Manage BIUL Settings

Deployment Settings

To configure deployment settings:

Select the Settings menu.
Click System.
Set the Remote Working Directory for deployments. For example, /tmp.
Enable or disable Verify SSH Fingerprints to verify if a host is trusted by BIUL by default upon discovery.
Click Save Settings.

Authentication Timeout Settings

The following options are available to configure Authentication Timeout Settings for the BIUL console. The settings are specified in minutes.

Select the Settings menu.
Click System.
Set values for the following timeout settings:
- Total Session Length
- Session Timeout Warning
- Total Idle Length
- Idle Timeout Warning
Click Save Settings.

Application Settings

Configure application settings if you want to use the password reset feature available on the BIUL logon page.

Enforce Email Verification is not available if there are no users with the sysadmin role or accountadmin role with a verified email, or if the currently logged on user has not verified their address. This is to prevent a lockout.

Select the Settings menu.
Click System.
Enter the base URL for BIUL. For a standalone deployment with default port, the URL is https://<hostname>:4443/. On the BeyondTrust appliance, the URL is https://<hostname>/pbsmc/. The BIUL URL is required for password reset and email verification; the URL is used to format links in emails.
(Optional). Check the box to turn on Enforce Email Verification. When this setting is turned on, BIUL users must have verified email addresses to authenticate. When the email account is verified and authenticated, the password reset link on the logon page is available to the user.
(Optional). Check the box to Disable System Provided Certificate Authority. When BIUL is turned on we create a signing authority, and then sign our own certificates for use with things like solr.Use this option when you are using signed certificates, and specifically do not want to use our authority at all.
Click Save Settings.

User Lockout Settings

A user can try to log on five times (the default value) before the account is locked out. The default lockout period is 30 minutes. You can change the default settings

Lockout settings are on by default.

To change default lockout settings:

Select the Settings menu.
Click System.
Set the number of attempts the user can try to logon. The default is 5.
Set the authentication window for logon attempts. This is the length of time the user can try to logon. The default is 5 minutes.
Set the user lockout period. The default is 30 minutes.
Click Save Settings.

An administrator can unlock a user account on the User Details page in the Console Access. Select the user and click Unlock User.

For more information, see Unlock a User Account.

Set up Password Reset

A Reset Password link is available on the BIUL logon page. A local user must verify their email address to use the password reset feature. Verifying the email address must be completed (regardless of whether the account verification is enabled).

The password reset feature is not available to directory service users.

To use the Reset Password link for local accounts, the following must be in place:

SMTP settings must be configured for your mail server. If the SMTP server is not configured the Send Verification Email option is not available.
Application settings must be configured.
The email address for your BIUL account must be verified and authenticated. Only after the address is verified can it be used to reset a password.

A BIUL administrator can send a verification email.

To send an email verification:

Click the Settings menu, and then click Console Access.
Click the Users tab.
Click the edit icon for a local user account to display the User Details page.
Click Send Verification Email.

The user receiving the verification email must click the link and provide credentials to authenticate the account. After this authentication the email account is verified and can be used in a password reset.