Privileged Remote Access 21.2 Available Features
Features for Access Console Users
|Multi-Platform Support||Endpoint||Access Console|
Windows 7 SP1
Windows Server 2008 SP2 - 2019
Windows 7 SP1
Windows Server 2016 - 2019
|macOS||macOS 10.13 - 10.15
macOS 11 (Big Sur) x86 and xApple
The macOS Access Console now fully supports macOS Big Sur, including changes to support its new security requirements. The Apple silicon architecture is also supported through Apple's Rosetta 2 technology.
|macOS 10.13 - 10.15
macOS 11 (Big Sur) x86 and xApple
RedHat Enterprise 8.2
Ubuntu 18.04 LTS, 20.04 LTS
|Mobile Devices||N/A||Apple iOS 12.0+|
|Virtual Machines||N/A||Citrix XenDesktop 5, 7
VMWare View 5
VMWare Horizon 6, 7
Citrix XenApp 6.5, 7.5
|PRA Virtual Appliances||
vSphere 5.0 - 6.7
|Unattended Systems||Laptops, Desktops, Servers, ATMs, Kiosks, POS Systems, Raspberry Pi, etc.|
|Cloud Access Controls||Securely connect to and manage your cloud infrastructure, including Windows, Red Hat, CentOS, and Ubuntu Linux VMs powered by AWS, Azure, VMware, and other IaaS providers. Headless Linux configurations are also supported.|
|Cloud Access AWS KMS Support||AWS Key Management Service (KMS) makes it easy to create and manage cryptographic keys and control their use in AWS services and applications. AWS KMS is a secure and resilient service that uses hardware security modules.|
|Network Devices||Routers, Switches and Devices via SSH/Telnet|
|Multi-Language Support||View BeyondTrust applications and interfaces in English, Dutch, French, German, Italian, Japanese, Russian, Simplified Chinese, Polish, and Traditional Chinese. BeyondTrust supports international character sets.|
|Access Console Toolset||Use advanced access tools to interact with remote systems.|
|3D Touch Support for iOS||
The BeyondTrust mobile access console uses iOS 3D Touch Support capabilities offered by the iPhone 6S and 6S Plus devices to start sessions faster and more efficiently. By tapping and holding the BeyondTrust Access Console icon on your iOS device, you can quickly access the three most viewed Jump Items, and you can seamlessly transition between active sessions.
|Access Console||Access remote endpoints by connecting to them through the B Series Appliance.|
|Advanced Web Access||
Advanced Web Access enables administrators to appropriately manage privileged access controls over assets that utilize modern web technology in a secure, scalable, and controlled manner. The auditing capability gives your organization the visibility it needs to adhere to both internal security policies and any applicable industry compliance requirements.
|Annotations||While screen sharing, use annotation tools to draw on the remote screen. Drawing tools, including a free-form pen and scalable shapes, can aid in collaborating with other users.|
|BeyondTrust Access Extender||
BeyondTrust Protocol Tunneling extends the remote connectivity and auditing capabilities of proprietary and/or 3rd party applications, such as integration control systems or custom database tools. BeyondTrust simplifies this complex task into a consumable process that removes the need for an intricate VPN solution.
|BeyondTrust SUDO Manager||
Shell Jump credential injection can be used in conjunction with SUDO.
BeyondTrust Vault is an on-appliance credential store that enables your users to access privileged credentials and inject them directly into an endpoint. Eliminate the need for users to memorize or manually track passwords, increasing productivity and security. Add privileged credentials to Vault manually, or try the built-in Discovery tool to automatically find and protect AD and local credentials.
The Vault Accounts tab in the Access Console enables users to check in and out Vault accounts that the administrator has defined. This enables users to leverage Vault accounts for session activity or locally on their own device, improving user experience and productivity by enabling access to Jump Items and Vault accounts from one location.
|Cancel Access Request||Users can cancel pending Jump Access authorization requests from the Web Console, providing more flexibility and control over the authorization process, extending the existing functionality of the desktop Access Console.|
|Canned Scripts||Use pre-written scripts from either the Command Shell interface or the Screen Sharing interface, increasing session efficiency by automating common processes.|
Protect against common user mistakes during SSH sessions by applying basic filtering to the input at the command line. For devices or B Series Appliances where agents are not practical or possible, command filtering provides an extra layer of control for administrators who need to provide access to that endpoint.
|Command Shell||Directly access the command shell for system diagnostics, network troubleshooting, or low-bandwidth access, without screen sharing.|
|Copy and Paste with Web Jump||Users can now utilize the Copy/Paste functionality during a Web Jump session, enabling users to continue to utilize their current processes while using the Web Jump feature.|
When accessing a Windows-based Jump Client, perform credential injection into the login screen as well as the Run As special action. Additionally, gain access to SQL Server using credentials from your endpoint credential manager.
|Credential Injection with Web Jump||
Users can now inject a vaulted account with MFA enabled during a Web Jump Access session, enabling users to utilize the same credential injection experience they are used to using in the other access methods.
Credential Store Search
Vault users can now search the credential list when Jumping into a remote system. To leverage this new functionality, a user must only begin typing an account name and the Credential Store presents the matching credentials to the user. This search functionality is limited to credentials that are available in the access console.
|Custom Links||From within a session, click a button to open your browser to an associated CRM record.|
|Custom Special Actions||Create access console special action shortcuts for tasks specific to your environment, streamlining the effort for your team to complete repetitive tasks.|
|Customizable Notifications||Configure which events trigger alerts in the access console and upload custom audio files.|
|Elevate Endpoint Client||Elevate the endpoint client to have administrative rights. Special actions can be run in the current user context or in system context.|
|Endpoint Credential Management||
Use credentials stored in a password vault for nearly all session types. Credentials from the endpoint credential manager can be used for RDP login, Run As from special actions, performing Remote Push, and Shell Jump initiation (SSH). Install multiple endpoint credential managers on different systems to avoid downtime.
You can define which Vault users can inject credentials while in a session, and which Vault users can view credentials when checked out in /login.
|File Transfer||Transfer files to and from the remote file system.|
|Most Recently Used Jump Items||Most Recently Used Jump Items provides an easy way to find your most frequently accessed Jump Items which saves time by not having to search for frequently accessed endpoints.|
|Multi-Monitor Support||View multiple monitors on the remote desktop.|
|Multi-Session Support||Run multiple simultaneous sessions.|
|Password Injection with Password Safe||Password Injection with BeyondTrust Password Safe is available for Privileged Remote Access, enabling your users to securely use passwords during access sessions with the click of a button. In addition, it provides an integrated approach to secure third-party vendor access.|
Network and protocol enhancements allow for direct peer-to-peer connections. A direct connection between a user and an endpoint bypasses the B Series Appliance, thus enhancing the performance of screen sharing, file transfer, and remote shell.
|Privileged Web Access Console||
A web-based BeyondTrust Access Console that uses HTML5 to provide access to endpoints. The privileged web access console removes the requirement of having to download and install the BeyondTrust access console client.
|Reboot/Auto-Reconnect1||Reboot and automatically reconnect to the remote computer.|
|Remote Registry Editor||Access and edit the remote Windows registry without requiring screen sharing.|
|Remote Screenshot||Capture a screenshot of the remote system.|
|Restrict Endpoint Interaction2||Disable the endpoint's mouse and keyboard input and conceal the screen to avoid interference and ensure privacy while you are working.|
|Smart Card Support||In a session, use authentication credentials contained on a smart card that physically resides on the user's system. This feature has been enhanced to support Extended APDU.|
|Special Actions||Access common actions such as Registry Editor, Event Viewer, System Restore, etc. Perform actions in User or System context. With the Run As special action on a Windows system, you may select credentials from an endpoint credential manager.|
View in-depth system information in an easily navigable interface. Interact with services and processes and uninstall software without requiring screen sharing.
|Touch ID Authentication for iOS||
Authenticate to the access console via the iOS device's built-in Touch ID capability.
|Virtual Pointer||Display a pointer on the remote screen, helpful when collaborating with another user.|
|Wake-on-LAN||Remotely access computers, even when they are turned off. Send Wake-on-LAN packets to a Jump Client host to turn on that computer, if the capability is enabled on the computer and its network.|
|Collaboration||Work with other users and experts to resolve support cases.|
|Access Invite||Invite anyone – internal or external – into a shared session with one-time, limited access.|
|Extended Availability||Users can be in notification mode. If invited to share a session, you will receive an email notification.|
Upload an image of your company logo to display on the public-facing web pages of your Privileged Remote Access site. This logo is visible when someone accepts an access invite, goes to the public recording page, responds to an extended availability message, or responds to a request for Jump approval.
|Session Sharing||Collaborate with other users by sharing a session with a team member.|
|Teams||Collaborate with other users who share similar skill sets or areas of expertise.|
|User-to-User Screen Sharing||Collaborate with other users by instantly sharing your screen with a team member.|
|Jump Technology||Access unattended remote desktops, servers, and other systems.|
|Copy Jump Items||You can copy Jump Items and assign them to multiple Jump Groups. This allows setting separate policies and group permissions without requiring additional client installations on the endpoint. Users with appropriate permissions can right click individual or multiple Jump Items to copy them.|
|Jump Client||Access any Windows, Mac, or Linux system. Centrally manage and report on all deployed Jump Clients. Where permitted by the endpoint's platform, elevated functionality including File Transfer, Command Shell, and Registry Access can be allowed by the administrator.|
|Jump Client Headless Support for Raspberry Pi OS||Enables Raspberry Pi secure access to allow privileged users to connect to more types of unattended systems, perform administrative actions, and secure who has access to manage these devices. May work on any Raspberry Pi device that runs Raspberry Pi OS, but only certified against Pi 3B+ and Pi 4B.
Supported Operating Systems:
|Jumpoint||Access unattended Windows systems on a network, with no pre-installed client. Connect through proxy servers by storing credentials. Unattended Linux systems, with a Jump Point agent, can also be accessed through RDP and SSH sessions.|
|Bring Your Own Tools – RDP||The Bring Your Own Tools functionality enables you to leverage your existing native RDP tool for Remote RDP Jump Shortcuts, while maintaining the benefits of the audit trail and session recordings. This new setting enables Remote RDP Jump Shortcuts to include existing native RDP functionality, expanding Jump Item capabilities and improving user experience. This functionality is available in the access console as a setting that can be enabled or disabled. Administrators can control access to this feature using a global setting in the /login interface located under Jump > Jump Items > Jump Item Settings.|
Bring Your Own Tools – SSH
|The Bring Your Own Tools functionality enables you to leverage your existing native SSH tool for SSH Jump Items, while maintaining the benefits of the audit trail and session recordings. This new setting enables SSH Jump Items to include existing native SSH functionality, expanding Jump Item capabilities and improving user experience. This functionality is available in the access console as a setting that can be enabled or disabled. Administrators can control access to this feature using a global setting in the /login interface located under Jump > Jump Items > Jump Item Settings.|
|RDP Multi-Monitor Support||View multiple monitors on the remote desktop.Traditional Remote RDP Jump Shortcuts support more native RDP screen sizing and scaling of a session across multiple monitors.|
Jump Zone Proxy
|Use a Jumpoint as a proxy on a remote network to access systems that do not have a native Internet connection. This feature has been enhanced to allow Linux systems to be used as proxy servers. This functionality is no longer limited to Windows Jumpoints.|
|Microsoft Remote Desktop Protocol (RDP) Integration||Conduct remote desktop protocol (RDP) sessions through BeyondTrust. Users can collaborate in sessions, and sessions can be automatically audited and recorded. Settings in the access console allow users to connect with the resolution best suited for their working environment.|
|Scripted Jump||Automatically start a session from an external program by initiating a Jump Item via a script.|
|Shell Jump||Connect to SSH/telnet-enabled network devices through a deployed Jumpoint.|
|Web Jump has been enhanced to support Linux Jumpoints.|
Connect to VNC servers through BeyondTrust. Users can collaborate in sessions, and sessions can be automatically audited and recorded.
|Chat||Communicate easily with teammates both in and out of shared sessions.|
|Session Chat||Chat with other users in a shared session.|
|Spell Check||Catch misspellings and view suggested corrections.|
|Chat with all users on a team or with an individual.
The Team Chat feature within the access console has been enhanced to now preserve the chat history. This allows users to pick up the conversations between other team members so that the history is available when they log back into the console. The administrator can configure a minimum time that this information is replayed in the access console.
Features for Managers
|User Management||Centrally manage users and groups.|
|Access Console Device Verification||Enforce the networks on which your access consoles may be used, or require two factor authentication to log into the access console.|
|Access Invite||Create profiles so that users can invite anyone – internal or external – into a shared session with one-time, limited access.|
Oversee team activity, monitor users' access consoles, and join or take over sessions owned by someone else.
|Amazon Web Services (AWS) Deployment Option||Matching customers' needs with different deployment options, the B Series Appliance is now available in Amazon Web Services. Whether you are a new Privileged Remote Access customer or an existing customer that has an initiative to move your on-premises B Series Appliance to AWS, AWS deployment provides more options for your preferred deployment.|
|Application Sharing Restrictions||Limit access to specified applications on the remote Windows or Linux system by either allowing or denying a list of executables. You may also choose to allow or deny desktop access.|
|This set of APIs enables Privileged Remote Access administrators to automate and orchestrate administrative tasks within /login and the Access Console. There are specific methods exposed via an API that enable a programmatic way to create, list, update, and delete certain configuration items in Privileged Remote Access. For example, administrators can use the API to create local user accounts or delete Jump Clients that have been offline for a specified number of days. Other enabled use cases include tasks for Jump Groups, Vendor Groups and Users, Group Policies, Vault Accounts, Vault Account Groups, and Personal Vault Accounts.
Added Configuration APIs to enable administrators to manage Web Jump Items and to copy Jump Items.
The Configuration API documentation can be found under /login > Management > API Configuration.
|Configurable Login Banner||Configure a banner to display before users can log into either the /login interface or the /appliance interface. If the banner is enabled, then users attempting to access either /login or /appliance must agree to the rules and restrictions you specify before being allowed to log in.
The Login Agreement can be presented as part of the access console as a granular setting. Administrators can choose where this agreement is displayed, and the same message is presented when launching the access console or accessing the web administration interface.
|Delegate Password Administration||Delegate the task of resetting local users' passwords to privileged users, without also granting full administrator permissions.|
|Delegate User Management||Administrators can create a group policy type to onboard and manage vendors and other users. An assigned vendor admin for a policy can manage onboarding and offboarding of managed users for that policy.
Administrators can define up to 50 Vendor Groups.
|Vendor Onboarding - User Registration Portal||Administrators can enable vendor users to request or sign up for access through a customizable portal page. This functionality is an addition to the Vendor Groups section on the Users & Security > Vendors page. Administrators can create and customize portal pages for specific vendors, allowing users to register for the access they need, when they need it. The Vendor Portal can be restricted to specific email domains as well as existing network restrictions for the Vendor Group. Vendor user self-registration through the Vendor Portal always requires approval for user creation by the defined administrator of the Vendor Group.|
Notification and Approval Workflows
|Notification and approval workflows are available for user onboarding. This decreases manual administration of vendor management and allows faster access for new users.|
|Message Broadcast||Send a pop-up message to all users logged into the access console.|
Gain the security of multi-factor authentication for your local and LDAP user accounts by enabling time-based, one-time passwords. When logging into BeyondTrust, users must provide a one-time password generated by a separate device or authentication app.
Multiple /appliance User Accounts
Create multiple user accounts for the /appliance interface. Set rules regarding account lockouts and password requirements. SAML can also be used to log directly into /appliance.
|Session Permission Policies||Customize session permissions to fit specific scenarios, not just specific users. You can change the permissions allowed in a session based on the specific endpoint being supported. Session permission policies provide flexibility in building the security model for each specific scenario.|
|Teams||Create teams based on skill set or experience level.|
|Team Collaboration||Define how multiple teams may interact.|
|Templates||Copy an existing security provider, session policy, or group policy to create a new object with similar settings. You also can export a session policy or group policy and import those permissions into a policy on another site.|
|User Accounts||Create an unlimited number of named user accounts.|
|User Account Details Reporting||Export account information about your user accounts for auditing purposes.|
|User Collaboration||Define session sharing options.|
|User Login Schedule||
Exert control over access console availability to specific users by restricting when users are able to log in.
Vault Account Groups
|Vault Administrators can organize Vault accounts into account groups, providing a better management experience for Vault admins. Admins can assign account groups to group policies, rather than only individual Vault accounts, and Vault accounts can be assigned to an account group during the import process.|
Vault Accounts associated with Endpoints
|Vault accounts are automatically associated with endpoints, providing a better user experience when injecting credentials into Privileged Remote Access sessions. Admins use the Vault Discovery and Import functions to bring accounts and endpoints under Vault management. Once under Vault management, the credential-to-endpoint association automatically occurs for the relevant Jump Items. Users are presented with the associated Vault accounts when injecting during session initiation.|
|Vault Bulk Rotation||Users and administrators can select groups of Vault credentials and perform a password rotation on all credentials in the selected group, with just one click. This functionality provides administrators with a simple and efficient method to rotate user-selected groups of credentials or all Vault credentials at once, making it simpler to manage large numbers of credentials with Vault, while eliminating the need for time-consuming manual rotation of individual credentials.|
Vault - Account Rotation Azure AD Domain Services
|Privileged Remote Access enables organizations to properly manage and inject credentials managed by Azure AD Domain Services. Administrators can now leverage the Vault to rotate account credentials managed by Azure Active Directory Domain Services. This new functionality is an addition to the existing ability to discover credentials managed by Azure AD Domain Services.|
|Vault Configuration APIs||List Vault accounts with the Vault Configuration API. Vault administrators can also create generic username/password and username/SSH key accounts using the API. This provides a programmatic way to onboard Vault accounts that can't be automatically discovered through Domain Discovery (Active Directory).|
|Vault Domain Filtering||
Users can traverse Organizational Units (OUs) within the targeted Active Directory Domain when using the Vault Discovery functionality. Vault Discovery allows administrators to discover credentials in the specified network. Administrators can then import credentials into Vault, enabling users to inject and use the discovered credentials within Privileged Remote Access sessions. Being able to traverse the OU's provides greater flexibility, while saving time and resources. Instead of running a general discovery to the domain, admins can specifically target the OU's of the teams and credentials that they wish to manage with Vault, decreasing the amount of managed credentials in Vault, and making it easier to use and control the most important credentials.
Vault Personal Accounts
|All Privileged Remote Access users can create private generic accounts in their own private Vault. This functionality allows users to manage their own Vault accounts privately for use during Privileged Remote Access sessions.
The maximum number of personal accounts per user has increased from 10 to 25.
|Jump Client Discovery and Rotation||Jump Clients can perform discovery and rotation of local credentials (Windows only). This functionality allows administrators to manage machines individually and set who has access to those machines without the need to set up a local or shared account on the remote system. This feature is to complement the use of Jumpoints in the network for domain-based rotation but also allow for more singular control over smaller groups of machines.|
|Access Console Toolset||Equip your users with the specific access tools they need.|
|Canned Scripts and Custom Special Actions||Create command shell scripts and custom special actions for users to run during sessions, increasing efficiency by automating common processes.|
|Centralized Access Console Settings||Define the access console settings for your entire organization. Enforce settings to ensure a consistent experience.|
Create Jump Item Roles to easily assign sets of Jump Item permissions to users.
Collect Jump Items into Jump Groups, granting members varying levels of access to those items.
|Set expiration dates for Jumpoints.|
|Create Jump Policies to enforce when Jump Items can be accessed, if a notification of access is sent, or if approval must be granted prior to access.|
|Jump Clients unable to connect to the B Series Appliance are automatically marked as lost, allowing an administrator to diagnose the reason for the lost connection. Both the lost date and the date at which a Jump Item is deleted can be configured.|
After a software update, Jump Clients update automatically. Users can see which Jump Clients have completed upgrade and can access them right away. While a Jump Client is awaiting upgrade, users can still modify properties without having to wait for the upgrade to complete.
|Post Session Lock||Set the endpoint client to automatically lock or log out the remote Windows computer when an elevated session ends.|
|User Permissions||Restrict or enable toolset components (ex., View or Control, File Transfer, System Information, etc.)|
|Reports||Report on all session activity; customize, filter and export reports.|
|Endpoint Surface Analyzer||Know and control how critical endpoints are accessed throughout your organization. Be aware of the listening network port exposure for systems that you manage. Report and keep a running log of critical endpoint network exposure.|
Disable recordings at the Jump Policy level. If this option is checked, sessions started with this Jump Policy are not recorded, even if recordings are enabled on the Configuration > Options page. This affects screen sharing, user recordings for Protocol Tunnel Jump, and command shell recordings.
|License Reporting and Auditing||
Keep track of the number of endpoint licenses used. You can download a zip file containing detailed information on your BeyondTrust license use. This file contains a list of all Jump Items (not counting uninstalled Jump Clients), daily counts for Jump Item operations and license usage, and a summary for the B Series Appliance and its endpoint license usage and churn.
|RDP Session Forensics||A setting for RDP Jump Items provides administrators with additional logging details for RDP Jump sessions. Users can leverage this functionality by enabling the Session Forensics setting in the RDP Jump Item properties. This feature captures additional session events, such as Focused Window Changed Even and Mouse Click Event. RDP Session Forensics enhances security by providing administrators with RDP Jump session details that previously were only supported in Jump Client sessions.|
|Reporting Permissions||Manage each user's reporting privileges.|
Jump Item Reporting
|Administrators can now leverage a new report type specific to the administration and configuration of Jump Items. For example, reports can be run for historical Jump Item events, such as creation, deletion, copy, move, etc.|
Session Forensics is a powerful feature that allows you to search across all sessions based on session events. The feature empowers administrators to quickly and effectively identify critical security events, and aids in the prevention of potential security breaches, as well as evidence discovery. Searchable events include chat messages, file transfer, registry editor, session foreground window changed, and shell recordings. Successful matches in stored shell recordings automatically take the user to that point in time in the recording.
View details of each session. Session reports include basic session information along with links to session details, chat transcripts, and video recordings. Also included are details regarding the Access Approver Name, Email Address, and Comments for sessions that require approval. Additionally, the session report contains the Request Reason for sessions that require users to specify a reason for their access request.
|Session Recording Videos||Record and view annotated videos of sessions and command shell sessions, including command shell sessions.|
|Summary Reports||See an overview of user activity over time.|
|Team Activity Reports||View details of activity within a team, including login and logout times, team chats, and files shared.|
GDPR Pseudonymization Support
Allow your organization to meet its GDPR initiatives with pseudonymization and consent support in BeyondTrust. BeyondTrust administrators can respond to Right to Erasure requests by searching for specific criteria supplied by the requester. Once reviewed, the results can be anonymized with an automatically generated term or a custom replacement.
Features for System Administrators
|Mass Deployment||Install BeyondTrust applications on multiple systems simultaneously.|
|Extractable Access Console||Download a mass-deployable access console to distribute to users prior to or in parallel with upgrading the B Series Appliance.|
|Mass Deployment Installers||Create mass deployable installer packages for access consoles and Jump Clients.|
|Mass Import of Endpoints||When creating a large number of Jump shortcuts, you can import them via a spreadsheet in the /login interface or via the API. Importing Jump Items saves time and effort over manually adding each one in the access console.|
|Identity Management||Define BeyondTrust accounts using existing data on directory servers.|
|LDAP/Active Directory||Use LDAP/Active Directory to manage BeyondTrust users.|
|RADIUS [Multifactor]||Use RADIUS for authentication.|
|Kerberos [Single Sign-on]||Use Kerberos for single sign-on.|
|Let's Encrypt Support||Let's Encrypt is a service provided by the Internet Security Research Group (ISRG). It is a free, automated, and open certificate authority (CA). In /appliance, you can request and automatically renew SSL/TLS certificates used by your B Series Appliance. Let's Encrypt is configured in the SSL/TLS Configuration section in /appliance for on-premises deployments and the Appliance tab for Cloud deployments.|
SAML [Single Sign-on]
|Use SAML with an Identity Provider to authenticate BeyondTrust users. Admins can set launching the /login or the /console interfaces after using an IdP. SAML can also be used to log directly into /appliance.|
|Password Managers||Use a password manager such as 1Password or LastPass to log into a mobile access console.|
|SCIM [Provisioning]||Use SCIM for user provisioning.|
TLS 1.3 Protocol
|Transportation Layer Security protocol 1.3 is used to ensure secure communication between browsers and webservers. Symmetric cryptography is used to encrypt the data transmitted. The keys are uniquely generated for each connection and are based on a shared secret negotiated at the beginning of the session.|
|Outbound Proxy Support||A proxy server can be used to send outbound events to a single destination rather than multiple applications. This feature allows administrators to control dataflow from B Series Appliances for outbound events and APIs. This feature allows you to test the connection to verify your settings are correct.|
|Backup and Redundancy||Monitor and back up the B Series Appliance.|
|Backup Integration Client||Schedule automatic retrieval and storage of software backups.|
|B Series Appliance Failover||Define and automate redundancy and failover options.|
|BeyondTrust Atlas Cluster Technology||Atlas technology is available for Privileged Remote Access. With Atlas technology, organizations can manage multiple B Series Appliances across the globe from a single administration interface.|
Combine your system's physical network interface controllers (NICs) into a single logical interface, adding an additional layer of fault tolerance for your B Series Appliance.
|Appliance Migration||Migrate from one appliance type to another.|
Appliance Migration Tool
Administrators can use the application migration tool to move from an on-premises appliance to a cloud-based appliance, as well as migrate from a physical appliance deployment to a different deployment type. This functionality can be set up under the new section at /login > Management > Software > Site Migration. It allows API-based communication between the appliances and supports migrations from version 19.2.4 to current.
|Integration||Integrate BeyondTrust with external systems.|
|BeyondInsight Integration: Reporting and Session Details||Administrators can leverage the BeyondInsight platform for session details and reports of Privileged Remote Access sessions. This integration includes a Dashboard view for Privileged Remote Access sessions, which users can access in the BeyondInsight interface. Administrators who utilize the existing reporting functionality of /login can continue to view session details, reports, and session recordings in the /login interface.|
|DevOps Secrets Safe Integration||This functionality allows for an integration to DevOps Secrets Safe in the /appliance interface, expanding the options for storing secrets off the appliance for expanded security.|
|Change Management Workflow Integrations||BeyondTrust access requests can now require a Ticket ID to be entered as part of the request process. Once entered, the request is sent to your change management system where it can programmatically be denied or allowed using the BeyondTrust API.|
|Custom Links||Configure custom links to include a variable for a session's external key, pointing the URL to an associated CRM record. A user can access this link from within a session.|
|API||Integrate with external systems and set API permissions.|
|Custom Fields||Create custom API fields to gather information about the endpoint, enabling you to more deeply integrate BeyondTrust into your organization. You can also make fields and their values visible in the access console.|
|SNMP Monitoring||Monitor the B Series Appliance using Simple Network Management Protocol (SNMP).
SNMP has been enhanced to include v3 support. With the update to Base 6.1, you can set up SNMP v3 and v2 on the /appliance interface. If you want to use SNMP v2 and v3, this change allows for flexibility as you migrate the configuration.
|Syslog Integration||Send log messages to an external syslog server.|
|Integration Client||Transfer session logs, session recordings, and software backups from the B Series Appliance to an external system. Supported systems are Windows-based file systems and Microsoft SQL server. Schedule data transfers to take place automatically.|
Utilize SCIM 2.0 REST Endpoints to provision users and groups to the available security providers.
For more information on DevOps Secrets Safe Integration, please see Secure Secrets Management for Enterprise DevOps.
Additional Integration Options
Additional integration options are available to BeyondTrust customers. Some integrations must be purchased separately from the BeyondTrust software. Contact BeyondTrust Sales for details.
Service Desk/Systems Management Integrations
Automate your integration of BeyondTrust with various service desk and systems management tools by requesting pre-packaged integration adapters, drastically reducing integration time.
|Contact BeyondTrust Sales.|
Use the BeyondTrust API to create a simple integration between your CRM and BeyondTrust, allowing users to access a CRM record directly from the BeyondTrust access console.
BeyondTrust API 1.19.0+
For a list of which API versions correspond with which BeyondTrust software versions, see www.beyondtrust.com/docs/privileged-remote-access/how-to/integrations/api/api-version-reference.htm
3rd Party Professional Integration Services
Because BeyondTrust's API and Integration Client conform to industry protocols, it is possible for customers to contract with a third-party professional services provider to outsource integration needs.
|Contact BeyondTrust Sales for references.|
BeyondTrust Professional Services
Contract with BeyondTrust for custom integration needs.
|Contact BeyondTrust Sales.|
Programmatically import BeyondTrust access control logs into your SIEM tool and leverage your password management solution for privileged endpoints.
Contact BeyondTrust Sales.