Configure Privileged Remote Access for Integration with Privileged Identity


You must purchase this integration separately from both your BeyondTrust Privileged Remote Access and Privileged Identity solutions. For more information, contact BeyondTrust sales.

Several configuration changes are necessary on the Privileged Remote Access Appliance to integrate with Privileged Identity.

All of the steps in this section take place in the Privileged Remote Access /login administrative interface. Access your Privileged Remote Access interface by going to the hostname of your Privileged Remote Access Appliance followed by /login (e.g.,

Create an API Service Account - Privileged Remote Access 16.2 and Later

Management > API
API :: Accounts

  1. Go to Management > API Configuration and create a new API account.


API :: Account :: Edit

  1. Under Permissions, check Full Access to the Command API.
  2. For the Reporting API, check Allow Access to Support Session Reports and Recordings and Allow Access to Presentation Session Reports and Recordings. Also be sure to copy the values for both the OAuth Client ID and OAuth Client Secret for use in a later step.


  1. Click Add API Account to create the account.

Create an API Service Account - Privileged Remote Access 16.1 and Earlier

The API user account is used from within the integration to make BeyondTrust Command API calls to Privileged Remote Access.

  1. Go to /login > Users & Security > Users.
  2. Click Create New User and name it Integration or something similar.
  3. Leave Must Reset Password at Next Login unchecked.
  4. Set Password Expires On to Never Expires.
  5. Scroll to the bottom and save the account.

Allow ECM Connections

PRA 17.1 and Later

API :: Account :: Edit

  1. Go to /login > Management > API Configuration.
  2. Add or edit an API account.
  3. For Endpoint Credential Manager API, check Allow Access.


Prior to PRA 17.1

Security :: Options :: Allow Endpoint Credential Manager Connections

  1. Go to Management > Security.
  2. Ensure the box Allow Endpoint Credential Manager Connections is checked.