Launch the Web Rep Console

The web rep console enables you to use a web-based representative console to securely support customers and access remote systems by connecting to them remotely through the B Series Appliance. To begin using the web rep console to support customers, follow the steps outlined below.

Representatives using a Chrome OS device to support customers can use only the web rep console.

Launch the Web Rep Console Using /console

This is the quickest way to access the web console.

Web Rep Console

  1. In the address bar of your browser, enter your BeyondTrust site host name followed by /console, for example, access.example.com/console.
  2. Enter the username and password associated with your BeyondTrust user account.
  3. Click Login to start your web-based representative console session.

FIDO2-certified authenticators can be used to securely log in to the desktop representative console, web rep console, and the /login administrative interface without entering your password. You can register up to 10 authenticators.

If passwordless login has been enabled, Authenticate Using may default to Passwordless FIDO2, or it can be selected. The exact process for passwordless login depends on the type of device and manufacturer.

You can enable passwordless login and set the default authentication after logging into the /login administrative interface, by navigating to Management > Security, and then registering passwordless authenticators at My Account > Security.

Passwordless login for the desktop representative console on macOS or Linux systems is supported only for roaming authenticators (such as the YubiKey hardware security keys). Platform or integrated authenticators (such as Face ID and fingerprint scanners) are not supported for the desktop desktop representative console login when using macOS or Linux systems.

Launch the Web Rep Console Using /login

By default, this option is not available. To launch the web console from the /login administrative interface, you must navigate to Management > Security and check Allow Mobile Representative Console and Web Rep Console to Connect.

  1. In the address bar of your browser, enter your BeyondTrust site host name followed by /login, for example, access.example.com/login.
  2. Enter the username and password associated with your BeyondTrust user account, and click Login, or log in using passwordless authentication.
  3. Click Consoles & Downloads in the left menu, or click the user icon in the upper-right corner of the screen. The image below shows both options selected.

Both options for logging into the web rep console.

  1. Click Launch Web Rep Console on the Consoles & Downloads screen or on the user options window.
  2. The web rep console opens in a new tab, and you can begin working with endpoints.

Web Rep Console Interface with Logout button highlighted.

To log out of the web rep console, click the user icon in the upper-right corner of the screen and click Log Out. This does not log you out of the /login administrative interface. To log out of the /login administrative interface, click the user icon in the upper-right corner of that screen and click Log Out.

Web Rep Console Preferences

Web rep Preferences menu.

The language and color scheme options visible when the user icon is clicked in the /login administrative interface affect only that interface. To set preferences in the web rep console, click the user icon in the upper-right corner of the web rep console, and then click Preferences. Select your preferences in the pop-up window.

 

Web Rep Preferences menu options.

Select your preferred color scheme. You can switch between Light and Dark modes, or System, which uses whatever mode is selected for your system.

Select any of the automatic options you would like to use:

  • Automatically collapse the Session Queues panel when a session is selected.
  • Automatically collapse the Jump Groups panel when a Jump Item is selected.
  • Automatically open the chat sidebar in new sessions.
  • Automatically lock the chat sidebar open in new sessions.
  • Automatically collapse the Volumes panel when a file is selected in the File Transfer view.

Log in Directly to the Web Rep Console Using SAML

It is possible to configure an application or tile in a SAML identity provider (IdP), (like the tiles used to log into Okta and similar applications) that takes you directly to the web rep console rather than to /login.

To configure this, you must:

  • Set up application in the IdP as you would for /login
  • Change the RelayState parameter to the word console (lowercase, no /, etc.)

There are two parts to the SAML configuration: the IdP and service provider (SP). In this instance you are the SP, and the SAML service is the IdP (OneLogin, Okta, and similar). Currently, you can export metadata from the SAML security provider on /login (in the Service Provider section), which you can then import into the IdP to help configure the SAML side. If, as part of this configuration, you set the RelayState parameter to console, then any login initiated from the IdP (for example, clicking the tile in Okta) sends you to the web rep console rather than to /login.