Endpoint Privilege Management Administration Guide
Endpoint Privilege Management is a platform to manage your Windows and macOS computers. Use the platform to set up computer management features such as least privilege access and application protection. Ensure computers are compliant using the auditing and reporting features.
This guide is intended for EPM administrators, policy administrators, and system administrators.
Sign into EPM
You must have cookies enabled in your browser to use EPM. If you do not enable cookies, you will get a blank page when you attempt to navigate to EPM.
The version is displayed at the bottom of the logon page.
To log on:
- Navigate to your EPM instance and click Sign in.
- Click the appropriate email associated with your account.
Home Page
The Home page serves as a dashboard offering Computer Status, Computer Policy, and Client & Adapter summary information.
EPM uses a role-based access control (RBAC) system. Roles assigned to a user determine the features the user can access. A standard user requires sufficient permissions to access some of the menu options. For more information, see Review EPM Roles.
User Account Profile and Preferences
You can click the User Account Profile icon to view your current account profile information, including the type of user role assigned (Standard or Administrator).
You can expand the Account Preferences section and view or edit the basic settings.
This is also where you log out of the EPM Console.
The User Account Profile icon is accessible from any page in the EPM Console.
Computer Status Summary
Get the most up to date status information on each of the computers in the estate with Endpoint Privilege Management installed. Click the status link to drill down to more information about the computers.
For more information, see:
Computer Policy Summary
In the Computer Policy Summary section, current metrics on policy status are shown. Select a computer group from the list to display the status per group.
Client & Adapter Summary
In the Client & Adapter Summary section, view version information for clients and adapters sorted by operating system.
The list displays which client/adapter version is used and by how many computers. Drill down to see more information about each computer on the Computers page.
Navigate the Console
EPM provides an easy to navigate interface with some common elements throughout. This section shows the highlights.
Switch Between BeyondTrust Applications
If you have BeyondTrust Identity Security Insights, you can connect EPM and other BeyondTrust applications, and then switch between applications without needing to re-enter credentials. Re-entering credentials may be necessary in some circumstances, depending on the login configuration of the different applications.
The App Switcher menu appears in the upper right. Click the menu for a list of connected applications, and click an application. There can be more than one instance of an application, except for Identity Security Insights.
The menu only appears if there are connected applications. If all connected applications are removed, then the menu no longer displays.
Configuration of this feature is managed in BeyondTrust Identity Security Insights.
Access Features
Access features throughout the UI using the menu (presented as three dots). When there are actions that can be applied to a selected item, click the menu icon.
As a shortcut and to enhance readability, this icon is referred to simply as menu in the guide.
Search
An auto-suggest global search is available that displays results from computer groups, policies, computers, and users.
Access Details Page or Panel
Details pages and panels provide a way to see more information. From the main page for Computers, Computer Groups, Activity Auditing, and Users, click the link in the first column to access a Details page or panel.
Select Columns to Display
Click the Columns icon, and then select the columns to display.
Sort Columns
You can sort columns independent of each other by clicking the column name. An Up or Down arrow icon designates the ascending or descending sorting order.
Filter
Use the filter tool to narrow the scope of information displayed. Click in the filter field, and then select a filtering option.
When you enter a string of text in the field, the results in the grid filter below automatically update to the records that contain that string.
To remove a filter, click the X icon.
You can use multiple filters in your search. After your initial filter is applied, click in the Filter field again, and select a filter. For example, you can filter policies by name, and then by date created.
Filter Using the Date Picker
Filter page results using a data picker available with some of the filters. For example, select a range of dates when computers or computer groups were created.
In the calendar, select a single day, a range, or multiple days.
To further reduce the results, modify the dates or add one or more additional filters.
Progress and Change Indicators
When EPM is busy performing an action, you see a spinner to indicate that it is processing.
Where actions affect one or more rows, you see a green toaster notification briefly flash to indicate that EPM has processed your request.
Error Notifications
If EPM cannot complete an action successfully, it does not make any changes and you get a toaster notification on the top right, next to the search field. EPM does not process a task that it cannot action successfully. The error notification tells you that the action was not successful. You can clear the errors as required from the page that generated the error.
Export to CSV
You can export all grid data results in the currently filtered result set, not just the results which are displayed on the current page, from the Download records to CSV icon above the grid.
Set a Session Timeout
You can set how long users can be in an EPM session before they are automatically logged out.
To set a session timeout:
- On the sidebar menu, click Configuration.
- Under Settings, select Security Settings.
- In the Security Settings pane, enter a value between 15 and 60 minutes.
- Click Save Changes.
Maintenance Jobs
There are regular maintenance jobs run on the management database and reporting database. Each database will be purged and re-indexed.
The maintenance jobs are not run at the same time for all customer instances. Maintenance jobs run at a random time based on the time zone of the Azure region your instance is deployed in.