Configure Privileged Remote Access for Integration with Privileged Identity

You must purchase this integration separately from your BeyondTrust Privileged Remote Access solution. For more information, contact BeyondTrust's Sales team.

Several configuration changes are necessary on the B Series Appliance to integrate with Privileged Identity.

All of the steps in this section take place in the Privileged Remote Access /login administrative interface. Access your Privileged Remote Access interface by going to the hostname of your B Series Appliance followed by /login (e.g., https://access.example.com/login).

Create an OAuth API Account

The Privileged Identity API account is used from within Privileged Identity to make Privileged Remote Access Command API calls to Privileged Remote Access.

In /login, navigate to Management > API Configuration.
Click Add.

Check Enabled.
Enter a name for the account.
OAuth Client ID and OAuth Client Secret are used during the OAuth configuration step in Privileged Identity.
Set the following Permissions:
- Command API: Full Access.
- Reporting API: Allow Access to Access Session Reports and Recordings.
- Endpoint Credential Manager API: Allow Access.
  - If ECM groups are enabled on the site, select which ECM Group to use. ECMs that are not associated with a group come under Default.

The ECM Group feature is only present if enabled when your site is built. If it is not present, please contact your site administrator.

Click Save at the top of the page to create the account.

Allow ECM Connections

PRA 20.1 and later

Go to /login > Management > API Configuration.
Add or edit an API account.
Under Permissions, check Allow Access for Endpoint Credential Manager API.