Prerequisites for the BeyondTrust Remote Support Integration with Salesforce


You must purchase this integration separately from both your BeyondTrust software and your Salesforce solution. For more information, contact BeyondTrust sales.

Outlined below are requirements for the BeyondTrust integration with If any of the integration requirements are not yet met, they must be in place prior to starting the integration setup process unless the associated features of the integration are not required.


As of summer 2016, now supports a new user interface called Lightning. This interface is vastly different from the classic interface. For the purposes of this installation guide, we advise that you switch to the classic user interface, and we assume that you are using that interface to complete the installation of this integration. This guide discusses the Lightning UI only in a few locations.

Base Integration Requirements

  • Secure Remote Access Appliance (physical or virtual) with:
    • BeyondTrust Remote Support: 14.2.x and newer
    • At least one usable representative console which can generate session keys
    • A working BeyondTrust public site through which users can connect to representatives
  • Network firewall rules to allow:
    • TCP 443 traffic from the Secure Remote Access Appliance to reach the appropriate instance
    • TCP 443 traffic from the appropriate instance to reach the Secure Remote Access Appliance
  • A working instance.

Firewall Test

It is important to test all requirements of the integration prior to beginning setup. Most of these can be tested by the BeyondTrust and administrators within their respective systems, but to test the network firewall, the BeyondTrust admin should take the following steps to confirm that the necessary rules are in place:

  1. Log into a machine either external to the Secure Remote Access Appliance's network or in the same VPN as the instance, depending on how connects to the appliance's network.
  2. Log into the Secure Remote Access Appliance's /appliance interface.
  3. Browse to Support > Utilities :: TCP Connection Test.
  4. Enter the hostname of the instance, enter the port number of 443, and click Test. The result should be a Connected status message.

Do not enter the protocol of the instance (e.g., Instead, use the fully qualified domain name only (e.g., In most environments, the Secure Remote Access Appliance resides in a DMZ network and has a public DNS address, which contacts over the public internet. In some environments, BeyondTrust is not publicly accessible. In these cases, you should communicate with your technical contact about implementing a VPN connection to your internal network for