Authentication to BeyondTrust Privileged Remote Access (On-Premises)
BeyondTrust may be provisioned for locally defined BeyondTrust user accounts or can be integrated into existing authentication sources. For instance, a commonly integrated authentication source is Microsoft Active Directory. When using a directory such as this, all authentication follows the existing controls and processes in place for safeguarding user accounts.
Additional security providers are available that allow for user authentication using Kerberos or SAML (for single sign-on) or using RADIUS (for multi-factor authentication). Each of these providers can be configured to use LDAP groups to set the permissions for the user, allowing you to map existing LDAP groups to teams in BeyondTrust.
There are a large number of granular permissions that can be granted to users. These permissions determine which features in BeyondTrust a user has access to.