Log in to the PRA Access Console
After installing the BeyondTrust console, launch the access console from its directory location as defined during installation.
By default, in Windows, you can access the console from Start Menu > All Programs > Bomgar > access.example.com, where access.example.com is the hostname of the site from which you downloaded the console.
If the Login Agreement has been enabled, you must click Accept to proceed.
At the prompt, enter your username and password.
Use Passwordless Login
FIDO2-certified authenticators can be used to securely log in to the desktop access console, privileged web access console, and the /login administrative interface without entering your password. You can register up to 10 authenticators.
If passwordless login has been enabled, Authenticate Using may default to Passwordless FIDO2, or it can be selected. The exact process for passwordless login depends on the type of device and manufacturer.
You can enable passwordless login and set the default authentication after logging into the /login administrative interface, by navigating to Management > Security, and then registering passwordless authenticators at My Account > Security. Administrators can view and manage passwordless login registration and usage at Users & Security > Users > Passwordless Authenticators
Passwordless login for the desktop access console on macOS or Linux systems is supported only for roaming authenticators (such as the YubiKey hardware security keys). Platform or integrated authenticators (such as Face ID and fingerprint scanners) are not supported for the desktop access console login when using macOS or Linux systems.
Infrastructure Access Mode
Advanced users might prefer to use Infrastructure Access Mode. This is primarily for quick access to protocol and database tunneling, and BYOT sessions. If desired, check Launch Infrastructure Access Mode. Infrastructure Access Mode is not available on Linux systems.
If more than one language is enabled for your site, select the language you want to use from the dropdown menu.
If two-factor authentication is enabled for your account, enter the code from the authenticator app.
Use Kerberos Server
Alternatively, if your administrator has configured a Kerberos server to enable single sign-on, you can log into the console without entering your credentials. The access console remembers the last used login mechanism, whether it used local credentials, Kerberos, or another security provider.
Invited users can also enter a session key to join a shared session on a one-time basis.
Check Enable Saved Logins to have the console save your username and password. This option can be enabled or disabled from /login > Management > Security.
Once you log in, the console opens, and a BeyondTrust icon appears in your computer's system tray.
Your administrator might require you to be on an allowed network to log in to the console. This network restriction might apply the first time you log in or every time. This restriction does not apply to access invites.
If you forget your password, go to /login and click the Forgot Your Password? link. This is an option that is set by your administrator. If you do not have this option, please contact your administrator.
If you lose your connection, the access console attempts to reconnect for 60 seconds. If your connection is restored within this time, your access console reopens, restoring all of your open sessions. If the connection cannot be restored within this time, you are prompted to retry login or quit.
If you are logged into the access console in one location and then log in from another, your open sessions are maintained.
To log in with an account already in use and forcibly close the connection on the other system, the setting Terminate Session If Account Is In Use must be checked on the /login > Management > Security page.
After an upgrade or at first launch of the desktop access console, a What's New dialog appears automatically upon login for all non-invited users. This dialog may be viewed at any time through the Help menu (Help > What's New) and shows new release information for current and past releases. This is a roaming preference per account, so the dialog appears just once regardless where a user signs in from.
- On setting up the login agreement, please see Site Configuration: Set HTTP Ports, Enable Prerequisite Login Agreement
- On invited users, Invite an External User to Join an Access Session
- On using Infrastructure Access Mode, Use Infrastructure Access Mode