Configure Privileged Identity for Integration with Privileged Remote Access


You must purchase this integration separately from your BeyondTrust Privileged Remote Access solution. For more information, contact BeyondTrust sales.

The integration requires minimal setup within Privileged Identity and should work with your existing data as it stands. The two main requirements are a delegation identity that can impersonate Privileged Identity web users and the installation of the Privileged Identity SDK Web Services.

Delegation Identity

  1. Under Delegation > Web Application Identity Impersonation Mappings, select Create Mapping.
  2. If an identity already exists that you would like to use for the integration, select it and skip to step three below. Otherwise, continue with the following steps:
    • Click Add Identity, and then select Explicit Identity.
    • Enter the desired username and password, and then click OK.
  3. Select the desired identity, and then click OK.
  4. Select the identities or roles the above user should be able to impersonate, and then click OK.
  5. Verify the new mappings, and then click OK to close the dialog.

If configuring the integration to auto-spin passwords upon check-in, the above account requires the All Access permission. If you are not using this feature, you can skip the steps listed below.

  1. Go to Delegation > Web Application Global Delegation Permissions.
  2. Add the All Access permission.
  3. Select the identities or groups on the left to assign the permission to that identity or group.
  4. Check the Ignore Password Checkout box.
  5. Click OK.

This permission allows users to retrieve and inject credentials regardless of whether the credential is checked out to a different user in the Privileged Identity web application. It only affects the programmatic access to checked out credentials and does not allow them to check out a credential in the web application when in use by another user.

Privileged Identity SDK Web Services

Please consult the Privileged Identity Admin Guide for instructions on installing and enabling the SDK Web Services. In newer versions of Privileged Identity, the SDK Web Services can be enabled directly from the Privileged Identity console in the Manage Web Appliance section.