store are made with the current logged-in user instead of the Runas user who is specified in the CredentialManagerConfig.xml file.
   Note:

   If the current user is a domain user, add the user to the user group in BeyondTrust as an Active Directory user.

   If the current user is logged into the computer locally, add the user to the user group in BeyondTrust as a BeyondTrust user and format the name as username/machinename.

3. Save your selections and exit BeyondTrust Password Safe.