Log in Using SAML Single Sign-On

Representatives can utilize SAML single sign-on to gain access to the representative console or /login interface. Customers can utilize SAML single sign-on to gain access to the public support portal. Alternatively, a login can be initiated from the identity provider's side.

Log in to the Representative Console Using SAML Credentials

Rep Console Login with SAML

  1. Select SAML Credentials from the dropdown menu.


SAML IDP login

  1. If you have not yet logged into your identity provider, you will be redirected using the default browser.


  1. Once authenticated, a BeyondTrust representative console script is downloaded to gain access to the representative console.

The BRCS file that is downloaded is configured by default to open the representative console. Most browsers can be configured to do this automatically, which will keep the representative from having to execute the script with each login.

Representatives can access the mobile representative console using SAML for mobile. For more information, please see:

Log in to the /login Interface using SAML Credentials

/login SAML Authentication

  1. From the /login interface, select Use SAML Authentication.


SAML IDP login

  1. If you have not yet logged in to your identity provider, you will be redirected to their site to enter your credentials.


  1. Click Sign In. You are taken to the /login interface.

If you are already logged into your identity provider when you click Use SAML Authentication, you are taken directly to the /login interface.

Log in to the Public Portal Using SAML Credentials

Customer Support Portal - Portal Login

A customer can access the public support portal using the URL provided by a representative. If SAML authentication is configured and enabled for the public site, the customer is presented with the Portal Login window. The customer must click Login and then provide credentials to authenticate with the identity provider.


Authenticated Support Portal page showing customer name and email auto-poputated

The customer is then taken to the support portal page where they can submit their request for support. The customer's name and any custom fields that are configured, such as email, are automatically populated and are not editable.


Check mark next to customer's name in rep console to indicate user is public portal authenticated

A green check mark is displayed next to the customer's name in the representative console chat window to indicate the user is public portal authenticated.


Log in to BeyondTrust from the Identity Provider Side

Login in from Identity Provider

Depending on your identity provider, you can opt to log in to your BeyondTrust representative console, public portal, or /login interface from the provider's web site. In this example, the provider has icons for BeyondTrust applications. Simply log in to your provider's site, and then click on the application you want to use.