Endpoint Privilege Management Administration Guide

Endpoint Privilege Management is a platform to manage your Windows and macOS computers. Use the platform to set up computer management features such as least privilege access and application protection. Ensure computers are compliant using the auditing and reporting features.

This guide is intended for EPM administrators, policy administrators, and system administrators.

Sign into EPM

You must have cookies enabled in your browser to use EPM. If you do not enable cookies, you will get a blank page when you attempt to navigate to EPM.

The version is displayed at the bottom of the logon page.

To log on:

  1. Navigate to your EPM instance and click Sign in.
  2. Click the appropriate email associated with your account.

Home Page

The Home page serves as a dashboard offering Computer Status, Computer Policy, and Client & Adapter summary information.

Endpoint Privilege Management Home page

EPM uses a role-based access control (RBAC) system. Roles assigned to a user determine the features the user can access. A standard user requires sufficient permissions to access some of the menu options. For more information, see Review EPM Roles.

User Account Profile and Preferences

User Account Profile image

You can click the User Account Profile icon to view your current account profile information, including the type of user role assigned (Standard or Administrator).

You can expand the Account Preferences section and view or edit the basic settings.

This is also where you log out of the EPM Console.

The User Account Profile icon is accessible from any page in the EPM Console.

 

Computer Status Summary

Get the most up to date status information on each of the computers in the estate with Endpoint Privilege Management installed. Click the status link to drill down to more information about the computers.

For more information, see:

Computer Policy Summary

In the Computer Policy Summary section, current metrics on policy status are shown. Select a computer group from the list to display the status per group.

Client & Adapter Summary

In the Client & Adapter Summary section, view version information for clients and adapters sorted by operating system.

The list displays which client/adapter version is used and by how many computers. Drill down to see more information about each computer on the Computers page.

 

Navigate the Console

EPM provides an easy to navigate interface with some common elements throughout. This section shows the highlights.

Switch Between BeyondTrust Applications

If you have BeyondTrust Identity Security Insights, you can connect EPM and other BeyondTrust applications, and then switch between applications without needing to re-enter credentials. Re-entering credentials may be necessary in some circumstances, depending on the login configuration of the different applications.

The App Switcher menu appears in the upper right. Click the menu for a list of connected applications, and click an application. There can be more than one instance of an application, except for Identity Security Insights.

The menu only appears if there are connected applications. If all connected applications are removed, then the menu no longer displays.

Configuration of this feature is managed in BeyondTrust Identity Security Insights.

Access Features

Endpoint Privilege Management highlighting the menu icon available throughout the UI.

Access features throughout the UI using the menu (presented as three dots). When there are actions that can be applied to a selected item, click the menu icon.

As a shortcut and to enhance readability, this icon is referred to simply as menu in the guide.

Search

An auto-suggest global search is available that displays results from computer groups, policies, computers, and users.

Access Details Page or Panel

Details pages and panels provide a way to see more information. From the main page for Computers, Computer Groups, Activity Auditing, and Users, click the link in the first column to access a Details page or panel.

Select multiple columns to display in the grid.

Select Columns to Display

Click the Columns icon, and then select the columns to display.

 

Sort Columns

You can sort columns independent of each other by clicking the column name. An Up or Down arrow icon designates the ascending or descending sorting order.

Icon next to Name field for sorting

Filter

You can filter within the grids by using the filter options at the top of the grid.

Use the filter tool to narrow the scope of information displayed. Click in the filter field, and then select a filtering option.

 

The grid updates automatically according to the filter option and the text xtring you enter..

When you enter a string of text in the field, the results in the grid filter below automatically update to the records that contain that string.

To remove a filter, click the X icon.

You can use multiple filters in your search. After your initial filter is applied, click in the Filter field again, and select a filter. For example, you can filter policies by name, and then by date created.

 

Filter Using the Date Picker

Date Picker filter tool with a range of dates selected

Filter page results using a data picker available with some of the filters. For example, select a range of dates when computers or computer groups were created.

In the calendar, select a single day, a range, or multiple days.

To further reduce the results, modify the dates or add one or more additional filters.

 

Progress and Change Indicators

When EPM is busy performing an action, you see a spinner to indicate that it is processing.

Where actions affect one or more rows, you see a green toaster notification briefly flash to indicate that EPM has processed your request.

Error Notifications

If EPM cannot complete an action successfully, it does not make any changes and you get a toaster notification on the top right, next to the search field. EPM does not process a task that it cannot action successfully. The error notification tells you that the action was not successful. You can clear the errors as required from the page that generated the error.

Export to CSV

You can export all grid data results in the currently filtered result set, not just the results which are displayed on the current page, from the Download records to CSV icon above the grid.

Download Records to CSV

Set a Session Timeout

You can set how long users can be in an EPM session before they are automatically logged out.

Console Timeout Settings paqe

To set a session timeout:

  1. On the sidebar menu, click Configuration.
  2. Under Settings, select Security Settings.
  3. In the Security Settings pane, enter a value between 15 and 60 minutes.
  4. Click Save Changes.

 

Maintenance Jobs

There are regular maintenance jobs run on the management database and reporting database. Each database will be purged and re-indexed.

The maintenance jobs are not run at the same time for all customer instances. Maintenance jobs run at a random time based on the time zone of the Azure region your instance is deployed in.