Configure Settings and Manage Software

From the Settings menu option, you can configure the following:

  • Console Access: Add new users and groups to BeyondInsight for Unix & Linux.
  • System: Manage BeyondInsight for Unix & Linux settings.
  • Integration: Manage integration settings for external BeyondTrust integrations.
  • Software: Manage BeyondTrust software versions.

Manage BeyondInsight for Unix & Linux Settings

Deployment Settings

To configure deployment settings:

  1. Select the Settings menu.
  2. Click System.
  3. Set the Remote Working Directory for deployments. For example, /tmp.
  4. Enable or disable Verify SSH Fingerprints to verify if a host is trusted by BeyondInsight for Unix & Linux by default upon discovery.
  5. Click Save.

Authentication Timeout Settings

The following options are available to configure Authentication Timeout Settings for the BeyondInsight for Unix & Linux console. The settings are specified in minutes.

  • Total Session Length
  • Session Timeout Warning
  • Total Idle Length
  • Idle Timeout Warning

Application Settings

Configure application settings if you want to use the password reset feature available on the BeyondInsight for Unix & Linux logon page.

Enforce Email Verification is not available if there are no users with the sysadmin role or accountadmin role with a verified email, or if the currently logged on user has not verified their address. This is to prevent a lockout.

  1. Enter the base URL for BeyondInsight for Unix & Linux. For a standalone deployment with default port, the URL is https://<hostname>:4443/. On the BeyondTrust appliance, the URL is https://<hostname>/pbsmc/. The BeyondInsight for Unix & Linux URL is required for password reset and email verification; the URL is used to format links in emails.
  2. Turn on Enforce Email Verification. This is optional. When this setting is turned on, BeyondInsight for Unix & Linux users must have verified email addresses to authenticate. When the email account is verified and authenticated, the password reset link on the logon page is available to the user.

User Lockout Settings

A user can try to log on five times (the default value) before the account is locked out. The default lockout period is 30 minutes. You can change the default settings

Lockout settings are on by default.

To change default lockout settings:

  1. Select the Settings menu.
  2. Click System.
  3. Set the number of attempts the user can try to logon. The default is 5.
  4. Set the authentication window for logon attempts. This is the length of time the user can try to logon. The default is 5 minutes.
  5. Set the user lockout period. The default is 30 minutes.
  6. Click Save Settings.

An administrator can unlock a user account on the User Details page in the Console Access. Select the user and click Unlock User.

For more information, please see Unlock a User Account.

Set up Password Reset

A Reset Password link is available on the BeyondInsight for Unix & Linux logon page. A local user must verify their email address to use the password reset feature. Verifying the email address must be completed (regardless of whether the account verification is enabled).

The password reset feature is not available to directory service users.

To use the Reset Password link for local accounts, the following must be in place:

  • SMTP settings must be configured for your mail server. If the SMTP server is not configured the Send Verification Email option is not available.
  • Application settings must be configured.
  • The email address for your BeyondInsight for Unix & Linux account must be verified and authenticated. Only after the address is verified can it be used to reset a password.

A BIUL administrator can send a verification email.

To send an email verification:

  1. Click the Settings menu, and then click Console Access.
  2. Click the Users tab.
  3. Select the edit icon for a local user account to display the User Details page.
  4. Click Send Verification Email.

The user receiving the verification email must click the link and provide credentials to authenticate the account. After this authentication the email account is verified and can be used in a password reset.