Integrate BeyondTrust Privileged Remote Access and Ping DaVinci Connector

Introduction

BeyondTrust has partnered with Ping Identity to deliver a Privileged Remote Access (PRA) connector leveraging the PingOne DaVinci no-code orchestration service. An orchestration platform integrates multiple applications and services to automate a process or provide real-time data synchronization and flow.

PingOne DaVinci is a cloud orchestration service for creating user journeys across various applications via a drag-and-drop interface. DaVinci is an open interface with integrations and connections across multiple applications and identity ecosystems. You can start by building and designing your own workflows or refine one of the existing workflow templates to customize your user journeys. Optimize your flows easily with A/B testing and deploy changes in quick succession.

Possible Use Cases

The BeyondTrust PRA/PingOne DaVinci connector gives an organization the ability to terminate all PRA sessions on a host (by hostname) and/or terminate all PRA sessions that a particular identity (by username) might have across the environment.

These use cases provide examples of how the BeyondTrust PRA connector can be used:

  • A security incident has occurred on one or more host, requiring the termination of any PRA sessions by any user on those affected hosts. The security incident can be discovered by any XDR or SOAR system that also has a DaVinci connector capable of supplying the PRA connector with a hostname of the affected system.
  • Regular IT tasks of user moves, changes, or deletions might require any open PRA sessions in use by an identity across the infrastructure to be terminated. A DaVinci connector from any iDP that can provide the PRA connector with an identity (username) can be used as part of the workflow to terminate any open PRA sessions. The hostname and/or identity can also be provided to the connector though a static HTML form.

The BeyondTrust integration with DaVinci can terminate multiple user connections.

  • The PRA connector provides a result, error, or success, which can be sent to a ticketing system as part of the DaVinci workflow, using any available third-party ITSM connector.  

Prerequisites

The following are required to use the Privileged Remote Access connector:

  • A PingOne SaaS instance.
  • PingOne DaVinci added as a service to the PingOne SaaS instance.
  • A supported version of BeyondTrust Privileged Remote Access. To confirm your version is supported, contact support or refer to the BeyondTrust End of Life Policy.

API Account

Using the the PRA connector in PingOne DaVinci requires an API account in PRA, with the Command API permission set to full access. This must be created if it does not already exist.

The OAuth Client ID and the OAuth Client Secret for this API account are required to install the integration.

For more information, please see Add or Edit an API Account.