Log into Endpoints Using Credential Injection in the Android Access Console

When accessing a Windows-based Jump Client via the mobile access console, you can use credentials from a credential store to log into the endpoint or to run applications as an admin.

Before using credential injection, make sure that you have a credential store available to connect to BeyondTrust PRA, such as a password vault.

Install and Configure the Endpoint Credential Manager

Requirements:

  • Windows Vista or newer, 64-bit only
  • .NET 4.5 or newer
  • Processor: 2GHz or faster
  • Memory: 2GB or greater
  • Available Disk Space: 80GB or greater

Before you can begin accessing Jump Items using credential injection, you must download, install, and configure the BeyondTrust Endpoint Credential Manager (ECM). The BeyondTrust ECM allows you to quickly configure your connection to a credential store, such as a password vault.

The ECM must be installed in your network to enable the BeyondTrust ECM Service and to use credential injection in BeyondTrust PRA.

  1. To begin, download the BeyondTrust Endpoint Credential Manager (ECM) from BeyondTrust Support.
  2. Start the BeyondTrust Endpoint Credential Manager Setup Wizard.

    BeyondTrust ECM EULA

  3. Agree to the EULA terms and conditions. Check the box if you agree, and then click Install.

    If you need to modify the ECM installation path, click the Options button to customize the installation location.

You are not allowed to proceed with the installation unless you agree to the EULA.

 

BeyondTrust Welcome to ECM Setup Wizard

  1. Click Next on the Welcome screen.

     

BeyondTrust ECM EULA

  1. Choose a location for the credential manager, and then click Next.
  2. On the next screen, you can begin the installation or review any previous step.

 

BeyondTrust ECM Installation

  1. Click Install when you are ready to begin.

 

BeyondTrust ECM Installation Complete - Click Finish

  1. The installation takes a few moments. On the Completed screen, click Finish.

 

To ensure optimal up-time, administrators can install up to three ECMs on different Windows machines to communicate with the same credential store. A list of the ECMs connected to the appliance site can be found at /login > Status > Information > ECM Clients.

When ECMs are connected in a high availability configuration, the BeyondTrust Appliance B Seriesroutes requests to the ECM in the ECM Group that has been connected to the appliance the longest.

Install and Configure the Plugin

  1. Once the BeyondTrust ECM is installed, extract and copy the plugin files to the installation directory (typically C:\Program Files\Bomgar\ECM).
  2. Run the ECM Configurator to install the plugin.
  3. The Configurator should automatically detect the plugin and load it. If so, skip to step 4 below. Otherwise, follow these steps:

    Unblock DLL

    • First, ensure that the DLL is not blocked. Right-click on the DLL and select Properties.
    • On the General tab, look at the bottom of the pane. If there is a Security section with an Unblock button, click the button.
    • Repeat these steps for any other DLLs packaged with the plugin.
    • In the Configurator, click the Choose Plugin button and browse to the location of the plugin DLL.

     

ECM Configurator

  1. Click the gear icon in the Configurator window to configure plugin settings.

 

Configure a Connection to Your Credential Store

Using the ECM Configurator, set up a connection to your credential store.

ECM Configurator exe File

  1. Locate the BeyondTrust ECM Configurator you just installed using the Windows Search entry field or by viewing your Start menu programs list.
  2. Run the program to begin establishing a connection.
  3. When the ECM Configurator opens, complete the fields. All fields are required.
Enter the following values:
Field Label Value
Client ID The ID for your credential store.
Client Secret The secret key for your credential store.
Site The URL for your credential store instance.
Port The server port through which the ECM connects to your site.
Plugin Click the Choose Plugin... button to locate the plugin.

ECM File List

  1. When you click the Choose Plugin... button, the ECM location folder opens.
  2. Paste your plugin files into the folder.
  3. Open the plugin file to begin loading.

 

If you are connecting to a password vault, more configuration at the plugin level may be needed. Plugin requirements vary based on the credential store that is being connected.

Use Credential Injection to Access Endpoints

After the credential store has been configured and a connection established, BeyondTrust PRA can begin using credentials in the credential store to log into endpoints.

Jump Item List

  1. Go to your Jump Items list.
  2. Tap the Jump Item you wish to access.
  3. Tap Jump.

 

Enter Credentials

  1. The Enter Credentials prompt appears. Tap Credential Store.
  2. Tap the credentials you wish to use to access the system.
  3. Tap OK.

 

Special Actions

  1. From within the session, tap the Start button to start screen sharing.
  2. Tap the Special Actions option. Tap Run as….
  3. Tap Windows Security (Ctrl-Alt-Del).

 

Login Screen

  1. Tap the Key icon. The key icon allows the system to view your stored credentials to gain entry into the endpoint.