Configure the Endpoint Credential Manager Plugin for Integration with Privileged Remote Access

 

You must purchase this integration separately from both your BeyondTrust Privileged Remote Access and Password Safe solutions. For more information, contact BeyondTrust sales.

Install the Endpoint Credential Manager

The Endpoint Credential Manager (ECM) must be installed on a system with the following requirements:

  • Windows Vista or newer, 64-bit only
  • .NET 4.5 or newer
  1. To begin, download the BeyondTrust Endpoint Credential Manager (ECM) from BeyondTrust Support . Start the BeyondTrust Endpoint Credential Manager Setup Wizard.

    BeyondTrust ECM EULA

  2. Agree to the EULA terms and conditions. Mark the checkbox if you agree, and click Install.

    If you need to modify the ECM installation path, click the Options button to customize the installation location.

You are not allowed to proceed with the installation unless you agree to the EULA.

  1. Click Install.

     

  2. BeyondTrust ECM Destination Folder

  3. Choose a location for the credential manager and click Next.
  4. On the next screen, you can begin the installation or review any previous step.
  5.  

    ECM Installation

  6. Click Install when you are ready to begin.
  7.  

    ECM Installation Complete

  8. The installation takes a few moments. On the screen, click Finish.
  9.  

    To ensure optimal up-time, administrators can install up to five ECMs on different Windows machines to communicate with the same site on the PRA Appliance. A list of the ECMs connected to the appliance site can be found at /login > Status > Information > ECM Clients.

    When multiple ECMs are connected to a BeyondTrust site, the PRA Appliance routes requests to the ECM that has been connected to the appliance the longest.

Install and Configure the Plugin

  1. Once the BeyondTrust ECM is installed, extract and copy the plugin file(s) to the installation directory (typically C:\Program Files\BeyondTrust\ECM\)
  2. Run the ECM Configurator to install the plugin.
  1. The Configurator attempts to detect the plugin and load it. If successful, skip to Step 4 below. Otherwise, follow these steps:

    Unblock DLL

    1. First ensure that the DLL is not blocked as this occurs on some Windows systems, then right-click the DLL and select Properties.
    2. On the General tab, below Attributes if there is a Security section with an Unblock button, click it.
    3. Repeat these steps for any other DLLs packaged with the plugin.
    4. In the Configurator click the Choose Plugin button and browse to the location of the plug-in DLL – BeyondTrustPSPlugin.dll.
  2. After selecting the DLL, click the gear icon in the Configurator window to configure plug-in settings.

 

  1. The following settings are available:

Setting Name

Description

Notes

Endpoint URL

The full URL to the PS SDK Web Services

ex: https://<password-safe-server-hostname>/BeyondTrust/api/public/v3

API Registration Key

The Key for the API Registration created for the integration

 

Global Approver

The username for the account created to allow automated approval of requests for credentials via the integration.

 

Test Settings

The settings specific to Password Safe can be tested directly from the plugin configuration screen using the Test Settings button. Simply enter a user from whose account you'd like to retrieve credentials, an endpoint for which the user has one or more credentials, and view the resulting list.

Passwords are not actually retrieved and displayed. Only a list of credentials is retrieved and displayed.. The settings used for the test are the ones currently entered on the screen, not necessarily what is saved. The test user should have the Requestor role with access to the API.

Enter a BeyondTrust Password Safe user ID

  1. Enter a user account from which to retrieve credentials.

     

    Enter an Endpoint

  2. Enter an endpoint for which the user account has one or more credentials.

     

     

    Test setting results

  3. View the resulting list.