General

Hello,We are currently integrating credential injection from Password Safe into PRA for Cisco devices using the Shell Jump method.Users are able to successfully authenticate and access the devices with the injected credentials. However, when they attempt to enter "enable" mode to perform configuration changes, the system prompts for the password again.At this point, no credential injection prompt or window is displayed, so users are required to manually enter the password. Since the credentials were injected automatically during the initial login, the users do not have visibility of the password and cannot proceed.There is any feature or recommended approach that allows re-injecting or reusing the credentials once inside the shell session (for example, when escalating to enable mode).Thank you.

Hi  I have configured PRA where I have jump client and a RDP for a windows Server, when I am accessing I strangely started noticing that Over the Mouse there is a black dot which keeps moving along with the Mouse Arrow cursor. the problem is that they are not in sync, there is a kind of lag, is there a way to fix the Mouse having that black dot., can we remove it.

We have Cimplicity Webspace in our environment, which is web based. The main dashboard does not have a login screen, but each page off of the main page is an embedded IDE object that has its own authentication. We are trying right now to run the application as a Web Jump, but Web Jump does not see the authentication fields because they are in the embedded IDE and not HTML fields.Has anyone found a way to use Cimplicity Webspace with PRA?

We have enabled Log "Run As" Special Action Commands in the Session Reports, but is there a way to extract just this specific details to see on which devices this has been run? I've checked back and forth the reportings, exported many reports, but none seem to have this data..

We are interested in enabling this option: Force the closure of windows that were opened during the session. We expect that it will close any opened command prompts that are elevated from run as etc. But will it also close other applications that are open done by the user like word/outlook etc. The explanations found on internet and the bt documentation don't say much and would like to know more on this, or if anyone else has enabled it and can tell me what exactly is happening with all the apps that are open when the engineer jumps onto the machine does his bit and jumps off again. We also don't see an option to test it or assign it to a test group to experience the behaviour as it seems to be an all or nothing setting.  

Hello!I am curious to know what type of filtering and packet inspection controls are typically recommended/used for on-prem PRA/RS appliances. As typical use cases (e.g. remote users, vendor access etc.) require the appliance to be external network facing , it is not feasible to restrict access to IP ranges. Based on KB articles SSL Offloading is not supported for client to appliance communication.Question: What typical network security controls are recommended apart from restricting the outbound from appliance, blocking known-bad source IPs, and segmentation.Anyone using Web App Firewalls , NGFWs or IDPS effectively ? Are there any resources available that can help identifying know benign traffic vs malicious traffic ?

The following articles were published last week. New Knowledge Base Articles: KB0022194 - How to create a registered app for Remote Support and Privileged Remote Access Vault KB0022195 - Error: This account has expired when trying to log into the administrative interface KB0022251 - Vault account fails to check in post-use, becomes unusable

Hello , I see there is only TOTP MFA option in PRA . We are using PRA for external Vendor access where the accounts are quarterly reviewed but as the number of vendor grows , manual errors might increase. Also as the review can not be made more frequent , there is a possibility that Terminated vendor user still has access as they know their PRA login password and have TOTP MFA configured using a personal mobile device. These user identities are in Active Director as well as PRA internal DB. Is there any way to implement email-based MFA so that terminated user will immediately lose access as they wont have access to company email ?I see Radius auth and OKTA can be used both have separate trade-offs

The following articles were published last week. New Knowledge Base Articles: KB0022141 - Web jump error: failed with exit code 2 KB0022157 - Error approving access for others. The approver key is invalid KB0022161 - Authenticate the current url icon is greyed out when Web Jump is launched

Hi AllI am trying to find a way to use the API to force check in of vault accounts which have had their password checked out for over 7 days,I think it is crazy to allow the PRA and the vault account members to checkout their password and allow it to stay checked out (this could be over a year) therefore they could use the password and put it into some automated tasks where it is in plain text and as it is never checked in this will always stay the same.It seems a lot safer if there was an option within PRA to force check in ( a tick box or something ) and a correct schedule that could be set that would check in all passwords on a set day and time and rotate them. Instead I am having to mess about with APIs which are not very well documented in my opinion.Therefore has anyone needed to do this and if so how did they go about it?Thank you in advance.

Is it possible to archive transfer on a Remote VNC jump?

The following articles were published last week. New Knowledge Base Articles: KB0023437 - How to sync an Atlas cluster

Hi everyone,I have a question regarding PASM. I have users and devices managed through Password Safe, and session delivery is handled by PRA. If I want a user connecting from PRA with credentials injected from Password Safe to provide a reason for connecting, where do I configure this in PS or PRA? Also, if they need an approval workflow, where do I configure that in PS or PRA?

This might be a bit too big of a question for this forum. However, I am not sure where to start. We are still somewhat new to PRA. I am wanting to start using Docker containers for our jumpoints instead of putting them on Linux instances. First, where do I go to download the container image? I heard that there is a stock image that we would use and then just input the key to start the connection to our system. Second, can we put the container in a service like AWS container service or Azure container service? Third, and this will show my very beginner level of experience with containers, would we do the firewall rules for the containers the same way that we do them for the Linux servers that are jumpoints?I have a feeling there are other items that I am totally missing, but I figured this is a good start. If you know of documentation you can point me to I am more than happy to start reading and testing things out. 

Hi All,In PRA, we have a SAML security provider configured for user authentication and provisioning. User will only be provisioned when they first-time logged in.Is there anyway we can pre-provision the users by LDAP/AD Group synchronization similar functionality as Password Safe (without using SCIM). Thanks, 

HelloWe have a situation with the Web Jump where user needs to open a specific website which automaticaly downloads an instalation package. I was able to configure web jump but when user connects to it - it just displays the webpage. Is it possible to set web jump to auto download the file after connecting?Kind Regards

I am encountering a limitation when using BeyondTrust Privileged Remote Access (PRA) for remote access to network shares.I tested an alternative using: Jump Client Session Policies → File Transfer tab ➡️ File transfer works correctly from the remote machine.❌ However, the main issue is that: The session runs under a local administrator account The user accessing the session does have access to the shared folders, but not when using their Active Directory account Requirement / QuestionI would like to know if there is a way: To access the remote machine via Jump Client (File Transfer tab) using the user’s Active Directory account during the session Specifically through: A netwo

Hi All,I have got the PWS to PRA connection working, I can see my managed test account in PRA but when I try and use the cred store to connect, I get the following error. (Could not find a schedule to use with this release request)I have followed the guide (BeyondInsight / Password Safe - Unable to pull Password Safe Credential via ECM. Error: "Could not find a schedule to use with release request".)Any ideas where I can start to look? log? or have I missed something simple?

For one of the end user is not able to access Linux machine and getting below error, tried uninstalled & Installed Desktop access but getting same error however it is working in Web console able to access the server.Could someone please assist to fix the issue?

The following articles were published last week. New Knowledge Base Articles: KB0022065 - Unable to install Jumpoint on Debian 11 OS. Error - PUSH_AGENT:ERROR exception occurred while connecting to gateway KB0023271 - Testing email from PRA results in error - Unknown error occurred. XOAUTH2 authentication failed CODE:535 verify the configuration

Is it possible to launch multiple or duplicate tabs in a Web Jump?

Hi All,I have the PWS to PRA connection functional and have imported managed systems and account and can inject using the console from my account. BUT one of the use cases that sold us on this solution was to onboard our 3rd parties.So, during the build I onboarded an account from a different domain. (eg. my admin account is luke@company1.com and the test account is test@company2.com).When I just and start a jump when logged in as test@company2.com, no creds are injected and when I check the PWS logs I can see an error that the account from comany2.com does not exist, and this is correct. Company2 only exists at PRA not PWS.Have I done my build wrong???  Plugin found no credentials - [436c54cfe6ea4ccfa2053d1b94db6ec6]: Unable to authenticate app and run-as user; verify the API Registration, SSL/TLS Settings, and user permissions -- originalUsername=[te

The following articles were published last week. New Knowledge Base Articles: KB0022055 - Domain discovery error - Failed to get information about discovery account KB0022427 - Unable to update. Error: An error occurred installing this update KB0023316 - Unable to install BT26-02-RS or BT26-02-PRA patch - Error: An error occurred installing this update.