General

Hi everyone,I have a question regarding PASM. I have users and devices managed through Password Safe, and session delivery is handled by PRA. If I want a user connecting from PRA with credentials injected from Password Safe to provide a reason for connecting, where do I configure this in PS or PRA? Also, if they need an approval workflow, where do I configure that in PS or PRA?

This might be a bit too big of a question for this forum. However, I am not sure where to start. We are still somewhat new to PRA. I am wanting to start using Docker containers for our jumpoints instead of putting them on Linux instances. First, where do I go to download the container image? I heard that there is a stock image that we would use and then just input the key to start the connection to our system. Second, can we put the container in a service like AWS container service or Azure container service? Third, and this will show my very beginner level of experience with containers, would we do the firewall rules for the containers the same way that we do them for the Linux servers that are jumpoints?I have a feeling there are other items that I am totally missing, but I figured this is a good start. If you know of documentation you can point me to I am more than happy to start reading and testing things out. 

Hi All,In PRA, we have a SAML security provider configured for user authentication and provisioning. User will only be provisioned when they first-time logged in.Is there anyway we can pre-provision the users by LDAP/AD Group synchronization similar functionality as Password Safe (without using SCIM). Thanks, 

HelloWe have a situation with the Web Jump where user needs to open a specific website which automaticaly downloads an instalation package. I was able to configure web jump but when user connects to it - it just displays the webpage. Is it possible to set web jump to auto download the file after connecting?Kind Regards

I am encountering a limitation when using BeyondTrust Privileged Remote Access (PRA) for remote access to network shares.I tested an alternative using: Jump Client Session Policies → File Transfer tab ➡️ File transfer works correctly from the remote machine.❌ However, the main issue is that: The session runs under a local administrator account The user accessing the session does have access to the shared folders, but not when using their Active Directory account Requirement / QuestionI would like to know if there is a way: To access the remote machine via Jump Client (File Transfer tab) using the user’s Active Directory account during the session Specifically through: A netwo

Hi All,I have got the PWS to PRA connection working, I can see my managed test account in PRA but when I try and use the cred store to connect, I get the following error. (Could not find a schedule to use with this release request)I have followed the guide (BeyondInsight / Password Safe - Unable to pull Password Safe Credential via ECM. Error: "Could not find a schedule to use with release request".)Any ideas where I can start to look? log? or have I missed something simple?

For one of the end user is not able to access Linux machine and getting below error, tried uninstalled & Installed Desktop access but getting same error however it is working in Web console able to access the server.Could someone please assist to fix the issue?

The following articles were published last week. New Knowledge Base Articles: KB0022065 - Unable to install Jumpoint on Debian 11 OS. Error - PUSH_AGENT:ERROR exception occurred while connecting to gateway KB0023271 - Testing email from PRA results in error - Unknown error occurred. XOAUTH2 authentication failed CODE:535 verify the configuration

Is it possible to launch multiple or duplicate tabs in a Web Jump?

Hi All,I have the PWS to PRA connection functional and have imported managed systems and account and can inject using the console from my account. BUT one of the use cases that sold us on this solution was to onboard our 3rd parties.So, during the build I onboarded an account from a different domain. (eg. my admin account is luke@company1.com and the test account is test@company2.com).When I just and start a jump when logged in as test@company2.com, no creds are injected and when I check the PWS logs I can see an error that the account from comany2.com does not exist, and this is correct. Company2 only exists at PRA not PWS.Have I done my build wrong???  Plugin found no credentials - [436c54cfe6ea4ccfa2053d1b94db6ec6]: Unable to authenticate app and run-as user; verify the API Registration, SSL/TLS Settings, and user permissions -- originalUsername=[te

The following articles were published last week. New Knowledge Base Articles: KB0022055 - Domain discovery error - Failed to get information about discovery account KB0022427 - Unable to update. Error: An error occurred installing this update KB0023316 - Unable to install BT26-02-RS or BT26-02-PRA patch - Error: An error occurred installing this update.

The following articles were published last week. New Knowledge Base Articles: KB0022041 - After upgrade to RS or PRA version 24, outbound events for Service Now integration receive error: Maximum file exceeded KB0023270 - Are automatic product upgrades supported if appliances are configured in a failover pair or Atlas configuration? KB0023273 - Why do some users have

Hi all, In case it helps others who faced (or will face) the same issue in the future:We have deployed a Jumpoint on one of our premises and created a Web Jump Shortcut to a web server. The session opens fine, and you can reach the login prompt also just fine; however, the issue occurs after you sign in (succesfully) -- the web page just becomes blank with no further indication other than a long login callback URL on top. Checking on the SRA web logs, we observed the following log:20260121 18:12:26 85 sra-web.exe 7456:cef_ui(00000500) WEB:DBG1>cef console: Error during sign-in redirect callback. See also log-file or network traffic in browser for server side errors. Error: exp is in the past:1768982203@http://XXX/XXX/login-callback/login-callback.js:27 Issue was fixed after correcting the time on the server that hosts the Jumpoint (for some reason, it was about 2 hours late). Guess this can also oc

Hi all, On a Linux Jumpoint, in order for the Web Jump to work, there are a few dependencies that need to be corrected, most of which are included in the POST_INSTALLATION_NOTES text file, like the following:*** NOTE ***If the Web Jump feature is going to be used on Ubuntu 24.04+ or on a similarlyderived Linux distribution, then an AppArmor profile needs to be added by running:    sudo cp "/home/user/Jumpoint/apparmor-profile" /etc/apparmor.d/sra-jpt-1770209519    sudo apparmor_parser -r /etc/apparmor.d/sra-jpt-1770209519 Another dependency is the X11 driver, which is included in the KB for the installation of the Jumpoint (Install a Linux Jumpoint | RS). However, even after completing the above steps, I was getting the following error:/home/user/Jumpoint/sra-web failed with exit c

HI All, can you please share any one the article to upgrade PRA cloud based application. for your reference attaching the snap. Can we directly upgrade or any instruct the options. Thanks.  

The following articles were published last week. New Knowledge Base Articles: KB0022051 - /login interface page times out after 10 minutes

Can there be multiple approvers in PRA to approve jump session?if yes, how it works, any one to approve or all must approve?

Hi,I lost several projects due to PRA dedicated accounts missing feature. I know that is existing in PasswordSafe but these projectw were really secure remote access use cases. Moreover, our main competitor in France is Wallix and they have this feature embedded. Is somebody in the community know if it could be possible to create automation with APIs to map a user with his user-adm account for example ? With a csv input file it could be good enough. Fabien

Hello team,I am currently testing the Jump Client for macOS in the PRA cloud. When initiating a jump, the session connects immediately without prompting for credentials.Could you please advise whether it is possible to configure credential injection before the jump is established? Thank you.

The following articles were published last week. New Knowledge Base Articles: KB0021974 - Why is there scheduled maintenance stating - "Your SRA Cloud site is not appropriately sized for its usage level"? KB0023125 - Vault Password Safe Discovery connection fails - Failed to connect to Password Safe Client KB0023248 - .Gitignore file is being exposed and can be viewed

Hi All,We’re relatively new to BeyondTrust PRA and are deploying multiple on‑prem PRA systems (one large Atlas system plus several HA systems for data‑residency). As we plan appliance upgrades (e.g. 24.2.3 → 24.3.3), we have concerns around remote access disruption and network impact, particularly related to Jumpoints. Environment24x7 OT environments 100+ Jumpoints (growing significantly) Jumpoints used as Jump Zone proxies aligned to Purdue/network segmentation JumpItems - primarily JumpClients and RDP. Remote sites connect via low‑bandwidth, often congested satellite linksKey ConcernsJumpoints are not backward compatible Remote access is unavailable until Jumpoints are upgraded to match the appliance version. Upgrade size

Hi AllI am trying to find a way to use the API to force check in of vault accounts which have had their password checked out for over 7 days,I think it is crazy to allow the PRA and the vault account members to checkout their password and allow it to stay checked out (this could be over a year) therefore they could use the password and put it into some automated tasks where it is in plain text and as it is never checked in this will always stay the same.It seems a lot safer if there was an option within PRA to force check in ( a tick box or something ) and a correct schedule that could be set that would check in all passwords on a set day and time and rotate them. Instead I am having to mess about with APIs which are not very well documented in my opinion.Therefore has anyone needed to do this and if so how did they go about it?Thank you in advance.

The following articles were published last week. New Knowledge Base Articles: KB0021991 - Email alert "No Data Syncs Are Being Pulled" KB0022022 - Password reset emails are not sending receive error: Reset password email not sent. The SMTP server responded with: connection timed out. KB0023223 - How to install a Linux Jumpoint (headless)

PRA requires a user to login a first time in order to be available in PRA for example to assign vault accounts.Unfortunately this is causing problems with new employees which are onboarded into PRA.Unless they have never logged in, administrators cannot assign personal vault accounts. If the user logs in, and does not see his/her vault account, they create tickets. This is a very large customer and it is difficult to orchestrate / communicate such a process and they would like to automatically provision new users (from AD). How do other customers provision users up-front and define vault accounts, etc. and not depend on a user’s first login?