BeyondTrust lets you use your existing directories and group policies to manage all your technicians and report on their remote support activity at a granular level. You can integrate BeyondTrust with your existing directories and security providers. And since our licenses are based on concurrency, you can make as many unique user accounts as you need.
BeyondTrust enables granular control over support representative permissions through individual or group policies defined in your own directory.
You can create group policy templates to speed the creation of new teams. Group policies can apply both to technicians in your organization and to any technician invited into a support session.
BeyondTrust supports Kerberos or SAML integration for Single Sign On across BeyondTrust desktop and mobile consoles..
BeyondTrust includes native multi factor authentication, or you can integrate BeyondTrust with RADIUS. RADIUS uses RSA secure ID or other RADIUS authentication providers.
And for government agencies and regulated companies that require physical authentication for remote access, BeyondTrust also allows reps to pass smart card, or Common Access Card (CAC), credentials to a remote computer.
BeyondTrust integrates easily with your existing directory services, making user account management much easier and much, much more scalable. Instead of creating and editing accounts manually, you can add accounts or whole groups from Active Directory (or another service) quickly and easily.
Support reps can log into BeyondTrust with the same username and password that they use to log into their computer. And a directory change can revise their permissions in BeyondTrust.
Make it easy for support teams to access desktops and systems quickly without revealing plain text credentials and passwords, which are commonly phished. Credential injection enables your support organization to:
With BeyondTrust, support reps can offer remote support from anywhere and from a variety of devices. To make this mobile, multi-platform capability more secure, BeyondTrust also gives administrators granular control over both what devices can be used and where they can be used.
As an administrator, you can restrict the use of BeyondTrust only to specific networks. Or you can provision phones or tablets to use Mobile Rep Consoles. Either way, device verification gives you another authentication method.
For improved security, a support rep on an iPad or iPhone can take advantage of Apple Touch ID when logging into the iOS Rep Console.
Once Touch ID is enabled, the support rep can authenticate to the iOS Rep Console using his or her fingerprint.
Touch ID adds another layer of security to BeyondTrust's Rep Console for iOS. If the phone is lost or stolen, Touch ID prevents access to the iOS Rep Console.
Password reset requests are often cited as the number one support request. Ironically, sometimes the technicians doing the support forget their passwords, too!
With BeyondTrust, administrators can give a non-admin permission to manage password resets. This frees up administrators to focus on more critical tasks.
Managing all the members of a large service desk or IT organization can be complicated. BeyondTrust makes it easier by eliminating a lot of work for you. Plus, your technicians don't have to remember another username and password.
Because BeyondTrust can read accounts straight from the directory, any change in a user's status will automatically update in BeyondTrust's user settings and privileges. No further configuration is required.
And if a support representative moves to another area that does not use BeyondTrust or leaves the company, the user's privileges are automatically removed from BeyondTrust when he or she is deleted from the company directory. The user account information only appears in BeyondTrust for reporting purposes.