General

Is it possitble to generate a Jump Client Installer, that can only be installed once, or that is restricted to specific endpoint? I think the answer is no, but a client really wants this.

The following articles were published last week. New Knowledge Base Articles: KB0021349 - Freshservice Remote Support or Privileged Remote Access integration receiving: Error validating parameter 'queue_id': No queue exists with the code name "general" KB0022393 - Is Local Jump supported for Linux Server OS? KB0022396 - What is the average input or output operations p

The supported platform matrix for the PRA Integration Client only goes up to SQL Server 2022. Is their a roadmap/timeline for supporting for Azure SQL PaaS offering (@2025), or is there a configuration on it which can be made to make it supportable? ThanksChris

Hello!I am curious to know what type of filtering and packet inspection controls are typically recommended/used for on-prem PRA/RS appliances. As typical use cases (e.g. remote users, vendor access etc.) require the appliance to be external network facing , it is not feasible to restrict access to IP ranges. Based on KB articles SSL Offloading is not supported for client to appliance communication.Question: What typical network security controls are recommended apart from restricting the outbound from appliance, blocking known-bad source IPs, and segmentation.Anyone using Web App Firewalls , NGFWs or IDPS effectively ? Are there any resources available that can help identifying know benign traffic vs malicious traffic ?

We have enabled Log "Run As" Special Action Commands in the Session Reports, but is there a way to extract just this specific details to see on which devices this has been run? I've checked back and forth the reportings, exported many reports, but none seem to have this data..

The following articles were published last week. New Knowledge Base Articles: KB0022243 - Privileged Remote Access report types and how to create them KB0022284 - Linux Jumpoint installation error - Failed at step EXEC spawning /home/beyondtrust/jumpoint/init-script: Permission denied KB0022321 - What application parameters are available for the PRA BeyondTrust Deskto

Like the title says, I have a couple of non-domainjoined windows VMs, which I would like to be able to use multisessions on, credential injection works fine obviously for the Jump point object, meaning the local account credentials are managed in PRA, but Remote RDP doesn’t seem to support it, unless I’m missing something.We do not use Password Safe, only the built in credential Vault.

Hi, is there a way in PRA console to identify which Jumpitems are being used by user to stablish connection to end points? Just want to make sure all my 4 jumpitems are being used.

Ran into an issue while upgrading to 25.3.3 (and 26.1.1 + Base 8.2) this week, maybe I’m incorrect in my assertion but I’ve updated our appliance several times since going live, and haven’t had this issue before.After updating to 25.3.3 all of our Desktop clients stopped working, we use SAML auth, and the SAML itself works fine, we see successful logins, but when the login is complete, the desktop console doesn’t do anything, it remains in its default state, waiting for you to press login, and the cycle repeats.I tested this both on going from 25.3.2 to 25.3.3 and 26.1.1, with desktop consoles both on 25.3.2 and 25.3.3, same thing on both.Again, I’ve updated the appliance several times, without the need to manually re-install the desktop console.SAML login to the /login page and /console page in web works fine.

Hi everyone, I’m quite new to BeyondTrust and am completing the Privileged Remote Access - BCIE course.I wanted to know the difference between a Remote RDP Jump Item vs Remote Jump Item.Is Remote RDP Jump similar to using a VM session?Thanks in advance!

Hello,We are currently integrating credential injection from Password Safe into PRA for Cisco devices using the Shell Jump method.Users are able to successfully authenticate and access the devices with the injected credentials. However, when they attempt to enter "enable" mode to perform configuration changes, the system prompts for the password again.At this point, no credential injection prompt or window is displayed, so users are required to manually enter the password. Since the credentials were injected automatically during the initial login, the users do not have visibility of the password and cannot proceed.There is any feature or recommended approach that allows re-injecting or reusing the credentials once inside the shell session (for example, when escalating to enable mode).Thank you.

The following articles were published last week. New Knowledge Base Articles: KB0022201 - Managed System external Jump items are missing troubleshooting KB0022250 - Canned scripts option missing for macOS remote sessions KB0022262 - File transfer not working for macOS remote session

Hi all, On a Linux Jumpoint, in order for the Web Jump to work, there are a few dependencies that need to be corrected, most of which are included in the POST_INSTALLATION_NOTES text file, like the following:*** NOTE ***If the Web Jump feature is going to be used on Ubuntu 24.04+ or on a similarlyderived Linux distribution, then an AppArmor profile needs to be added by running:    sudo cp "/home/user/Jumpoint/apparmor-profile" /etc/apparmor.d/sra-jpt-1770209519    sudo apparmor_parser -r /etc/apparmor.d/sra-jpt-1770209519 Another dependency is the X11 driver, which is included in the KB for the installation of the Jumpoint (Install a Linux Jumpoint | RS). However, even after completing the above steps, I was getting the following error:/home/user/Jumpoint/sra-web failed with exit c

The following articles were published last week. New Knowledge Base Articles: KB0022358 - Is there a way to prevent screenshots being taken when in session? KB0022373 - Unable to download Access Console from PRA environment KB0022440 - Can port forwarding be used on the SRA appliance for Remote Support or Privilege Remote Access ?

The following articles were published last week. New Knowledge Base Articles: KB0022221 - Privileged Remote Access and Remote Support with VDIs performance delays KB0022246 - Missing Login Prompt on Headless Linux System with Jump Client KB0023017 - How to gather ping and diagnostic stats via the Access or Representative Console

Hi  I have configured PRA where I have jump client and a RDP for a windows Server, when I am accessing I strangely started noticing that Over the Mouse there is a black dot which keeps moving along with the Mouse Arrow cursor. the problem is that they are not in sync, there is a kind of lag, is there a way to fix the Mouse having that black dot., can we remove it.

We have Cimplicity Webspace in our environment, which is web based. The main dashboard does not have a login screen, but each page off of the main page is an embedded IDE object that has its own authentication. We are trying right now to run the application as a Web Jump, but Web Jump does not see the authentication fields because they are in the embedded IDE and not HTML fields.Has anyone found a way to use Cimplicity Webspace with PRA?

We are interested in enabling this option: Force the closure of windows that were opened during the session. We expect that it will close any opened command prompts that are elevated from run as etc. But will it also close other applications that are open done by the user like word/outlook etc. The explanations found on internet and the bt documentation don't say much and would like to know more on this, or if anyone else has enabled it and can tell me what exactly is happening with all the apps that are open when the engineer jumps onto the machine does his bit and jumps off again. We also don't see an option to test it or assign it to a test group to experience the behaviour as it seems to be an all or nothing setting.  

The following articles were published last week. New Knowledge Base Articles: KB0022194 - How to create a registered app for Remote Support and Privileged Remote Access Vault KB0022195 - Error: This account has expired when trying to log into the administrative interface KB0022251 - Vault account fails to check in post-use, becomes unusable

Hello , I see there is only TOTP MFA option in PRA . We are using PRA for external Vendor access where the accounts are quarterly reviewed but as the number of vendor grows , manual errors might increase. Also as the review can not be made more frequent , there is a possibility that Terminated vendor user still has access as they know their PRA login password and have TOTP MFA configured using a personal mobile device. These user identities are in Active Director as well as PRA internal DB. Is there any way to implement email-based MFA so that terminated user will immediately lose access as they wont have access to company email ?I see Radius auth and OKTA can be used both have separate trade-offs

The following articles were published last week. New Knowledge Base Articles: KB0022141 - Web jump error: failed with exit code 2 KB0022157 - Error approving access for others. The approver key is invalid KB0022161 - Authenticate the current url icon is greyed out when Web Jump is launched

Hi AllI am trying to find a way to use the API to force check in of vault accounts which have had their password checked out for over 7 days,I think it is crazy to allow the PRA and the vault account members to checkout their password and allow it to stay checked out (this could be over a year) therefore they could use the password and put it into some automated tasks where it is in plain text and as it is never checked in this will always stay the same.It seems a lot safer if there was an option within PRA to force check in ( a tick box or something ) and a correct schedule that could be set that would check in all passwords on a set day and time and rotate them. Instead I am having to mess about with APIs which are not very well documented in my opinion.Therefore has anyone needed to do this and if so how did they go about it?Thank you in advance.