Integrate ValidSoft and BeyondTrust Endpoint Privilege Management for Windows and Mac

BeyondTrust Endpoint Privilege Management for Windows and Mac pairs powerful least privilege management and application control capabilities to provide preventative endpoint security. Implement zero-trust controls and benefit from advanced protection against lateral movement, ransomware, malware, and insider threats.

ValidSoft provides BeyondTrust users with a solution to eliminate fraud because voice authentication is superior to insecure passwords, PINs, and passcodes. We can authenticate human voices within seconds, allowing BeyondTrust Endpoint Privilege Management escalation with incredible security, logging, and ease of use for the client. ValidSoft See-Say® technology is taking security to a new level while ensuring usability for the end user.

For more information, see www.ValidSoft.com

Prerequisites

• BeyondTrust Endpoint Privilege Management (EPM) instance
• ValidSoft See-Say® Subscription
• ValidSoft preconfigured IDP instance
• White Glove Installation Services from ValidSoft

Configure EPM

1. Log on to the EPM instance as an administrator, and then click Policies.

 

2. Select an existing policy, and then select Edit & Lock Policy or Create Policy.

 

 

3. Click Messages, and then click Identity Provider Settings.

 

4. Enter the Authority URI, Client ID (also called the Application ID) and Redirect URI.

PKCE is used here without a client secret. For more information on OAuth PKCE, see: RFC 7636: Proof Key for Code Exchange.

 

5. Navigate to the Workstyle you want to enable. Select an application rule, and then select Edit from the menu for that rule.

 

6. By default, when the Target Application Group selected is (Default) Any Trusted & Signed UAC Prompt, the end user message selected is Allow Message (Support Desk) .

 

7. The end user message replaces the out-of-the-box Windows User Account Control (UAC) prompt, which prompts the user to enter an administrator level username and password. The end user message controls the interaction with the user attempting a privileged action.

   Edit the message settings and check and/or uncheck boxes to determine the controls on the message. Use and/or conditions to offer a combination of authentication options. To test the integration, check the box Verify their Identity through an Identity Provider.

 

Test the Integration

1. Click the Configuration menu to access Endpoint Privilege Management Installation and Adapter Installation. Download and install both on a test workstation.

On a test workstation, run the msiexec.exe command found at the bottom of the Endpoint Privilege Management Installation page to install Endpoint Privilege Management.

 

2. Create a computer group.

 

3. For the adapter installation, select an Installation Key and a Computer Group. The msiexec.exe installation command is generated at the bottom of the page.

 

BeyondTrust and ValidSoft Integration Workflow

The following workflow shows ValidSoft Voice Authentication with See-Say® Technology and BeyondTrust functionality.

1. On the desktop, click the Start button, right-click Remote Desktop, and then select More > Run as administrator.

 

2. The Endpoint Privilege Management confirm elevation message opens. Click Authenticate with your Identity Provider.

 

3. Follow the instructions on the ValidSoft window to authenticate.

 

4. You are now enjoying escalated privileges as an administrator.

 

The ValidSoft team is happy to engage for this implementation and training. We can be reached at:

request@validsoft.com 1-888-392-0230

ValidSoft Professional Services will work with the client to ensure integration to the ValidSoft IDP. Our Voice Biometrics professionals will provide a white glove service which includes configuration support, training, and ongoing rollout services.