Integrate BeyondTrust Privileged Remote Access with Security Providers
By integrating your Secure Remote Access Appliance with your company's directory stores, IT administrators can easily manage user access to BeyondTrust accounts. Configure BeyondTrust PRA to use your existing directory structure for user authentication and group lookup.
Access to Existing User and Group Data
Rather than manually creating each BeyondTrust user account, an administrator can configure the appliance to query directories for existing users. Using the hierarchy and group settings already specified in these directories, the administrator can assign BeyondTrust account permissions to groups of users in addition to setting individual permissions.
Permitted users can log into their BeyondTrust accounts with their system credentials. The use of existing credentials spares the administrator from having to assign an additional username and password to each user and saves the user from having to remember another set of credentials.
Dynamic User Permissions
Because BeyondTrust can retrieve data straight from the directory, a change in a user's status will automatically be reflected in their BeyondTrust account settings. For instance, if someone is moved from the Internal Support group to the Customer Support group in the company directory, the Secure Remote Access Appliance also will read that user as a member of the Customer Support group and accordingly will grant that user the privileges assigned to that group.
Immediate Account Deactivation
If a user is moved to a group that is not permitted to access your Secure Remote Access Appliance, or if the user ceases employment and is deleted from the company directory, that user will no longer be able to log into their BeyondTrust account. The account information will be present on the Secure Remote Access Appliance for reporting purposes only.