Manage applications

To authenticate applications and check their access control authorizations, the applications must be defined in the Vault.

In order to retrieve passwords from a specific Safe, both the Credential Provider user and application user must be added as owners of the Safe.

When applications are defined in the Vault, the following information is specified:




Each application is created in the Vault, as well as the application authentication information, such as the machines where the application runs, the Windows domain OS user who runs the application, and other similar information.


The accounts that contain the passwords to be retrieved for applications must be added to the Vault, as well as the properties that are required for each application. Each account must be attached to account management policies to ensure that these accounts are managed according to relevant compliance requirements.

Access Control

Access authorizations are given to the relevant accounts.

Applications can be managed in either of the following ways:


For more information about defining applications and application authentication through the REST API, see Applications in the Privileged Access Security online help.


We recommend that you do not use multiple REST calls for the same resource; doing so may result in conflicts and synchronization issues.

  • Manually in the Applications tab specifying the application details that will be checked by the Credential Provider
  • Automatically using Bulk Upload (Add Applications), which defines multiple applications in the Vault based on information in a CSV file.

In this section: