Centralizing authentication to BeyondTust Solutions via the Okta Integration Network simplifies access and improves administrator productivity.​

The BeyondTrust Privileged Access Management Platform integrates with Okta’s multi-factor authentication (MFA), single sign-on (SSO) solution to deliver secure and adaptive authentication to privileged applications. This integration provides a seamless experience for users, enabling organizations to maintain their productivity while ensuring tight access controls.

Key Use Cases

Utilizing Federation for Privileged Accounts — When the Best Password is No Password

  • The BeyondTrust platform leverages Okta to enable users to SSO into the central BeyondTrust web console. Okta Desktop Single Sign-On and integrated Windows authentication enables users already authenticated to the Active Directory domain to seamlessly access the BeyondTrust platform, enabling Okta to provision new accounts in BeyondTrust.
  • BeyondTrust and Okta can leverage federation and SSO for managed privileged accounts that allow access to protected web applications and consoles, including Google Cloud and AWS. Credentials are neither exposed to the users, nor required to be sent on the wire – regardless of whether the applications reside on-premises or in the cloud.

MFA Support Via RADIUS for BeyondTrust PAM Solutions

  • For organizations that have integrated Okta and BeyondTrust, standard users can elevate to applications that require administrator privileges seamlessly using an Okta challenge. Through a simple three-step process, the user enters their credentials and selects their method (e.g. push), approves it on their mobile device, and the application starts. Command-line options are also available for Unix and Linux environments.

Session Management

  • When users need to establish a privileged remote session to a server or network device, they can leverage the desktop or session management tool of their choice, such as Terminal or PuTTY. If step-up authentication via Okta is enabled, a push is sent to a device of choice and, when the request is approved, it starts the remote desktop session. This level of integration ensures that users requesting access to privileged accounts and systems are properly authenticated and authorized through adaptive MFA.

BeyondTrust in the Okta Integration Network

  • Using the Okta dashboard, customers can quickly add and configure SAML integration, so users can SSO into the BeyondTrust platform. Also, just-in-time provisioning via SAML can be leveraged for users and privileged accounts connecting to web applications such as Amazon AWS.