BeyondTrust - Secure Remote Access and Privileged Access Management
Announcement:
Be among the first to secure AI coworkers before they act. Request early access to AI Agent Security.

Accelerated Time to Value

BeyondTrust Professional Services deliver best practices and a cost-effective path to a successful Password Safe Cloud and Privileged Remote Access implementation. Professional Services security engineers partner with customers on installation, configuration, and knowledge transfer to achieve the desired business outcomes.

The BeyondTrust Password Safe + Privileged Remote Access bundle offers the best-in-class credential management of Password Safe with the best-in-class session management of Privileged Remote Access. This services package delivers both the configuration of Password Safe and Privileged Remote Access as well as the integration that allows Password Safe managed credentials to be injected in Privileged Remote Access sessions and for those credentials to be rotated on session close.

Inquiry selection for Password Safe + Privileged Remote Access Implementation Services

Customer Outcomes

Each Tier includes our standard Password Safe outcomes as well as deployment, configuration and integration with Privileged Remote Access.

  • Tier 1 Outcomes

Delivers essential Password Management & Session Management functionality for the assets in your environment. Reduces time to value as you quickly gain control of your credential and secrets usage. You gain visibility of credential and secrets usage through the Analytics & Reporting engine while satisfying your audit and compliance needs.

  • Tier 2 Outcomes

Delivers expert guidance when integrating installed enterprise systems such as SIEM tools or ITSM Ticketing systems. Implementation leverages structured approaches to developing and deploying advanced use cases for a variety of different asset types.

  • Tier 3 Outcomes

Delivers workshops to accelerate your enterprise-wide roll out using API frameworks and integrating with your Remote Desktop Services environments, for example. Provides working sessions to create customized oversight solutions and build on your self-sufficiency by developing a knowledge base.

Professional Services Criteria

Tier 1

Tier 2

Tier 3

Resource Zones & Brokers

Resource Zones

1

2

4

Resource Brokers

2

4

8

Privileged Account Management

Asset Import from Active Directory or Address Group with Discovery Scan

2500

5000

7500

Automated rotation of passwords, Session Management and Password Retrieval (per Use Case)

5

10

15

Remote Application Session Management per Application[1]

5

Define Access Policy and Password Complexity aligned with organizational standards.

Yes

Yes

Yes

Password Safe Features Configured

Desired number of completed Password Safe Use cases, from Common Use Case list below

5

10

15

Number of User Groups with Password Safe Roles assigned to Smart Groups

5

10

15

Count for each Directory Integration to allow search for Group, Computer and user objects within Active Directory, Entra ID or LDAP

1

2

5

Authentication Integration (SAML, RADIUS or TOTP) integration for Password Safe (1 provider)

Yes

Yes

Yes

Enterprise Integrations[3] (Ticketing Systems)

Yes

Yes

Syslog/SIEM connector from available built-in connectors

Yes

Yes

Create custom platform connector(s) for SSH Sessions

1

3

Configure Secret Safe

Yes

Yes

Yes

Configure Workforce Passwords

Yes

Yes

Secrets Cache installation, configuration, and example API PowerShell script to pull from Cache

Yes

Yes

Review Built-in Reports

Yes

Yes

Yes

Privileged Remote Access Deployment & Configuration

Cloud Tenant Deployed

Yes

Yes

Yes

User Authentication Configured via Local, LDAP, Active Directory or SAML

Yes

Yes

Yes

MFA via SAML / Kerberos / RADIUS / Smart Card (1 Provider)

Yes

Yes

Yes

Privileged Remote Access Features Configured

Integration to Password Safe Vault

Yes

Yes

Yes

Teams Configured

Up to 10

Up to 10

Up to 10

Access Consoles and Endpoints Manually Deployed

Up to 5 each

Up to 5 each

Up to 5 each

Access Console and Endpoint Mass Deployment Advised

Yes

Yes

Yes

Knowledge Transfer

Provide knowledge transfer for daily maintenance of the system

Yes

Yes

Yes

Implementation Closure Report

Yes

Yes

Yes

  1. 1.Requires specific prerequisites in place prior to being able to implement this task
  2. 2.Some connectors may require additional licensing
  3. 3.Use Cases for this product are specific to platform, to be discussed with Sales team

FAQ

A custom engagement can be scoped to cover Architect Workshops, for an additional fee.

The numbers above represent the maximum number within each deliverable category. If requirements or critiera fall outside of the typical deliverables noted, a custom scoped engagement is also available.

Common Use Cases

Based on each Tier, certain Password Safe use cases are available to be configured, as listed below:

Use Case Info

Tier 1

Tier 2

Tier 3

Use Case 1 - Rotate password and proxy RDP session - Local Windows Administrator to domain joined Windows Server

Yes

Yes

Yes

Use Case 2 - Rotate password and proxy SSH session - Local root/privileged account to Linux/ Unix server

Yes

Yes

Yes

Use Case 3 - Rotate password and proxy SSH session - Local Administrator to Network device

Yes

Yes

Yes

Use Case 4 - Rotate password and proxy RDP session - Active Directory Windows Administrator to Windows Server

Yes

Yes

Yes

Use Case 5 - Rotate password and proxy SSH session - Active Directory Administrator to Linux/ Unix server - requires established Active Directory bridge

Yes

Yes

Yes

Use Case 6 - Rotate password and proxy SSH session - Active Directory Administrator to Network device - requires established Active Directory bridge

Yes

Yes

Yes

Use Case 7 - Rotate and RDP - Dedicated Active Directory Administrator to Windows Server - ensure only the individual can see their administrator account - requires naming convention to match with suffix or prefix

Yes

Yes

Yes

Use Case 8 - Rotate and Retrieve Password - Local Database Administrator on Database

Yes

Yes

Yes

Use Case 9 - Rotate SSH Key and proxy SSH session - Local Administrator with Password and/or SSH Key to Linux/Unix server

Yes

Yes

Yes

Use Case 10 - Rotate SSH Key and proxy SSH session - Local Administrator with Password and/or SSH Key to Network device

Yes

Yes

Yes

Use Case 11 - Local Windows Administrator to non-domain joined Windows Servers using local functional account (ie DMZ)

Yes

Yes

Yes

Use Case 12 - Rotate password on Windows Services or Scheduled Tasks - Propagation Actions - Windows Services Log on as, Scheduled Tasks run as, and Application Pools run as

Yes

Yes

Use Case 13 - Retrieve Password - Administrator on Cloud platform

Yes

Use Case 14 - Application Session - Managed local or Active Directory Administrator account - requires established script and Remote App configured on RDS

Yes

Use Case 15 - Local Windows Administrator to Windows desktop or server via EPM Client with off network management integrations

Yes

Additional Information