Configure Privileged Identity for Integration with Privileged Remote Access
You must purchase this integration separately from both your BeyondTrust Privileged Remote Access and Privileged Identity solutions. For more information, contact BeyondTrust sales.
The integration requires minimal setup within Privileged Identity and should work with your existing data as it stands. The two main requirements are a delegation identity that can impersonate Privileged Identity web users and the installation of the Privileged Identity SDK Web Services.
- Under Delegation > Web Application Identity Impersonation Mappings, select Create Mapping.
- If an identity already exists that you would like to use for the integration, select it and skip to step 3 below. Otherwise, continue with the following steps:
- Click Add Identity and select Explicit Identity.
- Enter the desired username and password, and then click OK.
- Select the desired identity and click OK.
- Select the identities or roles the above user should be able to impersonate, and then click OK.
- Verify the new mappings, and then click OK to close the dialog.
If configuring the integration to auto-spin passwords upon check-in, the above account requires the All Access permission. If you are not using this feature, you can skip the steps listed below.
- Go to Delegation > Web Application Global Delegation Permissions.
- Add the All Access permission.
- Select the identities or groups on the left to assign the permission to that identity or group.
- Check the Ignore Password Checkout box.
- Click OK.
This permission allows users to retrieve and inject credentials regardless of whether the credential is checked out to a different user in the Privileged Identity web application. It only affects the programmatic access to checked out credentials and does not allow them to check out a credential in the web application when in use by another user.
Privileged Identity SDK Web Services
Please consult the Privileged Identity Admin Guide for instructions on installing and enabling the SDK Web Services. In newer versions of Privileged Identity, the SDK Web Services can be enabled directly from the Privileged Identity console in the Manage Web Appliance section.