Configure BeyondTrust Privileged Remote Access for Integration with Thycotic Secret Server

 

You must purchase this integration separately from both your BeyondTrust Privileged Remote Access and Privileged Identity solutions. For more information, contact BeyondTrust sales.

Several configuration changes are necessary on the Secure Remote Access Appliance to integrate with Secret Server.

All of the steps in this section take place in the BeyondTrust /login administrative interface. Access your BeyondTrust interface by going to the hostname of your Secure Remote Access Appliance followed by /login, for example: https://access.example.com/login.

Create an API Service Account - BeyondTrust PRA 19.2

Create a new API account in /login

  1. Go to /login > Management > API Configuration.
  2. Click Add.

 

Add an API Account

  1. Check Enabled.
  2. Enter a name for the account.
  3. Under Permissions, check Allow Access for Endpoint Credential Manager API.
  4. Set Command API to Full Access.
  5. Under Reporting API, check Allow Access to Access Session Reports and Recordings.
  1. Copy the OAuth Client ID and OAuth Client Secret and store them in a secure location for use in a later step.
  2. Click Save to create the account.

 

Create an API Service Account - BeyondTrust PRA 17.1 - 19.1

  1. Go to /login > Management > API Configuration.

API:: Accounts

  1. Click Create New API Account.

 

API :: Account :: Edit

  1. Under Permissions, check Full Access to the Command API.
  2. For the Reporting API, check Allow Access to Access Session Reports and Recordings.
  3. Copy the OAuth Client ID and OAuth Client Secret and store them in a secure location for use in a later step.
  4. Click Add API Account to create the account.

 

Allow ECM Connections

PRA 19.2

Allow Access for Endpoint Credential Manager API

  1. Go to /login > Management > API Configuration.
  2. Add or edit an API account.
  3. Under Permissions, check Allow Access for Endpoint Credential Manager API.

 

PRA 17.1 - 19.1

API :: Account :: Edit

  1. Go to /login > Management > API Configuration.
  2. Add or edit an API account.
  3. Under Permissions, check Allow Access for Endpoint Credential Manager API.

 

Prior to PRA 17.1

Security :: Options :: Allow Endpoint Credential Manager Connections

  1. Go to Management > Security.
  2. Ensure the box Allow Endpoint Credential Manager Connections is checked.