BeyondTrust Remote Support 21.2 Available Features

Features for Support Representatives

Feature Name Description
Multi-Platform Support Customer Representative
Windows Windows 7 SP1
Windows POSReady 7
Windows 10 (1909 and lesser)
Windows 10 (2004 and 20H2)
Windows 10 IoT
Windows Server 2008 R2 & SP2
Windows Server 2012 R2
Windows Server 2016 - 2019
Windows 7 SP1
Windows 10 (1909 and lesser)
Windows 10 (2004 and 20H2)
Windows 10 IoT
Windows Server 2016 - 2019
macOS macOS 10.13 - 10.15
macOS 11 (Big Sur) x86 and xApple
macOS 10.13 - 10.15
macOS 11 (Big Sur) x86 and xApple
Linux Fedora 32 - 33
RedHat Enterprise 7.8 - 8.3
Ubuntu 18.04 and 20.04 LTS
Fedora 32 - 33
RedHat Enterprise 8.2 and 8.3

Ubuntu 18.04 and 20.04 LTS
Chrome OS Devices Chrome OS 56 + Support systems through the web rep console.
Mobile Devices Apple iOS 12.x - 14.x (iPhone, iPad, iPod) Apple iOS 12.x - 14.x (iPhone, iPad, iPod)
Android 6 - 11 Android 7 -11
Virtual Desktop Environments Citrix XenDesktop 5 and 7
VMWare View 5
VMWare Horizon View 6 and 7
Citrix XenApp 6.5 and 7.5 (Windows Server 2008 R2)
Citrix XenDesktop 5 and 7
VMWare View 5
VMWare Horizon View 6 and 7
Citrix XenApp 6.5 and 7.5 (Windows Server 2008 R2)
RS Virtual Appliances vSphere 5.1 - 6.7
Hyper-V Server 2012 R2 - 2016
Windows Server 2012 R2 - 2016 with Hyper-V role enabled
Attended Systems Laptops, Desktops, Mobile Devices
Unattended Systems Laptops, Desktops, Servers, ATMs, Kiosks, POS Systems, Android, Raspberry Pi, etc.
Network Devices Routers, Switches and Devices via SSH/Telnet
Multi-Language Support View BeyondTrust applications and interfaces in English, German, Latin American Spanish, EU Spanish, Finnish, EU French, Italian, Dutch, Brazilian Portuguese, EU Portuguese, Swedish, Turkish, Japanese, Simplified Chinese, Traditional Chinese, and Russian. BeyondTrust supports international character sets.
Support Toolset Use advanced troubleshooting tools to interact with remote systems.
3D Touch for iOS The BeyondTrust mobile representative console uses iOS 3D Touch Support capabilities offered by the 6s and 6s Plus devices to start sessions faster and more efficiently.

Android Support Client

The Android Support Client has been updated to support view and control on Android-based devices. This feature has been enhanced to allow chat notifications during the session with the end user when the app is in the background.
Annotations While screen sharing, use annotation tools to draw on the remote user's screen. Drawing tools, including a free-form pen and scalable shapes, can aid in training remote users. The Annotations tool is also available during presentations.
Application Sharing Allow customers to restrict screen sharing to specific applications.
BeyondTrust Cloud URL Bomgar Cloud is now BeyondTrust Cloud. New Cloud customers will now receive a URL when they sign up for BeyondTrust Cloud. As before, Cloud customers can choose to use a custom DNS name for their site, if desired.
Support Button Deploy a Get support button on remote computers and mobile devices. Centrally manage and report on all deployed Support Buttons.
BeyondTrust InSight

During a support session, an iOS or Android customer can stream live video to the representative from their mobile device using BeyondTrust InSight. Sharing remote, live camera footage while an issue is taking place provides the representative with an additional way to assist the customer in finding a resolution to their problem. While viewing the footage, the representative can make video annotations, freezing the frame and allowing the customer to view the camera annotation and take any necessary action while camera sharing.

Canned Scripts

Use pre-written scripts from either the Command Shell interface or the Screen Sharing interface, increasing session effectiveness.

Collaborative Browser Sharing Use real-time interaction with remote customers by co-browsing the web without using a full-support screen-sharing session.
Command Shell Directly access the command shell for system diagnostics, network troubleshooting, or low-bandwidth support, without screen sharing.
Console Usability Updates Several enhancements were made to the Representative Console to improve usability, such as remembering the last security provider used for login, remembering column layouts, and showing the last time an endpoint was rebooted.
Custom Links From within a session, click a button to open your browser to an associated CRM record or help desk ticket.
Custom Special Actions Create representative console special action shortcuts for tasks specific to your environment, streamlining the effort for your team to complete repetitive tasks.
Customer Chat Sounds Chat sounds are now always-on for your end users. Previously, a nudge that shakes the customer’s screen may have been required to get the attention of your end user if they didn’t notice the highlighted chat window. Now, they will always hear a chat sound when the Representative sends a chat message. This new feature is also helpful for organizations that need to comply with ADA (Americans with Disabilities Act) requirements.
Customizable Rep Notifications Granular configuration of which events trigger alerts in the representative console and upload custom audio files.
Elevate Customer Client Elevate the customer client to have administrative rights. Special actions can be run in the current user context or in system context.
Embedded Support Button Embed a Support Button within applications deployed throughout your enterprise, giving your customers direct, streamlined access to remote support sessions.
Favorite Credentials Used for Injection For users with the Credential Injection feature enabled, the Representative Console now displays the most likely credential needed for credential injection, based on usage history and account permissions. The recommended credentials will appear at the top of the credential drop down list, enabling users to get into sessions and elevate permissions faster.
File Transfer Transfer files to and from the remote file system.
iCloud Access for Mobile Apps

During a support session, an iOS customer can share files from the iCloud Drive or any other document storage provider available from their mobile device.

ITSM Workflow

It is possible to require a ticket as part of a session start, instead of letting the session create the ticket ID once it is sent to an ITSM.
Mobile Device Management (MDM) Support for iOS Customer Client The iOS Customer Client has been improved for deployment through Mobile Device Management solutions, such as Microsoft Intune. The Remote Support site URL can be pre-configured when deployed through a MDM. Representatives no longer need to type the URL when support is needed. In addition, the Remote Support site URL can be set as read-only so that your representatives can only connect to your B Series Appliance.

Mobile Device Management (MDM) Support for the Android Representative Console

The Android Representative Console has been improved for deployment through Mobile Device Management solutions, such as Microsoft Intune. The Remote Support site URL can be pre-configured when deployed through a MDM. Representatives no longer need to type the URL when access is required. In addition, the Remote Support site URL can be set as read-only so that representatives can only connect to your B Series Appliance.
RDP Multi-Monitor Support View multiple monitors on the remote desktop.
Multi-Session Support Run multiple simultaneous support sessions.
Peer-to-Peer Sessions Establish a direct connection between a support representative and an end-user, enhancing the performance of screen sharing, file transfer, and remote shell.
Public Portal Authentication You can require authentication for users accessing the Public Portal online. By using SAML (Security Assertion Markup Language), an open standard for exchanging authentication and authorization data between parties, representatives are able to gather information about users requesting support, such as their name, login name, and a recognizable email before starting a session. This not only eliminates the inconvenience of the user having to provide these details when the session starts, but it also gives representatives confidence in the identity of the person for whom they are providing support. By validating authentication, users and admins are able to gather additional data to satisfy internal and external compliance requirements.

Assign Public Portals to Support Teams

You can restrict which internal or external facing web portals or public facing web sites are used by a support team. This functionality creates more granular control and dynamic possibility on how a team interacts with the sites.
Reboot/Auto-Reconnect1 Reboot and automatically reconnect to the remote computer. The end-user can specify login credentials.
Remote Registry Editor Access and edit the remote Windows registry without requiring screen sharing.
Remote Screenshot Capture a screenshot of the remote system.
Representative Console Support remote computers, systems, and mobile devices through an interface designed specifically for support professionals and equipped with troubleshooting tools.
Restrict End-User Interaction2 Disable the end-user's mouse and keyboard input to avoid customer interference. Account permissions determine whether the customer can or cannot see the screen while you are working.
Session Notes Enter notes about support interactions. Session notes are accessible to collaborating representatives and appear in session reports.

Smart Card Support

In a support session, use authentication credentials contained on a smart card that physically resides on the representative's system. This feature has been enhanced to support Extended APDU.
SMS Session Start Send a session key via SMS to begin a remote support session with a mobile device.
Special Actions Access common actions such as Registry Editor, Event Viewer, System Restore, etc. Perform actions in User or System context.
Streamlined iOS Screen Sharing It is now easier than ever to start iOS screen sharing sessions with your end users. A new streamlined workflow is available for screen sharing using the updated iOS Customer Client for iOS 12.
System Generated Email Invites

Leverage the powerful BeyondTrustsupport session invitation email feature by sending email either through the representative's local email account or directly from a central email address. Even representatives without email access or representatives with enterprise email policy restrictions can send session emails.

System Information

View in-depth system information in an easily navigable interface. Interact with services and processes and uninstall software without requiring screen sharing.

Touch ID for iOS Log in to the mobile representative console using iOS's Touch ID capabilities.
Training & Presentation Give presentations to multiple attendees. In a support session, use Show My Screen to share your desktop with your customer.
View or Control View or control remote computers, servers and mobile devices.
Virtual Pointer Display a pointer on the customer's screen, even in view-only mode.
Wake-on-LAN Remotely support computers, even when they are turned off. Send Wake-on-LAN packets to a Jump Client host to turn on that computer, if the capability is enabled on the computer and its network.
Web Rep Console

Support remote systems through a web-based representative console. The web rep console removes the requirement of having to download and install the BeyondTrust representative console client, enabling quicker access.

Windows 10 Privacy Screen Privacy Screen helps prevent data leak by blanking the physical screen for endpoints that may have a monitor attached. Privacy screen support during a BeyondTrust session has been extended to Windows 10 endpoints.
Collaboration Work with other representatives and experts to resolve support cases.
Access Sponsor Request a sponsor to elevate your permissions on the remote system by joining the session to enter credentials on your behalf.
Embassy When supporting products or services provided by a third-party vendor, utilize the vendor's support resources.
Equilibrium Receive support session assignments based on comparative idle time and session load. Prioritize session routing automatically based on the areas of expertise covered by your representatives. By matching an issue to a skill set, you can prioritize the routing of support sessions to the best equipped representatives instead of merely the next available representative.
Extended Availability Representatives can be in notification mode. If invited to share a session, you will receive an email notification.
Intelligent Collaboration

Resolve issues more effectively by quickly engaging support collaboration with additional representatives based upon both their skill-sets and their availability.

Queues Accept support requests from team queues. Your personal queue contains both your active and pending sessions.
Rep Invite Invite anyone - internal or external - into a shared session with one-time, limited access.
Rep-to-Rep Screen Sharing Collaborate with other representatives by instantly sharing your screen with a team member.
Session Sharing & Transfer Collaborate with other representatives by sharing a session, or transfer a session to another representative or team.
Support Teams Collaborate with other representatives who share similar skill sets or areas of expertise. Based on issue type or severity, a support request may be routed to a team specialized to handle such problems.
Jump Technology Access unattended remote desktops, servers, and other systems.
Intel® vPro Gain in-depth control of remote systems, using Intel® vPro features such as BIOS access, IDE-R, remote KVM, and remote power options.
Jump Client Access any Windows, Mac, or Linux system. Add password-protection for security. Centrally manage and report on all deployed Jump Clients.

Jump Client Headless Support for Raspberry Pi OS

Enables Raspberry Pi secure access to allow privileged users to connect to more types of unattended systems, perform administrative actions, and secure who has access to manage these devices. May work on any Raspberry Pi device that runs Raspberry Pi OS, but only certified against Pi 3B+ and Pi 4B.

Supported Operating Systems:
  • Raspberry Pi OS Desktop (2020-08-20-raspios-buster-armhf)
  • Raspberry Pi OS Lite (2020-08-20-raspios-buster-armhf-lite)

Copy Jump Items

You can copy Jump Items and assign them to multiple Jump Groups. This allows setting separate policies and group permissions without requiring additional client installations on the endpoint. Users with appropriate permissions can right-click individual or multiple Jump Items to copy them.
Scripted Jump Automatically initiate a remote support session from an external program by launching a Jump Client on a remote computer.


Access unattended Windows and Linux systems on a network, with no pre-installed client. Connect through proxy servers by storing credentials.
Jumpoint Clustering Cluster Jumpoints to provide redundancy and load-balancing.
Jump Shortcuts (Desktop and Mobile)

Use Jump shortcuts for Local and Remote Jump, Shell Jump, RDP, VNC, and vPro to quickly access Jumpoints from the desktop or mobile version of the representative console.

In the mobile representative console, Jump Shortcuts are available only for Remote Jump, Shell Jump, VNC, and RDP.

Jump Zone Proxy Use a Jumpoint as a proxy to access systems on a remote network that do not have a native internet connection.
Microsoft Remote Desktop Protocol (RDP) Integration Conduct remote desktop protocol (RDP) sessions through BeyondTrust, with no configuration of endpoints required. Representatives can collaborate in sessions, and sessions can be automatically audited and recorded.
Most Recently Used Jump Items Most Recently Used Jump Items provides an easy way to find your most frequently accessed Jump Items which saves time by not having to search for frequently accessed endpoints.
Shell Jump Connect to SSH/telnet-enabled network devices through a deployed Jumpoint.
VNC Integration Connect to VNC servers through BeyondTrust. Users can collaborate in sessions, and sessions can be automatically audited and recorded.
Chat and Messaging Communicate easily with customers and other support personnel.


A set of APIs is available to handle inbound chat handoff and chat history from a bot. These APIs allow for an integration between the solutions so that end user experience can transition easily from one solution to another without needing to re-explain their issue.


Start support sessions with web-based chat, requiring no customer download. Sessions can be elevated if deeper support is needed. With the click of a button on the user’s site, customers can immediately connect with their IT or customer service team. This feature has been enhanced to allow for Click-to-Chat session start instead of starting the full client to maintain chat.

Chrome Browser Sharing

We have added the ability to allow for view-only screen sharing through click-to-chat sessions without a client download. This not only allows for greater support on the Chromebook but also applies to all Chrome browser click-to-chat sessions, which gives a better support experience and increased support. This feature helps with the transition of not needing to download a client for basic co-browse use cases.
Customer Client Chat with customers during both support and training sessions.
Canned Messages Access a library of chat responses to common questions.
Nudge Customer Client Send audible and visual alerts through the customer client when end-user interaction is needed.
Real-Time Chat Translations

Integrate with your GeoFluent account to have chat messages between a customer and a representative translated in real time.

Rep Avatar Display a representative photo in the customer client during a session, as well as in the /login interface.
Spell Check Catch misspellings and view suggested corrections.
URL/File Push Push a URL through the chat interface to launch a browser on the remote computer. Pushing a file through the chat interface prompts the customer to accept the download.
Team Chat Chat with all representatives on a team or with an individual.

Features for Support Managers

Feature Description
Support Portal Define and automate customer interaction.
Administrative Interface (/login) Redesign and Update The /login UI has been re-branded and redesigned to improve user experience. In an effort to streamline user workflow, changes in visual elements, layouts, and basic functionality contribute to a lighter, faster, and easier to use interface. The new design also allows for a more direct path to the most used features.
Agreements/Messages Customize messages for each portal. Options include: Customer Legal Agreement, Customer Greeting, On Hold Message, Orphaned Session Message, and Redirect URL.
Support Button Customize BeyondTrust’s single-click "Get support" icon.
Click-to-Chat Brand BeyondTrust's no-download, web-based chat option.
Connection Options Define how sessions begin for each portal: Representative List, Presentation List, Session Keys, Issue Submission, Click-to-Chat.
Customer Client Customize the branding and behavior of the BeyondTrust customer client, which is used by customers in remote sessions.
Custom Issue Submission From /login, create custom issue submissions to include in the issue submission form on your public portal.
Custom Watermark

Customize the in-session watermark using any image you like to personalize the support experience and to increase your customers' trust in the support you provide.

Exit Surveys Monitor customer satisfaction, and require representative comments on support sessions.
HTML Template Edit the HTML of the public site, uploading linked files to the file store.
Apple iOS Configuration Profiles Offer public or private, administrator-configured profiles to Apple iOS device users.
Customer Downloads Provide links for the customer to download the chat transcript and a video of the screen sharing session.
Customer Notices Post important notifications to the top of your support portal, additionally pushing these messages to all active customer clients.
Embedded Support Button

Embed a Support Button within applications deployed throughout your enterprise, giving your customers direct, streamlined access to remote support sessions.

Feedback to Customers in Queue Provide real-time status updates to waiting customers, informing them of their position in queue and the estimated wait time.
Multi-Language Support View BeyondTrust applications and interfaces in English, German, Latin American Spanish, EU Spanish, Finnish, EU French, Italian, Dutch, Brazilian Portuguese, EU Portuguese, Swedish, Turkish, Japanese, Simplified Chinese, Traditional Chinese, and Russian. BeyondTrust supports international character sets.
Post-Session Redirect Define a URL to automatically open when a customer exits a session.
Support Workflow

Use the representative survey to create detailed workflows, allowing representatives to complete the survey and follow up on steps provided by the administrator while the session is live.

User Management Centrally manage users and groups.
Access Sponsor Allow a lower tier representative to gain elevated privileges by requesting a sponsor to join the session to enter credentials on their behalf.
Administrative Dashboard Oversee team support activity, monitor representatives' sessions or desktops, and join, take over, or transfer sessions owned by someone else. See which team members are available to take sessions, are idle, are busy, or have session assignment disabled.
API Accounts Granularly define the accounts used for API access to the specific roles they serve. OAuth 2.0 is used for authenticating API accounts.

Configurable Login Banner

Configure a banner to display before users can log in to either the /login interface or the /appliance interface. If the banner is enabled, then users attempting to access either /login or /appliance must agree to the rules and restrictions you specify before being allowed to log in.

This feature has been enhanced. The Login Agreement can now be presented as part of the Representative Console as a granular setting. Administrators can choose where this agreement is displayed, and the same message is presented when launching the Representative Console or accessing the web administration interface.
Delegated Password Administration Delegate the task of resetting local users' passwords to privileged users, without also granting full administrator permissions.
Embassy (External Support Teams) Grant limited access to teams of vendors to receive support or utilize vendors' resources in support calls.
Group Policies Define BeyondTrust user account permissions for entire groups of users. Group policies integrate easily with external directory stores to assign permissions based on your existing structures.
Inactive Session Timeout Remove an idle representative from a support session after a specified time of inactivity.
License Monitoring Receive email alerts on license usage and run reports on peak license utilization.
License Pools

License pools provide expanded flexibility to license management. Configure pools to reflect the structure of your support organization and ensure that each pool has the exact licenses to which it is entitled.

Message Broadcast Send a pop-up message to all users logged into the representative console.
Multi-Factor Authentication

Gain the security of multi-factor authentication for your local and LDAP user accounts by enabling time-based, one-time passwords. When logging into BeyondTrust, users must provide a one-time password generated by a separate device or app.

Multiple /appliance User Accounts

Create multiple user accounts for the /appliance interface. Set rules regarding account lockouts and password requirements.

Representative Console Device Verification Enforce the networks on which your representative consoles may be used, or require two factor authentication to log in to the representative console.
Rep Invite Create profiles so that representatives can invite anyone - internal or external - into a shared session with one-time, limited access.
Rep Login Schedule

Exert control over access to the representative console, restricting when representatives can be logged into the representative console.

Restrict Rep Access to Customer Client To strengthen security, prevent representatives from interacting with the customer client while screen sharing.
Separate Display Names for Reps Protect representatives' privacy by allowing them to set two display names - one for internal use and one for external use.
Session Permission Policies Customize support session security permissions to fit specific support scenarios, not just specific representatives. You can change the permissions allowed in a support session based on the support portal the customer came through or even the specific endpoint being supported. Session permission policies provide flexibility in building the security model for each specific support scenario.
Support Teams Create support teams based on skill set or experience level.
Team Collaboration Define how multiple teams may interact.
Templates Copy an existing security provider, session policy, or group policy to create a new object with similar settings. You also can export a session policy or group policy and import those permissions into a policy on another site.
User Accounts Create an unlimited number of named rep accounts.
User Account Details Reporting Export account information about your representatives for auditing purposes.
User Collaboration Define support session sharing and transfer options.
Routing Automation Automate routing of support requests, and balance support load.
Automatic Session Distribution Quickly and effectively route support sessions to the most appropriately skilled representative.
Equilibrium Receive support session assignments based on comparative idle time and session load. Prioritize session routing automatically based on the areas of expertise covered by your representatives. Alert representatives of sessions with high wait times or route overdue sessions to overflow queues.
Intelligent Collaboration

Resolve issues more effectively by quickly engaging support collaboration with additional representatives based upon both their skill-sets and their availability.

Issue Submission Implement issue submission on your public site to direct support requests to the team designated to handle the selected issue.
Persistent Queue Allow queues to be available for customer sessions to start even when no representatives are available. This provides additional flexibility for custom session routing management.
Queues Assign issues to support teams so that customers facing a particular type of problem will be routed to the correct team queue.
Support Toolset Equip your support representatives on a user, team, or site basis.
Canned Messages Store responses to common questions to help representatives be more efficient and consistent while chatting with customers.
Canned Scripts and Custom Special Actions Create command shell scripts and custom special actions for representatives to run during sessions, increasing efficiency by automating common processes.
Centralized Representative Console Settings Define the representative console settings for your entire help desk. Enforce settings to ensure a consistent support experience.
Jump Technology

Create Jump Item Roles to easily assign distinct sets of Jump Item permissions to users.

Collect Jump Items into Jump Groups, granting members varying levels of access to those items.
Set expiration dates for Jumpoints.
Create Jump Policies to enforce when Jump Items can be accessed.
Jump Clients unable to connect to the B Series Appliance are automatically marked as lost, allowing an administrator to diagnose the reason for the lost connection. Both the lost date and the date at which a Jump Item is deleted can be configured.

After a software update, Jump Clients update automatically. Representatives can see which Jump Clients have completed upgrade and can access them right away. While a Jump Client is awaiting upgrade, representatives can still modify properties without having to wait for the upgrade to complete.

Post Session Lock Set the customer client to automatically lock or log out the remote Windows computer when an elevated support session ends.
Representative Permissions Restrict or enable toolset components (ex., View or Control, File Transfer, System Information, Reboot, etc.)
Reports Report on all session activity; customize, filter and export reports.
Jump Group Details added to Reports Jump Group details are now part of session reports in the Reporting sections of Remote Support. Now admins and Support Team leaders have the ability to gather additional data to satisfy internal and external compliance requirements.
Reporting Permissions Manage each user’s reporting privileges.

Reporting Permissions by Jump Group

Jump groups contain specific endpoints a user or group can access, as well as the specific methods to access the endpoints with associated policies for those sessions. Jump Group Reporting enables users to view access sessions associated with this grouping by selecting it as a filter.
Support Session Reports View details of each support session, including a complete chat transcript, permissions requested, and files transferred.
Session Recording Videos Record annotated videos of support sessions, show my screen sessions, command shell sessions, and presentations.
Support Summary Reports See an overview of support activity over time, categorized by representative, team, or public site.
Exit Survey Reports Monitor customer and representative surveys.
Team and Embassy Reports View details of activity within a team or embassy, including login and logout times, team chats, and files shared.
License Usage Reports Run reports to view peak usage of BeyondTrust licenses.

GDPR Pseudonymization Support

Allow your organization to meet its GDPR initiatives with pseudonymization support in BeyondTrust. BeyondTrust administrators can respond to Right to Erasure requests by searching for specific criteria supplied by the requester. Once reviewed, the results can be anonymized with an automatically generated term or a custom replacement.

Features for System Administrators

Feature Description
Mass Deployment Install BeyondTrust applications on multiple systems simultaneously
Extractable Representative Console and Jump Clients Download a mass-deployable representative console and Jump Clients installer to distribute to representatives and systems prior to or in parallel with upgrading the B Series Appliance.
Mass Deployment Installers Create mass deployable installer packages for representative consoles and Jump Clients (Windows and Mac). Also create MSI packages for Session Recording Viewers and Support Buttons (Windows only).

Mass Import of Jump Shortcuts

Import and configure large numbers of Jump shortcuts.
Identity Management Define BeyondTrust accounts using existing data on directory servers.

AWS Encryption key support (Cloud)

AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses hardware security modules. The vault encryption key can be stored in AWS.
LDAP/Active Directory Use LDAP/Active Directory to manage BeyondTrust users.
RADIUS [Multifactor] Use RADIUS for two factor authentication.
Kerberos [Single Sign-on] Use Kerberos for single sign-on.

SAML [Single Sign-on]

Use SAML with an Identity Provider to authenticate BeyondTrust users. SAML authentication works with desktop, Android, and iOS. By using SAML, representatives can log directly into /console from a SAML IdP. Admins have the ability to set what the behavior is for either launching the /login or the /console interfaces after using an IdP.

Authentication Option for /Appliance

By using SAML, administrators can log directly into /appliance from a SAML IdP. Previously, we only had local authentication for /appliance. This enhancement gives users the ability to use non-local accounts to authenticate to the B Series Appliance interface to increase security and usability. Admins and Users don’t have to remember or manage the local accounts so they can use more modern authentication methods.

Outbound Proxy Support

Proxy servers act as a firewall and web filter, provide shared network connections, and cache data to speed up common requests. Proxy servers can provide a high level of privacy and security for the user’s network. You now have the ability to use a proxy to send outbound connections to a single destination instead of needing to open communication to other applications directly. This feature allows admins to control the data flow for the information they are sending off the B Series Appliance.
Password Managers

Use a password manager such as 1Password to log in to the iOS representative console.

TLS 1.3 Protocol

Transportation Layer Security protocol 1.3 is used to ensure secure communication between browsers and web servers. Symmetric cryptography is used to encrypt the data transmitted. The keys are uniquely generated for each connection and are based on a shared secret negotiated at the beginning of the session.

BeyondTrust Vault

Use the built-in BeyondTrust Vault credential manager to store and inject credentials into support sessions. Add privileged credentials to Vault manually, or try the built-in Discovery tool to automatically find and protect AD and local credentials.

The Vault feature has been enhanced to include a Vault Accounts tab in the Representative Console. The Vault Accounts section enables users to check in and out Vault accounts that the administrator has defined. This enables users to leverage Vault accounts for session activity or locally on their own device, improving user experience and productivity by enabling access to Jump Items and Vault accounts from one location.

Vault - Associate Credentials to Endpoint

Customers need a better way for local account and specific account to only be associated to that endpoint. To do that, you can add a credential to a discovered endpoint. This feature allows for a better experience when selecting a system to Jump(TM) to and have the needed credential at the top of the list.
Vault - Domain Filtering in Vault Discovery Users can traverse Organizational Units (OUs) within the targeted Active Directory Domain when using the Vault Discovery functionality. Vault Discovery allows administrators to discover credentials in the specified network. Administrators can then import credentials into Vault, enabling users to inject and use the discovered credentials within Remote Support sessions.

Jump Client Discovery & Rotation

Jump Clients can perform discovery and rotation of local credentials (Windows only). This functionality allows administrators to manage machines individually and set who has access to those machines without the need to set up a local or shared account on the remote system. This feature is to complement the use of Jumpoints in the network for domain-based rotation but also allow for more singular control over smaller groups of machines.
Vault - Local User Account Automatic Rotation The Remote Support Vault has been enhanced to include automatic credential rotation. This helps to mitigate the potential for password re-use threats related to stolen credentials. Administrators can configure automatic rotation of local user account credentials in the Vault tab.
Vault - New User Permissions It is now possible to define which Vault users can inject credentials while in a session and which Vault users can view credentials when checked out in /login. Previously, these permissions were grouped together, but now administrators have more control when it comes to user permissions.

Vault - Scheduled Rotation

The Remote Support Vault has been enhanced to include a simple and efficient method to rotate user-selected groups of credentials or all Vault credentials at one time, making it simpler for our customers to manage large numbers of credentials with Vault and removing time-consuming individual manual rotation.

Vault Account Groups

Vault Administrators can organize Vault accounts into account groups, providing a better management experience for Vault admins. Admins can assign account groups to group policies, rather than only individual Vault accounts, and Vault accounts can be assigned to an account group during the import process.

Vault Personal Accounts

All Remote Support users can create private generic accounts in their own private Vault. This functionality allows users to manage their own Vault accounts privately for use during support sessions.
Let's Encrypt Let's Encrypt is a service provided by the Internet Security Research Group (ISRG). It is a free, automated, and open cert bificate authority (CA). In /appliance, you can request and automatically renew SSL/TLS certificates used by your B Series Appliance. Let's Encrypt is configured in the SSL/TLS Configuration section in /appliance for on-premises deployments and the Appliance tab for Cloud deployments.
Backup and Redundancy Monitor and back up the BeyondTrust Appliance B Series.
Automatic Installation of Critical Updates

Set up your BeyondTrust Appliance B Series to automatically install critical updates.

B Series Appliance Failover Define and automate redundancy and failover options.
Backup Integration Client Schedule automatic retrieval and storage of software backups.
BeyondTrust Atlas Cluster Technology Use one BeyondTrust site across multiple B Series Appliances to enhance responsiveness across wide geographic deployments.
Data at Rest Encryption

Choose to encrypt session data stored on your B Series Appliance. This feature is available on Cloud Appliances, RS Virtual Appliances, and physical B Series Appliance.

NIC Teaming

Combine your system's physical network interface controllers (NICs) into a single logical interface, adding an additional layer of fault tolerance for your B Series Appliance.

Integration Integrate BeyondTrust with external systems.
API Integrate with external systems and set API permissions. Authenticate API accounts using OAuth 2.0.

Configuration APIs

Make use a new set of APIs that enable Remote Support admins to automate and orchestrate administrative tasks within /login and the Representative Console. Specific methods exposed via an API enable a programmatic way to create, list, update, and delete certain configuration items in Remote Support. For example, Remote Support admins can use the API to create local user accounts, or delete Jump Clients that have been offline for a specified number of days. Other enabled use cases include tasks for Jump Groups, Vendor Groups and Users, Group Policies, Vault Accounts, and Personal Vault Accounts.

Configuration APIs have been enhanced to include new Configuration APIs, specifically the Vault Account Group API, PATCH/DELETE for Vault Accounts, and User/Role to Vault Account API. The Configuration API documentation can be found under /login > Management > API Configuration.
Custom Fields Create custom API fields to gather information about your customer, enabling you to more deeply integrate BeyondTrust into your support center. You can also make fields and their values visible in the representative console.
Custom Links Configure custom links to include a variable for a session's external key, pointing the URL to an associated CRM record or help desk ticket. A representative can access this link from within a session.
Embedded Remote App Support for Android and iOS Embed BeyondTrust remote support technology in your iOS and Android applications to support your mobile applications remotely.
Integration Client Transfer session logs, session recordings, and software backups from the B Series Appliance to an external system. Supported systems are Windows-based file systems and Microsoft SQL server. Schedule data transfers to take place automatically.
Real-Time Reporting API

Gain more efficient, comprehensive reporting through Real-time Dashboard and Representative Activity Reporting. Develop deep, real-time reporting to quickly analyze support center activity in your organization. Report on support representative activity regardless of whether they are in a support session or not, with metrics such as time available, busy, in concurrent sessions, etc.

SNMP Monitoring Monitor the B Series Appliance using Simple Network Management Protocol (SNMP).
Syslog Integration Send log messages to an external syslog server.

Additional Integration Options

Additional integration options are available to BeyondTrust customers, as well. Some integrations must be purchased separately from the BeyondTrust software. Contact BeyondTrust Sales for details.

Integration Option Requirements

Service Desk/Systems Management Integrations

Automate your integration of BeyondTrust with various service desk and systems management tools by requesting pre-packaged integration adapters, drastically reducing integration time.

BeyondTrust-Maintained Integrations
BMC Footprints
BMC Remedy
BMC Remedyforce
CA Service Desk
JIRA Service Desk
Microsoft Dynamics CRM
3rd Party Integrations
BMC ServiceDesk Express
SunView ChangeGear
Symantec Endpoint Management

CRM/Ticketing Integration

Use the BeyondTrust API to create a simple integration between your CRM or ticketing system and BeyondTrust, allowing support reps to access a CRM record or help desk ticket directly from the BeyondTrustrepresentative console.

BeyondTrust API 1.18.0+

For a list of which API versions correspond with which BeyondTrust software versions, see

3rd Party Professional Integration Services

Because BeyondTrust’s API and Integration Client conform to industry protocols, it is possible for customers to contract with a third-party professional services provider to outsource integration needs.

Contact BeyondTrust Sales for References.

BeyondTrust Professional Services

Contract with BeyondTrust for custom integration needs.

Contact BeyondTrust Sales.