Privileged Remote Access 22.3.1
September 6, 2022
- This version of Privileged Remote Access has been certified for physical BeyondTrust Appliances, virtual BeyondTrust Appliances, and cloud deployment models.
- 22.3.1 PA requires Base 6.2.0.
New Features and Enhancements:
- Global search for settings and sections is now available in /login.
- Web access console now supports RDP file transfer.
- Web access console now supports dark mode.
- We have added the ability to disable/control how Jump Clients upgrade. Disabling automatic upgrades will require the Jump Client to update before a session will start.
- Jump Clients can now connect through Atlas environment traffic nodes.
- Jump Approval Improvements:
- PRA users can now approve Jump requests.
- Active Jump approval requests can now be canceled.
- Jump approvals can now overlap, allowing different users access to the same Jump Item simultaneously.
- The personal Vault account limit has been increased to 50.
- BYOT Jump Client Command shell. Users can now use their native terminals for Jump Client sessions.
- Command shell display settings. Users can now change their font, color, and size of displayed text.
- Linux Jumpoints now support VNC.
- Headless Linux Jumpoints and Jump Clients now include an optional system template file to aid in easier system service creation.
- Vault discovery jobs now detect any changes in the read-only attributes from previously imported accounts or endpoints and automatically update their data.
- Vault users now have the option to fix any out-of-sync management credentials via the new wrench icon on the Domains page.
- DLLN (domain\username) format is now supported as a Web Jump authentication option.
- Made improvements to Shell Jump file transfer speed.
- Made improvements to Command shell logging.
- Made improvements to RDP Clipboard file transfer from the endpoint machine to the user’s machine.
- Outbound Events Enhancements:
- Improved the retry logic for outbound events.
- Added a column on the Outbound Events page that shows a count of queued events as well as relevant errors.
- Configuration API Additions and Enhancements:
- Security Providers:
API Call Description GET security-provider <id> Returns all attributes of a security provider matching with given <id>. DELETE security-provider <id> /saml Removes existing Available Groups from a SAML provider matching with given <id>. PATCH security-provider <id> Updates attributes of a provider with the given <id>.
- Security Providers:
For 22.3, only the available_groups attribute for SAML providers is supported. Attempting to update attributes on non-SAML providers or attempting to update any other attribute besides available_groups will result in an error response.
- Protocol Tunnel Jump:
API Call Description GET protocol-tunnel-jump Returns a paginated list of Protocol Tunnel Jump Items. It is needed so that integrations can efficiently know which Protocol Tunnel Jump Items already exist in a PRA site GET protocol-tunnel-jump <id> Returns details of a Protocol Tunnel Jump Item resource with the given <id>. POST protocol-tunnel-jump Creates a new Protocol Tunnel Jump Item. PATCH protocol-tunnel-jump <id> Modifies the existing Protocol Tunnel Jump Item with the given <id>. DELETE protocol-tunnel-jump <id> Deletes the existing Protocol Tunnel Jump Item matching the given <id>. POST protocol-tunnel-jump <id> /copy Creates a copy of an existing Protocol Tunnel Jump Item.
- Administrative Interface:
- Resolved issue with the Vault Reporting page Back to Search sometimes not saving the search criteria.
- Now only reports endpoints that PRA can connect to during discovery.
- Resolved issue with upgrading the site while rotation retry attempts were not complete.
- Resolved issue with scheduled rotation failing when there were a large number of expired accounts.
- Resolved issue with discovery failing with large numbers of OUs.
- Text Updates:
- Updated the Help text for RDP Jump Items to include the lossless video format.
- Resolved issue with verbiage in the 22.2 feature description for Web Jump multi-tab improvements.
- The Jump Client Global connection rate for Jump Clients option has been moved from the Upgrade section to the Miscellaneous section.
- Resolved issue with various search boxes in /login not filtering the percent (%) character correctly.
- Resolved issue with LastPass preventing the saving of fields on certain pages.
- Resolved issue with approving vendors if the vendor invite email failed to be sent out.
- We now prompt to overwrite existing canned scripts if the name already exists.
- Resolved issue with the Jump Client Statistics Update Interval not always saving correctly.
- Access Console:
- Various dark mode tweaks.
- Resolved issue in which BYOT SSH Jumps prompted for a password even when SSH key forwarding was enabled in Putty.
- Resolved a graphical issue with selecting the System Info tab first after starting a session.
- Sorting by installed on is now disabled on the System Info > Programs tab as per Microsoft’s recommendation of the data in that field.
- Resolved issue with Ctrl + character key combinations during screen sharing with the endpoint system using a Hebrew keyboard.
- Web Access Console:
- Resolved issue with the email fields generated from the web access console for external rep invites.
- Resolved issue with long names not formatting correctly in the columns of the web access console.
- Resolved issue with unassociated accounts not working properly during credential injection in the web access console.
- Resolved issue with the wrong error message being displayed when the access console needed to be redownloaded from /login.
- Jump Client:
- Resolved issue with Jump Client silent uninstall displaying a window during uninstall.
- Shell Jump:
- Made Shell Jump session performance and responsiveness improvements.
- Resolved issue that occured when a Rep running Windows pressed the Insert key, which caused the customer session running on a Mac to enter Mac Help Mode.
- Resolved issue with the MacBook Touch Bar being disabled during screen sharing sessions.
- Resolved issue with a timeout error being displayed prematurely displayed if the user waited more than 30 seconds to accept a certificate warning.
- Access Console:
- Supports upgrades from Privileged Remote Access 22.1.4 PA+.
- Requires Integration Client 1.7.3.
- Requires Endpoint Credential Manager (ECM) 1.6.0.
- 22.3.1 PA includes VSC 18.104.22.168.
- This release is certified with the following mobile versions: