Integrate ValidSoft and BeyondTrust Privilege Management for Windows and Mac

BeyondTrust Privilege Management for Windows and Mac pairs powerful least privilege management and application control capabilities to provide preventative endpoint security. Implement zero-trust controls and benefit from advanced protection against lateral movement, ransomware, malware, and insider threats.

ValidSoft provides BeyondTrust users with a solution to eliminate fraud because voice authentication is superior to insecure passwords, PINs, and passcodes. We can authenticate human voices within seconds, allowing BeyondTrust Privilege Management escalation with incredible security, logging, and ease of use for the client. ValidSoft See-Say® technology is taking security to a new level while ensuring usability for the end user.

For more information, please see


  • BeyondTrust Privilege Management Cloud (PM Cloud) instance
  • ValidSoft See-Say® Subscription
  • ValidSoft preconfigured IDP instance
  • White Glove Installation Services from ValidSoft

Configure PM Cloud

Select the Policies menu in PM Cloud

  1. Log on to the PM Cloud instance as an administrator, and then click Policies.


Select the Edit & Lock Policy menu item in PM Cloud.

  1. Select an existing policy, and then select Edit & Lock Policy or Create Policy.



Select Idenity Provider Settings in PM Cloud Policy Editor

  1. Click Messages, and then click Identity Provider Settings.


Add IdP information for ValidSoft and PM Cloud integration.

  1. Enter the Authority URI, Client ID (also called the Application ID) and Redirect URI.

PKCE is used here without a client secret. For more information on OAuth PKCE, please see: RFC 7636: Proof Key for Code Exchange.


Edit Workstyle in PM Cloud for ValidSoft integration.

  1. Navigate to the Workstyle you want to enable. Select an application rule, and then select Edit from the menu for that rule.


Edit application rule in PM Cloud for ValidSoft integration.

  1. By default, when the Target Application Group selected is (Default) Any Trusted & Signed UAC Prompt, the end user message selected is Allow Message (Support Desk) .


PM Cloud Allow Message (Support Desk) settings.

  1. The end user message replaces the out-of-the-box Windows User Account Control (UAC) prompt, which prompts the user to enter an administrator level username and password. The end user message controls the interaction with the user attempting a privileged action.

    Edit the message settings and check and/or uncheck boxes to determine the controls on the message. Use and/or conditions to offer a combination of authentication options. To test the integration, check the box Verify their Identity through an Identity Provider.


Test the Integration

PM Cloud download installers

  1. Click the Configuration menu to access Privilege Management Installation and Adapter Installation. Download and install both on a test workstation.

On a test workstation, run the msiexec.exe command found at the bottom of the Privilege Management Installation page to install Privilege Management.


Create a computer group in PM Cloud.

  1. Create a computer group.


PM Cloud adapter installer settings.

  1. For the adapter installation, select an Installation Key and a Computer Group. The msiexec.exe installation command is generated at the bottom of the page.


BeyondTrust and ValidSoft Integration Workflow

The following workflow shows ValidSoft Voice Authentication with See-Say® Technology and BeyondTrust functionality.

Start application in a ValidSoft and PM Cloud integration

  1. On the desktop, click the Start button, right-click Remote Desktop, and then select More > Run as administrator.


Authenticate IdP for a PM Cloud and ValidSoft integration

  1. The Privilege Management confirm elevation message opens. Click Authenticate with your Identity Provider.


Authentication window for ValidSoft in PM Cloud integration.

  1. Follow the instructions on the ValidSoft window to authenticate.


IdP authentication by ValidSoft in a PM Cloud integration.

  1. You are now enjoying escalated privileges as an administrator.


The ValidSoft team is happy to engage for this implementation and training. We can be reached at: 1-888-392-0230

ValidSoft Professional Services will work with the client to ensure integration to the ValidSoft IDP. Our Voice Biometrics professionals will provide a white glove service which includes configuration support, training, and ongoing rollout services.