Privileged Remote Access 21.1.1 Release Notes

April 20, 2021

Requirements:

  • This version of Privileged Remote Access has been certified for physical BeyondTrust Appliances, virtual BeyondTrust Appliances, and cloud deployment models.
  • This release requires Base software Base 6.1.0.

New Features and Enhancements:

  • Vault accounts can now be checked out directly from the access console.
  • Added Bring Your Own Tools (BYOT) functionality to enable users to leverage their existing native RDP tool for Remote RDP Jump Shortcuts, while maintaining the benefits of the audit trail and session recordings. This new setting enables Remote RDP Jump Shortcuts to include existing native RDP functionality, expanding Jump Item capabilities and improving user experience.
  • Endpoint Credential Managers (ECMs) have been enhanced and can now be mapped to Jump Groups. This optional functionality allows administrators using multiple disconnected credential providers, such as Managed Service Providers, to support disconnected environments while leveraging the internal credential providers on those networks for the associated Jump Group. This functionality is not standard; for more information please contact BeyondTrust Technical Support.
  • Administrators can enable vendor users to request or sign up for access through a customizable portal page. Administrators can now create and customize portal pages for specific vendors, allowing users to register for the access they need, when they need it.
  • Web Jump has been enhanced to support web applications that require the user to open more than a single tab during the course of their session.
  • Added new product icons.
  • The Pre-Login Agreement is now available in the native access console.
  • Passwords are now masked in the Check Out window in /login and access console.
  • Vault account statuses now have their own column.
  • Added an option under Teams to restrict Dashboard Session access based on the Start Session permission.
  • Added a Direct Download Link to the Create Jump Client Deployment page.
  • Added a Search field to the existing Policy Members side of the Edit Policy page.
  • Increased the max number of Vendor Groups to 50.
  • Default first login option for native rep console.
  • Added a Test button to the Outbound Proxy configuration.
  • Added Full Screen and Multiple-Monitor support to RDP.
  • Added High DPI support to the Rep Console and Jumpoint Configuration.
  • We now display a Failed Login count and Lockouts for API accounts.
  • Virtual Smart Card now has extended APDU support.
  • Granular Clipboard permissions.
  • PRA now supports macOS 11 Big Sur.
  • Headless Jump Client support on Raspberry Pi OS.
  • Jump Client based Account Management.
  • Vault Reporting Enhancements.
    • Vault Account activity may now be downloaded.
    • Added the System filter for use when searching Vault Reports.
    • Added the User, API Account, and System prefixes to the Performed by column.
    • We now display the Endpoint name beside the Account name in Vault Activity Reports.
    • The API can now be used to download Vault Activity Reports.
  • Configuration API additions:
    • Vault
      • GET /vault/account-group
      • POST /vault/account-group
      • GET /vault/account-group/<id>
      • PATCH /vault/account-group/<id>
      • DELETE /vault/account-group/<account_group_id>/account/<account_id>
      • POST /vault/account-group/<account_group_id>/account
      • GET /vault/account-group/<account_group_id>/account/<account_id>
      • GET /vault/account-group/<id>/account
      • DELETE /vault/account-group/<account_group_id>/user/<user_id>
      • PATCH /vault/account-group/<account_group_id>/user/<user_id>
      • POST /vault/account-group/<account_group_id>/user
      • GET /vault/account-group/<account_group_id>/user/<user_id>
      • GET /vault/account-group/<id>/user
      • GET /vault/account/<id>/user
      • DELETE /vault/account/<account_id>/user/<user_id>

Important Information for This Release:

Due to changing industry standards, XP client support has been removed in 21.1. Customers who require client support for this operating system should remain on Privileged Remote Access version 20.2.3.

Issues Resolved:

  • Administrative Interface
    • API
      • Updated API version to 1.21.0.
      • Resolved issue with the network restrictions for /login affecting the API accounts.
    • Security Providers
      • Resolved issue with the LDAP Server address sometimes not displaying properly.
    • Vault
      • Resolved issue with being able to change a checked-out password if an Edit password windows was left open.
      • Resolved issue with not displaying long Account Group names correctly.
      • Resolved issue with the Password Age not being displayed correctly for disabled accounts displayed after a Discovery operation on Jumpoints.
      • Resolved issue in which Scheduled Rotation was not taking into account the Automatically Rotate Credentials after Check In setting.
      • Resolved issue with an error message being displayed during a Jump Client Discovery when the Vault Admin had permissions for Jump Groups, but not Edit Jump Groups.
    • Vendor
      • Resolved issue in which Approve Account and Reactivate Account both displayed for Vendor Users that had not yet been approved.
      • Resolved issue with not being able to reset the Multi-Factor Authentication of a Vendor User.
    • Failover
      • Resolved issue with failover sometimes taking longer than expected in virtual environments.
    • Text Updates
      • Updated MSI Installer examples to include double quotes around the KEY_INFO value.
      • Updated a Jump Client Discovery error message.
      • Updated an error message that occured when logging into the Mobile Access Console when mobile access had been removed.
    • Miscellaneous
      • Resolved issue in which an error message would display when opening the access console settings.
      • Updated the Jump Navigation icon.
      • Resolved issue with the Progress Bar not updating when upgrading through /login.
  • Clients
    • Access Console
      • Resolved issue with Screen Sharing not restarting after using Annotations.
      • Resolved issue with Screen Sharing in some VDI environments.
      • The Access Console now drops out of Full Screen mode after clicking links in Chat that launch external applications.
      • PRA now displays a spinner on login to the access console if there is a lot of data to display, such as Pre-Login Agreements.
      • Resolved issue in which AltGr key combinations did not work in Remote VNC.
      • Resolved issue in which Screen Sharing did not start automatically after running a lot of sessions.
      • Resolved issue with using key combinations such as Control-A or Command-A to copy all of the text from the access console chat window.
      • Resolved issue in which Dashboard Team Leads were able to monitor Team Managers.
      • Resolved issue in which the number of monitors changed during a session.
      • PRA Now clears out the access console’s cache directory during rep console upgrades.
      • Resolved issue in which switching between scaled and actual Screen Sharing sizes caused a delay in user input to be received.
    • Jump Client
      • Resolved issue in which Windows Jump Clients sometimes left behind Add/Remove Program entries after an upgrade.
      • PRA now attempts to remove any unused Windows Jump Client service names.
      • Resolved issue in which Linux Jump Clients sometimes timed out when a session was started.
    • Jumpoint
      • 32bit Jumpoints are no longer supported.
      • Resolved issue in which Linux Jumpoints did not add SSH fingerprints to the Jumpoint’s known_hosts file.
      • Resolved issue in which some clients disconnected behind a Jump Zone Proxy.
      • Resolved issue with Jumpoints installed in domains without a DnsDomainName.
      • Resolved issue with connecting to vPro sessions when session recordings were enabled.
    • Miscellaneous

      • Updated Virtual Smart Card to version 1.2.2.2.

Notes:

  • Supports upgrades from Privileged Remote Access 20.1.3 PA+.
  • Supports ThinClient Protocol 2.1 and 2.2.
  • Requires Integration Client 1.7.3.
  • Requires Endpoint Credential Manager (ECM) 1.5.0.
  • This release is certified with the following mobile versions: