Recently active topics

Hello! Does the EPM W Package Manager automatically update itself or we can control it . I see we can control the adapter and client version while using the Package Manager but don’t see a setting to control the version of PM .

I am trying to configure my SNMP connector but the guides I am seeing (SNMP Trap and Syslog Event Forwarding | BI) have outdated screenshots and new features are not on the details.Has anybody implemented the SNMP event connector yet on their environment? Was wanting to know what are the recommended Authentication protocols and the privacy protocols are.

Qurestion for beekepers , has anyone onboarded XEN hypervisor as password sase does not have a platform for this as default . Require guidance on how we can onboard XEN hyperviors onto PS

We are currently facing a challenge in securely providing users with sudo/root access. Our requirement is to allow users to log in to servers and perform tasks with elevated permissions without retrieving or exposing the root password.Currently, when users launch a PuTTY session, it does not prompt for additional permissions initially. However, once they attempt to execute commands using sudo (the user is LDAP-authenticated with sudo privileges), the system requests a password.We have enabled password retrieval from  Password Safe. Our concern is that enabling password retrieval for such access would violate our internal security policies. We are looking for a secure solution that allows users to perform sudo tasks during the PuTTY session without compromising password security. 

Hello!I am curious to know what type of filtering and packet inspection controls are typically recommended/used for on-prem PRA/RS appliances. As typical use cases (e.g. remote users, vendor access etc.) require the appliance to be external network facing , it is not feasible to restrict access to IP ranges. Based on KB articles SSL Offloading is not supported for client to appliance communication.Question: What typical network security controls are recommended apart from restricting the outbound from appliance, blocking known-bad source IPs, and segmentation.Anyone using Web App Firewalls , NGFWs or IDPS effectively ? Are there any resources available that can help identifying know benign traffic vs malicious traffic ?

Hi community,I have an integrated PASM environment deployed in Pathfinder. I have a group of dedicated admin accounts that I want to make available to a specific group of users.I configured requester permissions for this user group over the dedicated admin account smart group. The access policy is configured for auto-approval.I want to prevent users from requesting the password directly from the Password Safe user console, so they cannot access the servers without using PRA. To achieve this, I enabled the “API Only Access” option in the access policy, but the users are still able to request the accounts through Password Safe.I verified that:The users belong to only one user group. The only smart group with configured permissions is the one described above.Am I missing something, or is there another way to restrict managed account access?Thank you.

Initial Pairing ConfigurationSetting up the pairing takes a few steps.Test sequence was resetTest heartbeat communication passedTest file transfer from Active to Passive failed. TEST FAILED - Error occurred during test steps: Doing ensure file doesn''t exist on target... "" ERROR on test: sending file to remote system The request channel timed out while waiting for a reply after 00:01:00. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. ERROR on test setup: trying to get file from remote system The request channel timed out while waiting for a reply after 00:01:00. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout.  This error is coming when configuring active and passive HA configuration on vmware workstation. Ple

Hi everyone. I have a question about the concurrent connection capacity of BI Password Safe.Let’s say our appliance has 16 cores and 32 GB of RAM. 1. What is the limit on concurrent connections based on the specs above?2. When and under what circumstances should we upgrade the RAM or CPU if necessary? Thank you. I’d appreciate your guidance.

I need to execute MSEDGE in kioskmode but the INI configuration only works when I test in the Remote Server, when I try to open the published application the browner opens in regular mode.I'm testing using the same command lines configured in the application.What am I doing wrong?

Hi community,I’m Andrew Rivera, a Product Manager at BeyondTrust, and I’d like to invite interested customers to participate in an upcoming beta for a new product we’re actively developing on the BeyondTrust Pathfinder platform: Workload Credentials.Workload Credentials is designed for modern cloud-native and DevOps environments, enabling workloads such as CI/CD pipelines, Kubernetes workloads, Terraform, and AI agents to authenticate using workload identity (OIDC) and receive short-lived, automatically expiring credentials — eliminating the need for static secrets and manual credential rotation.We’re looking for customers interested in evaluating the current functionality and helping shape the future direction of the product through real-world feedback and collaboration with our product and engineering teams.Current areas of focus include:OIDC federation Dynamic AWS credentials Kubernetes and CI/CD integrations Policy-based access controls This beta is best suited for DevOps, SRE, Clo

Hi community,I’m Andrew Rivera, a Product Manager at BeyondTrust, and I’d like to invite interested customers to participate in an upcoming beta for a new product we’re actively developing on the BeyondTrust Pathfinder platform: Workload Credentials.Workload Credentials is designed for modern cloud-native and DevOps environments, enabling workloads such as CI/CD pipelines, Kubernetes workloads, Terraform, and AI agents to authenticate using workload identity (OIDC) and receive short-lived, automatically expiring credentials — eliminating the need for static secrets and manual credential rotation.We’re looking for customers interested in evaluating the current functionality and helping shape the future direction of the product through real-world feedback and collaboration with our product and engineering teams.Current areas of focus include:OIDC federation Dynamic AWS credentials Kubernetes and CI/CD integrations Policy-based access controls This beta is best suited for DevOps, SRE, Clo

Hi community,I’m Andrew Rivera, a Product Manager at BeyondTrust, and I’d like to invite interested customers to participate in an upcoming beta for a new product we’re actively developing on the BeyondTrust Pathfinder platform: Workload Credentials.Workload Credentials is designed for modern cloud-native and DevOps environments, enabling workloads such as CI/CD pipelines, Kubernetes workloads, Terraform, and AI agents to authenticate using workload identity (OIDC) and receive short-lived, automatically expiring credentials — eliminating the need for static secrets and manual credential rotation.We’re looking for customers interested in evaluating the current functionality and helping shape the future direction of the product through real-world feedback and collaboration with our product and engineering teams.Current areas of focus include:OIDC federation Dynamic AWS credentials Kubernetes and CI/CD integrations Policy-based access controls This beta is best suited for DevOps, SRE, Clo

Hi everyone,I was trying to automate credential injection for Kaspersky Security Center and apparently PS_Automate does not support applications in .msc format.Is there a workaround to get this application successfully automated with credential injection through password safe. Thank you.

We have enabled Log "Run As" Special Action Commands in the Session Reports, but is there a way to extract just this specific details to see on which devices this has been run? I've checked back and forth the reportings, exported many reports, but none seem to have this data..

The following articles were published last week. New Knowledge Base Articles: KB0021273 - Remote Support Shell Jump greyed out: unable to create Shell Jump shortcut KB0021911 - Remote Support error - Your BeyondTrust Remote Support license has expired KB0022284 - Linux Jumpoint installation error - Failed at step EXEC spawning /home/beyondtrust/jumpoint/init-script: Permission denied KB0022322 - Can RS or PRA failover be configured so a specific appliance automatically reclaims the primary role once it comes back online? KB0022323 - Unable to remove users from a Jump Group KB0022345 - Where is the download license usage report? KB0022348 - Unable to override Jump Policy. Error - The Jump Policy's schedule does not permit a session to start at this time KB0022355 - Why do remote sessions default to the EN-US keyboard layout? KB0022366 - How many concurrent sessions does a Jump

The following articles were published last week. New Knowledge Base Articles: KB0022243 - Privileged Remote Access report types and how to create them KB0022284 - Linux Jumpoint installation error - Failed at step EXEC spawning /home/beyondtrust/jumpoint/init-script: Permission denied KB0022321 - What application parameters are available for the PRA BeyondTrust Desktop agent? KB0022322 - Can RS or PRA failover be configured so a specific appliance automatically reclaims the primary role once it comes back online? KB0022323 - Unable to remove users from a Jump Group KB0022345 - Where is the download license usage report? KB0022348 - Unable to override Jump Policy. Error - The Jump Policy's schedule does not permit a session to start at this time KB0022366 - How many concurrent sessions does a Jump Client Support? KB0022375 - Can session recordings be deleted? KB002

The following articles were published last week. New Knowledge Base Articles: KB0022403 - Issue with computer or adapter IDs (GUIDs) being overwritten KB0023505 - Trying to start the EPM cloud adapter results in Error 1053: The service did not respond to the start or control request in a timely fashion KB0023531 - Performance issue in EPM-M - Failed to look up group account KB0023543 - Add to Policy from Analytics v2 creates definition that does not work KB0023545 - Endpoint Utility connection test error - Unexpected communication error. Access to the path 'C:\...\EventService' is denied.

The following articles were published last week. New Knowledge Base Articles: KB0022368 - Pathfinder account permissions do not carry over to Entitle account - Only Requests and My Settings are available KB0023213 - Mongo DB connection string does not show when performing an Access Request

The following articles were published last week. New Knowledge Base Articles: KB0021586 - Start Application with option "Launch Application in RemoteApp mode" fails with error: "Because of a protocol error this session will be disconnected..." KB0022431 - When the user goes to share the secret, they do not see or get the option to select which safe to add it to. KB0022731 - Archived session monitoring files consuming large amount of disk space on the Resource Broker KB0023284 - Is TOTP secret associated with Authenticator App and the user stored and encrypted in Password Safe? KB0023529 - Can the btadmin account for Password Safe Web Console logins be deleted? KB0023559 - Why does the appliance backup process use so much RAM? KB0023560 - How does the download feature work on the Backup and Restore page in the appliance? KB0023561 - Is it possible to move a U-Series Appliance configuratio

Hi there,We have set up MFA-Messages to authenticate admins when installing software on a client. This also needs to be done on “user-clients”. The problem is that you actually can use the admin mfa session to access various ressources such as microsoft admin portal if youre not actively sign out or do the authentication in private-tab.I already tried to use the following in my entra application, but this does not seem to work: Has anyone setup an MFA-Authentication in Messages for EPM-W and may assist?Many Thanks!

Like the title says, I have a couple of non-domainjoined windows VMs, which I would like to be able to use multisessions on, credential injection works fine obviously for the Jump point object, meaning the local account credentials are managed in PRA, but Remote RDP doesn’t seem to support it, unless I’m missing something.We do not use Password Safe, only the built in credential Vault.

Hi, is there a way in PRA console to identify which Jumpitems are being used by user to stablish connection to end points? Just want to make sure all my 4 jumpitems are being used.

Ran into an issue while upgrading to 25.3.3 (and 26.1.1 + Base 8.2) this week, maybe I’m incorrect in my assertion but I’ve updated our appliance several times since going live, and haven’t had this issue before.After updating to 25.3.3 all of our Desktop clients stopped working, we use SAML auth, and the SAML itself works fine, we see successful logins, but when the login is complete, the desktop console doesn’t do anything, it remains in its default state, waiting for you to press login, and the cycle repeats.I tested this both on going from 25.3.2 to 25.3.3 and 26.1.1, with desktop consoles both on 25.3.2 and 25.3.3, same thing on both.Again, I’ve updated the appliance several times, without the need to manually re-install the desktop console.SAML login to the /login page and /console page in web works fine.

Hello,I would like guidance on recommended best practices for Smart Group to User Group mapping.Requirement:Multiple teams will access dedicated managed accounts.We are evaluating the following design approaches:Option 1:Maintain only two common user groups globally: Read-Only Users Read-Write Users Map all dedicated account Smart Groups across teams to these shared groups.Option 2:Maintain separate user groups for each team, even if permissions are identical. Example: Team A – RO / RW Groups Team B – RO / RW Groups We would appreciate guidance on:Recommended best practices for large scale deployments. RegardsGB