General

I have a standalone Gateway (Jumpoint) and a Gateway cluster (jumpoint cluster).Wha can I configure my Jump Clients only to use a standalone gateway (jumpoint) and not the gateway cluster?

This might be a bit too big of a question for this forum. However, I am not sure where to start. We are still somewhat new to PRA. I am wanting to start using Docker containers for our jumpoints instead of putting them on Linux instances. First, where do I go to download the container image? I heard that there is a stock image that we would use and then just input the key to start the connection to our system. Second, can we put the container in a service like AWS container service or Azure container service? Third, and this will show my very beginner level of experience with containers, would we do the firewall rules for the containers the same way that we do them for the Linux servers that are jumpoints?I have a feeling there are other items that I am totally missing, but I figured this is a good start. If you know of documentation you can point me to I am more than happy to start reading and testing things out. 

Hi everybody, hope y’all having a great friday so far.Even though we know Windows 2003 are out of support, we still have a couple running precious services, and we’re on track to upgrading them.  There are accounts on our Password Safe that go through PRA ECM integration for injecting credentials. That works for 99% of the newer Windows machines except these. We realized that whenever we jump to these, the main issue is the “format” of the credentials are wrong (even it says in the login menu of the machine).Is there a workaround or any ideas that might worth a try? Thanks!     

Anyway of being able to mass delete users in PRA? E.g. if not authenticated in X amount of days?GUI doesn’t have check boxes to select multiple users to perform bulk tasks. There’s a 5+ sec gap when deleting individual users one buy one and whilst waiting for the user table to refresh, quite tedious!  No automated settings I’m aware of for internal users, whereas vendor users have this option -Will implementing SCIM (SAML only currently) address this or will it only disable users rather than delete?​​​​​​​

The following articles were published last week. New Knowledge Base Articles: KB0022444 - Can USERID and DATETIMESTAMP be used in the Integration Client recording file format name? KB0022475 - Jump Client prompts for application selection after upgrade despite configuration KB0022505 - Unable to OIDC authenticate in Access Console - Error 403

Hi, is there a way in PRA console to identify which Jumpitems are being used by user to stablish connection to end points? Just want to make sure all my 4 jumpitems are being used.

The following articles were published last week. New Knowledge Base Articles: KB0022485 - Is Session Recordings required at all times, or only in specific cases? KB0022489 - Should the same upgrade package be used if appliances are in failover for RS and PRA? KB0023575 - Is RS and PRA vulnerable to CVE-2026-31431 Copy Fail?

The supported platform matrix for the PRA Integration Client only goes up to SQL Server 2022. Is their a roadmap/timeline for supporting for Azure SQL PaaS offering (@2025), or is there a configuration on it which can be made to make it supportable? ThanksChris

Good afternoon community,I would like to ask a question regarding the installation of BeyondTrust Access Console on macOS devices.Currently, the Access Console installer for macOS is only available for download in .dmg format. We contacted BeyondTrust directly, and they confirmed that there is currently no native .pkg version officially available.However, they also mentioned that some customers have successfully created their own conversions to .pkg format for corporate deployments, although BeyondTrust does not provide support for that process.I would like to know if anyone in the community has previously completed this process and could share any recommendations, experiences, or best practices for correctly generating the .pkg file and deploying it while avoiding corruption issues or installation failures.I look forward to your comments, and thank you very much in advance. 

Is it possitble to generate a Jump Client Installer, that can only be installed once, or that is restricted to specific endpoint? I think the answer is no, but a client really wants this.

We are interested in enabling this option: Force the closure of windows that were opened during the session. We expect that it will close any opened command prompts that are elevated from run as etc. But will it also close other applications that are open done by the user like word/outlook etc. The explanations found on internet and the bt documentation don't say much and would like to know more on this, or if anyone else has enabled it and can tell me what exactly is happening with all the apps that are open when the engineer jumps onto the machine does his bit and jumps off again. We also don't see an option to test it or assign it to a test group to experience the behaviour as it seems to be an all or nothing setting.  

The following articles were published last week. New Knowledge Base Articles: KB0022430 - Can SAML users be migrated to another provider in Remote Support or Privileged Remote Access? KB0022453 - What is the retention for RS and PRA Vault password history? KB0022455 - Is it possible to automatically add the user's name as a tag during Jump Client deployment?

The following articles were published last week. New Knowledge Base Articles: KB0021349 - Freshservice Remote Support or Privileged Remote Access integration receiving: Error validating parameter 'queue_id': No queue exists with the code name "general" KB0022393 - Is Local Jump supported for Linux Server OS? KB0022396 - What is the average input or output operations p

Hello!I am curious to know what type of filtering and packet inspection controls are typically recommended/used for on-prem PRA/RS appliances. As typical use cases (e.g. remote users, vendor access etc.) require the appliance to be external network facing , it is not feasible to restrict access to IP ranges. Based on KB articles SSL Offloading is not supported for client to appliance communication.Question: What typical network security controls are recommended apart from restricting the outbound from appliance, blocking known-bad source IPs, and segmentation.Anyone using Web App Firewalls , NGFWs or IDPS effectively ? Are there any resources available that can help identifying know benign traffic vs malicious traffic ?

We have enabled Log "Run As" Special Action Commands in the Session Reports, but is there a way to extract just this specific details to see on which devices this has been run? I've checked back and forth the reportings, exported many reports, but none seem to have this data..

The following articles were published last week. New Knowledge Base Articles: KB0022243 - Privileged Remote Access report types and how to create them KB0022284 - Linux Jumpoint installation error - Failed at step EXEC spawning /home/beyondtrust/jumpoint/init-script: Permission denied KB0022321 - What application parameters are available for the PRA BeyondTrust Deskto

Like the title says, I have a couple of non-domainjoined windows VMs, which I would like to be able to use multisessions on, credential injection works fine obviously for the Jump point object, meaning the local account credentials are managed in PRA, but Remote RDP doesn’t seem to support it, unless I’m missing something.We do not use Password Safe, only the built in credential Vault.

Ran into an issue while upgrading to 25.3.3 (and 26.1.1 + Base 8.2) this week, maybe I’m incorrect in my assertion but I’ve updated our appliance several times since going live, and haven’t had this issue before.After updating to 25.3.3 all of our Desktop clients stopped working, we use SAML auth, and the SAML itself works fine, we see successful logins, but when the login is complete, the desktop console doesn’t do anything, it remains in its default state, waiting for you to press login, and the cycle repeats.I tested this both on going from 25.3.2 to 25.3.3 and 26.1.1, with desktop consoles both on 25.3.2 and 25.3.3, same thing on both.Again, I’ve updated the appliance several times, without the need to manually re-install the desktop console.SAML login to the /login page and /console page in web works fine.

Hi everyone, I’m quite new to BeyondTrust and am completing the Privileged Remote Access - BCIE course.I wanted to know the difference between a Remote RDP Jump Item vs Remote Jump Item.Is Remote RDP Jump similar to using a VM session?Thanks in advance!

Hello,We are currently integrating credential injection from Password Safe into PRA for Cisco devices using the Shell Jump method.Users are able to successfully authenticate and access the devices with the injected credentials. However, when they attempt to enter "enable" mode to perform configuration changes, the system prompts for the password again.At this point, no credential injection prompt or window is displayed, so users are required to manually enter the password. Since the credentials were injected automatically during the initial login, the users do not have visibility of the password and cannot proceed.There is any feature or recommended approach that allows re-injecting or reusing the credentials once inside the shell session (for example, when escalating to enable mode).Thank you.

The following articles were published last week. New Knowledge Base Articles: KB0022201 - Managed System external Jump items are missing troubleshooting KB0022250 - Canned scripts option missing for macOS remote sessions KB0022262 - File transfer not working for macOS remote session