Centrally Manage Credentials and Permissions

BeyondTrust lets you use your existing directories and group policies to manage all your technicians and report on their remote support activity at a granular level. You can integrate BeyondTrust with your existing directories and security providers. And since our licenses are based on concurrency, you can make as many unique user accounts as you need.

Bomgar Group Policies and Policy Templates
BeyondTrust Group Policies and Policy Templates

Use Group Policies to Manage Permissions

BeyondTrust enables granular control over support representative permissions through individual or group policies defined in your own directory.

You can create group policy templates to speed the creation of new teams. Group policies can apply both to technicians in your organization and to any technician invited into a support session.

Use Single Sign On and Multi-Factor Authentication

Use Single Sign On and Multi-Factor Authentication

BeyondTrust supports Kerberos or SAML integration for Single Sign On across BeyondTrust desktop and mobile consoles..

BeyondTrust includes native multi factor authentication, or you can integrate BeyondTrust with RADIUS. RADIUS uses RSA secure ID or other RADIUS authentication providers.

And for government agencies and regulated companies that require physical authentication for remote access, BeyondTrust also allows reps to pass smart card, or common access card (CAC), credentials to a remote computer.

Security Providers Include LDAP, AD, RADIUS and Kerberos
Security Providers Include LDAP, AD, RADIUS and Kerberos

Use LDAP and Active Directory to Manage Login Credentials

BeyondTrust integrates easily with your existing directory services, making user account management much easier and much, much more scalable. Instead of creating and editing accounts manually, you can add accounts or whole groups from Active Directory (or another service) quickly and easily.

Support reps can log into BeyondTrust with the same username and password that they use to log into their computer. And a directory change can revise their permissions in BeyondTrust.

Store credentials safely in the BeyondTrust Vault Add-on and inject them during remote support

Integrate Credential Injection with Remote Support

Make it easy for support teams to access desktops and systems quickly without revealing plain text credentials and passwords, which are commonly phished. Credential injection enables your support organization to:

  • Improve productivity and time to resolution by streamlining access to desktops and systems
  • Eliminate the need to store and track shared credentials manually
  • Mask plain text credentials and passwords from technicians so they can't be phished or stolen
  • Eliminate a very common and profitable attack pathway for hackers
Require devices to verify their IP address
Require devices to authenticate from a specific IP network addresses before using BeyondTrust

Device Verification for Support Reps

With BeyondTrust, support reps can offer remote support from anywhere and from a variety of devices. To make this mobile, multi-platform capability more secure, BeyondTrust also gives administrators granular control over both what devices can be used and where they can be used.

As an administrator, you can restrict the use of BeyondTrust only to specific networks. Or you can provision phones or tablets to use Mobile Rep Consoles. Either way, device verification gives you another authentication method.

Authenticate to the iOS Rep Console using your fingerprint

Use Touch ID Authentication on iOS Devices

For improved security, a support rep on an iPad or iPhone can take advantage of Apple Touch ID when logging into the iOS Rep Console.

Once Touch ID is enabled, the support rep can authenticate to the iOS Rep Console using his or her fingerprint.

Touch ID adds another layer of security to BeyondTrust's Rep Console for iOS. If the phone is lost or stolen, Touch ID prevents access to the iOS Rep Console.

Delegate password administration to non-administrators
Delegate password administration to non-administrators

Delegate Password Administration to Non-Administrators

Password reset requests are often cited as the number one support request. Ironically, sometimes the technicians doing the support forget their passwords, too!

With BeyondTrust, administrators can give a non-admin permission to manage password resets. This frees up administrators to focus on more critical tasks.

Efficient Identity Management with Automatic Updates and Deletion

Managing all the members of a large service desk or IT organization can be complicated. BeyondTrust makes it easier by eliminating a lot of work for you. Plus, your technicians don't have to remember another username and password.

Because BeyondTrust can read accounts straight from the directory, any change in a user's status will automatically update in BeyondTrust's user settings and privileges. No further configuration is required.

And if a support representative moves to another area that does not use BeyondTrust or leaves the company, the user's privileges are automatically removed from BeyondTrust when he or she is deleted from the company directory. The user account information only appears in BeyondTrust for reporting purposes.