Privileged Remote Access 22.3.1 Release Notes

September 6, 2022

Requirements:

  • This version of Privileged Remote Access has been certified for physical BeyondTrust Appliances, virtual BeyondTrust Appliances, and cloud deployment models.
  • 22.3.1 PA requires Base 6.2.0.

New Features and Enhancements:

  • Global search for settings and sections is now available in /login.
  • Web access console now supports RDP file transfer.
  • Web access console now supports dark mode.
  • Jump Client upgrade flexibility.
  • Jump Clients can now connect through Atlas environment traffic nodes.
  • Jump Approval Improvements:
    • PRA users can now approve Jump requests.
    • Active Jump approval requests can now be canceled.
    • Jump approvals can now overlap, allowing different users access to the same Jump Item simultaneously.
  • The personal Vault account limit has been increased to 50.
  • BYOT Jump Client Command shell. Users can now use their native terminals for Jump Client sessions.
  • Command shell display settings. Users can now change their font, color, and size of displayed text.
  • Linux Jumpoints now support VNC.
  • Headless Linux Jumpoints and Jump Clients now include an optional system template file to aid in easier system service creation.
  • Vault discovery jobs now detect any changes in the read-only attributes from previously imported accounts or endpoints and automatically update their data.
  • Vault users now have the option to fix any out-of-sync management credentials via the new wrench icon on the Domains page.
  • DLLN (domain\username) format is now supported as a Web Jump authentication option.
  • Made improvements to Shell Jump file transfer speed.
  • Made improvements to Command shell logging.
  • Made improvements to RDP Clipboard file transfer from the endpoint machine to the user’s machine.
  • Outbound Events Enhancements:
    • Improved the retry logic for outbound events.
    • Added a column on the Outbound Events page that shows a count of queued events as well as relevant errors.
  • Configuration API Additions and Enhancements:
    • Security Providers:
      API Call Description
      GET security-provider <id> Returns all attributes of a security provider matching with given <id>.
      DELETE security-provider <id> /saml Removes existing Available Groups from a SAML provider matching with given <id>.
      PATCH security-provider <id> Updates attributes of a provider with the given <id>.

For 22.3, only the available_groups attribute for SAML providers is supported. Attempting to update attributes on non-SAML providers or attempting to update any other attribute besides available_groups will result in an error response.

    • Protocol Tunnel Jump:
      API Call Description
      GET protocol-tunnel-jump Returns a paginated list of Protocol Tunnel Jump Items. It is needed so that integrations can efficiently know which Protocol Tunnel Jump Items already exist in a PRA site
      GET protocol-tunnel-jump <id> Returns details of a Protocol Tunnel Jump Item resource with the given <id>.
      POST protocol-tunnel-jump Creates a new Protocol Tunnel Jump Item.
      PATCH protocol-tunnel-jump <id> Modifies the existing Protocol Tunnel Jump Item with the given <id>.
      DELETE protocol-tunnel-jump <id> Deletes the existing Protocol Tunnel Jump Item matching the given <id>.
      POST protocol-tunnel-jump <id> /copy Creates a copy of an existing Protocol Tunnel Jump Item.

Issues Resolved:

  • Administrative Interface:
    • Reporting: 
      • Resolved issue with the Vault Reporting page Back to Search sometimes not saving the search criteria.
    • Vault:
      • Now only reports endpoints that PRA can connect to during discovery.
      • Resolved issue with upgrading the site while rotation retry attempts were not complete.
      • Resolved issue with scheduled rotation failing when there were a large number of expired accounts.
      • Resolved issue with discovery failing with large numbers of OUs.
    • Text Updates:
      • Updated the Help text for RDP Jump Items to include the lossless video format.
      • Resolved issue with verbiage in the 22.2 feature description for Web Jump multi-tab improvements.
    • Miscellaneous:
      • The Jump Client Global connection rate for Jump Clients option has been moved from the Upgrade section to the Miscellaneous section.
      • Resolved issue with various search boxes in /login not filtering the percent (%) character correctly.
      • Resolved issue with LastPass preventing the saving of fields on certain pages.
      • Resolved issue with approving vendors if the vendor invite email failed to be sent out.
      • We now prompt to overwrite existing canned scripts if the name already exists.
      • Resolved issue with the Jump Client Statistics Update Interval not always saving correctly.
  • Clients:
    • Access Console:
      • Various dark mode tweaks.
      • Resolved issue in which BYOT SSH Jumps prompted for a password even when SSH key forwarding was enabled in Putty.
      • Resolved a graphical issue with selecting the System Info tab first after starting a session.
      • Sorting by installed on is now disabled on the System Info > Programs tab as per Microsoft’s recommendation of the data in that field.
      • Resolved issue with Ctrl + character key combinations during screen sharing with the endpoint system using a Hebrew keyboard.
    • Web Access Console:
      • Resolved issue with the email fields generated from the web access console for external rep invites.
      • Resolved issue with long names not formatting correctly in the columns of the web access console.
      • Resolved issue with unassociated accounts not working properly during credential injection in the web access console.
      • Resolved issue with the wrong error message being displayed when the access console needed to be redownloaded from /login.
    • Jump Client:
      • Resolved issue with Jump Client silent uninstall displaying a window during uninstall.
    • Shell Jump:
      • Made Shell Jump session performance and responsiveness improvements.
    • Mac:
      • Resolved issue that occured when a Rep running Windows pressed the Insert key, which caused the customer session running on a Mac to enter Mac Help Mode.
      • Resolved issue with the MacBook Touch Bar being disabled during screen sharing sessions.
    • RDP:
      • Resolved issue with a timeout error being displayed prematurely displayed if the user waited more than 30 seconds to accept a certificate warning.

Notes:

  • Supports upgrades from Privileged Remote Access 22.1.4 PA+.
  • Requires Integration Client 1.7.3.
  • Requires Endpoint Credential Manager (ECM) 1.6.0.
  • 22.3.1 PA includes VSC 1.2.5.3.
  • This release is certified with the following mobile versions: