BeyondTrust Privileged Remote Access Integration with Thycotic Secret Server
You must purchase this integration separately from your BeyondTrust Privileged Remote Access solution. For more information, contact BeyondTrust sales.
BeyondTrust's Privileged Remote Access plugin integration to Thycotic Secret Server enables automatic password injection to authorized systems through encrypted BeyondTrust connections, removing the need to share and expose credentials to privileged accounts. In addition to machine-specific credentials, the integration also has the ability to retrieve domain credentials that are not machine-specific, giving domain admins and other privileged users access to those credentials for use on endpoints on a domain.
The integration between BeyondTrust and Thycotic enables:
- One-click password injection and session spawning
- Credentials never exposed to authorized users of BeyondTrust
- Access to systems on or off the network with no pre-configured VPN or other routing in place
- Passwords always stored securely in Thycotic Secret Server
The BeyondTrust Endpoint Credential Manager (ECM) enables the communication between Thycotic Secret Server and BeyondTrust Privileged Remote Access. The ECM is deployed to a hardened Windows Server inside the firewall, typically in the same network as Secret Server. Once the ECM is deployed, BeyondTrust users see a list of administrator-defined credentials for the endpoints they are authorized to access. A set of these credentials can be selected when challenged with a login screen during an access session, and the user is automatically logged in, having never seen the username/password combination.
Thycotic Secret Server handles all elements of securing and managing the passwords, so policies that require the password to be rotated after use are supported. BeyondTrust Privileged Remote Access handles creating and managing access to the endpoint and then recording the session and controlling the level of access granted to the user, including what the user can see and do on that endpoint.