Configure BeyondTrust Privileged Remote Access for Integration with Thycotic Secret Server

 

You must purchase this integration separately from your BeyondTrust Privileged Remote Access solution. For more information, contact BeyondTrust sales.

Several configuration changes are necessary on the B Series Appliance to integrate with Secret Server.

All of the steps in this section take place in the BeyondTrust /login administrative interface. Access your BeyondTrust interface by going to the hostname of your B Series Appliance followed by /login, for example: https://access.example.com/login.

Create an OAuth API Account

The Thycotic Secret Server API account is used from within Thycotic Secret Server to make Privileged Remote Access Command API calls to Privileged Remote Access.

Screenshot of the Add Button on the API Configuration page in Privileged Remote Access /login.

  1. In /login, navigate to Management > API Configuration.
  2. Click Add.

 

Screenshot of the Add an API Account page in Privileged Remote Access /login.

  1. Check Enabled.
  2. Enter a name for the account.
  3. OAuth Client ID and OAuth Client Secret is used during the OAuth configuration step in Thycotic Secret Server.
  4. Under Permissions, check Allow Access for the Endpoint Credential Manager API.
  5. If ECM groups are enabled on the site, select which ECM group to use. ECMs that are not associated with a group come under Default.
This feature is only present if enabled when your site is built. If it is not present, please contact your site administrator.
  1. Click Save at the top of the page to create the account.

 

Allow ECM Connections

Screenshot of the Allow Access for Endpoint Credential Manager API option on the API Configuration page in Privileged Remote Access /login.

  1. Go to /login > Management > API Configuration.
  2. Add or edit an API account.
  3. Under Permissions, check Allow Access for Endpoint Credential Manager API.

 

Screenshot of the Allow Access for Endpoint Credential Manager API option on the API Configuration page in Privileged Remote Access /login.

  1. Go to /login > Management > API Configuration.
  2. Add or edit an API account.
  3. Under Permissions, check Allow Access for Endpoint Credential Manager API.

 

API :: Account :: Edit

  1. Go to /login > Management > API Configuration.
  2. Add or edit an API account.
  3. Under Permissions, check Allow Access for Endpoint Credential Manager API.

 

Security :: Options :: Allow Endpoint Credential Manager Connections

  1. Go to Management > Security.
  2. Ensure the box Allow Endpoint Credential Manager Connections is checked.