Recently active topics

Hi All ,Just wondering how others managing “Mandatory multifactor authentication for Azure sign-in” where azure app published as managed apps and ps_automate injecting credential.Given especially user do not know their credential.  Announcing mandatory multifactor authentication for Azure sign-in | Microsoft Azure BlogRegards,M 

Hi everyone,I have a question regarding PASM. I have users and devices managed through Password Safe, and session delivery is handled by PRA. If I want a user connecting from PRA with credentials injected from Password Safe to provide a reason for connecting, where do I configure this in PS or PRA? Also, if they need an approval workflow, where do I configure that in PS or PRA?

I am getting several users complaining about their Avecto Defendpoint Service just stopping all of a sudden. May I ask what is the best way to troubleshoot and find out what is causing the service to stop?I ran a PGCaptureConfig extract and looking at the Avecto IC3 client log, I can see the warning about the “Defendpoint agent service is not running”. I have looked at the Windows event log but it does not really say anything what might have caused the service to stop.

I tried to install my EPM for Windows Local AD connector on a server but it failed on the activation part.Error is:[ERR] [BT.LocalAdConnector.Services.ActivationService] [9] Activation failed.System.Net.Http.HttpRequestException: No such host is known. (xxxxxx-xxxxxxxxx-services.pm.beyondtrustcloud.com:443) ---> System.Net.Sockets.SocketException (11001): No such host is known. My server is connected to my proxy server for external access and I have the policy opened from my server to xxxxxx-xxxxxxxxx-services.pm.beyondtrustcloud.com but it is not getting triggered at all. Am I missing something here? do I need any additional URL for the activation of the AD connector?

Hi Community,I need to make some configuration changes to Password Safe login capabilities. The client has a Cloud instance of Password Safe, and I want to avoid users being locked out of the application in case the configuration fails.Is there a way to back up the SAML IdP configurations so they can be restored if a rollback is needed? Thanks in advance.  

Good day everyone! So recently we have begun to ingest EPM log into MS Sentinel, and I have noticed a difference in the data we see in the console Analytics vs Sentinel. Firstly the integration was simple and straight forward.  Once configured we began to see information flow into Sentinel.  This is not a problem and seems to be working well, we used the CIM format.What we are seeing is good, but it is nowhere near the information we see in the console analytics.Example I will use is logons.  We can see logons in both the analytics and Sentinel, however there is information missing in the information we see in Sentinel, namely privilege. So in the analytics I can see and search on the client privilege, and status of the account (domain, local), but in Sentinel I am not.I just wanted to start a conversation with others who are using a SIEM with EPM or plan too int he near future.  We could compare experiences and possibly see what in store for the future from Beyond Trust.  Thanks, and

Hello, we recently started using BeyondTrust for our Intune-managed MacOS devices, and we have run into an issue with several of our users. They get 10-15 popups a day, saying "Remote Support Customer Client" is requesting to bypass the system private window picker and directly access your screen and audio. Screenshot here:  Here are the details.Device:MacBook Pro (16-inch, 2024) MacOS Tahoe 26.3.2 BeyondTrust Remote Support 25.3.1Symptoms:Pop-ups happen all throughout the day, approximately 10-15 times daily, with no specific trigger. Even after pressing "Allow", the pop-ups continue to reappear. The Pop-ups have the following text: "Remote Support Customer Client" is requesting to bypass the system private window picker and directly access your screen and audio. This will allow Remote Support Customer Client to record your screen and system audio, including personal or sensitive information that may be visible or audible. Troubleshooting steps:Tried turning the setting off and back

My Security Team wants to do unauthenticated scans with Rapid 7 on our Privileged Management on-prem appliances.  I dont see why this would be an issue, but wanted to check if anyone has any experience with this or any issues that they have run into.  Or if anyone from Beyond Trust has any info also that would be great.

Hi Team, The customer has a requirement to maintain segregation for administrators across different sites. Could you please advise how this can be achieved? Currently, we have five sites (A, B,C,D,E,F configured in an Active-Active setup. Each site has its own set of administrators. The customer now requires segregation of duties so that administrators from one site are restricted from viewing or accessing assets, groups, or directory queries belonging to other sites. For example, administrators from the Asite should only be able to view and manage assets, groups, and directory queries related to A, and should not have visibility into resources from the other sites. Please let us know the possible approach to implement this requirement.

The following articles were published last week. New Knowledge Base Articles: KB0021644 - Configuration for Opengear Custom Platform KB0022089 - After Password Safe upgrade getting unauthorized error for Vaulting request KB0022096 - Email alerts received by the appliance. Error - Failed for: 'IUSER_REM', machine name KB0022098 - Custom dashboard disappears after logout or browser change KB0022101 - Resource Broker installations fail "Failed to get server time. One or more errors occurred." KB0022162 - Workforce Passwords URL is trimmed when creating a credential KB0022172 - Large Active Directory (AD) group sync fails - Error Code: RequestTimedOutError Message: Timeout making http request KB0023337 - Unable to view Secrets Safe after upgrade to 25.3 - Failed to fetch folders or An unexpected error occurred KB0023374 - Does Password Safe support Windows Server 2025?  

The following articles were published last week. New Knowledge Base Articles: KB0022044 - Using --nohosts results in error - Required configuration stage not enabled [code 0x0000a606] KB0023321 - Error 1721 installing AD Bridge "There is a problem with this Windows Installer package"  

The following articles were published last week. New Knowledge Base Articles: KB0022023 - Error "HTTP status code: undefined" when trying to log in to Password Safe Cloud KB0022062 - RDP proxied session through Password Safe is missing bgInfo KB0022113 - New Access Policy Setting: API Only Access setting KB0022128 - Password Safe error - Group not provisioned KB0023185 - No application provisioned error intermittently on some users when logging in via SAML KB0023267 - Intune deployed Workforce Passwords constantly prompts notification "Your administrator has updated your Workforce Passwords configuration" KB0023325 - How to update or replace an MFA token (authenticator) for users in Password Safe KB0023328 - After upgrading to 25.3 OAuth does not work KB0023329 - Cannot access policies after upgrading BI and WPE - Oops! Something went wrong! KB0023334 - Unable to use RDP to connect to system when an UK pound symbol is used in AD Password. Error "Contains forbidden characters"

We have defender for endpoint and since past couple of days, we are most of powershell scripts are trying to elevate. Earlier they were running in passive mode. Also many applications including intune pushed scripts are giving Yes/No Promts (Configured in policy). As it was working fine earlier and suddenly started this issue. Anyone else facing the same?

HI All, Good dayDo you have any document/article to migrate from on-prem to password safe cloud. Thanks and looking for your response

This might be a bit too big of a question for this forum. However, I am not sure where to start. We are still somewhat new to PRA. I am wanting to start using Docker containers for our jumpoints instead of putting them on Linux instances. First, where do I go to download the container image? I heard that there is a stock image that we would use and then just input the key to start the connection to our system. Second, can we put the container in a service like AWS container service or Azure container service? Third, and this will show my very beginner level of experience with containers, would we do the firewall rules for the containers the same way that we do them for the Linux servers that are jumpoints?I have a feeling there are other items that I am totally missing, but I figured this is a good start. If you know of documentation you can point me to I am more than happy to start reading and testing things out. 

I have a requirement to deploy a web application that will handle credential injection when users attempt to log on to the vCenter console. From an RDS perspective, what would be the recommended approach? Specifically, can I leverage my existing Brokers to publish this application, given that I currently support approximately 70 concurrent RDP and SSH sessions distributed across three brokers? Or is it strongly advised to provision dedicated RDS servers for this purpose?!--endfragment>!--startfragment>

Tell Us What You Want to LearnWe’re opening up a new series of informal, instructor‑led sessions, and we want your input to decide what topics we cover next. If there’s a feature you’ve been curious about, a concept you’d like explained more clearly, or an area of a product you’d like to explore in more depth, this is your chance to tell us. Share the topics you’d like our instructors to walk through, and we’ll build short, discussion‑focused sessions around the most requested ideas. We’ll be collecting suggestions until March 27th, and then our instructors will schedule sessions based on the themes you submit. To keep these sessions useful and relevant for everyone, a few guidelines:This isn’t a space for troubleshooting, error messages, or support‑ticket issues. We can’t address environment‑specific setups or consulting‑style questions. Topics should be broad enough for an instructor to cover without formal labs.We look forward to hearing from you!

Hi,Has anyone tried using a custom platform in Password Safe to onboard Allied Telesis? Hoping for your help. Thank you

Hi,Usually we do the workaround of reinstalling BeyondTrust client when it affects more than 30% usage but now it takes up to 98% and reinstallation also does not help.Please let me know if you have any ideas on this issue.

Hi All,In PRA, we have a SAML security provider configured for user authentication and provisioning. User will only be provisioned when they first-time logged in.Is there anyway we can pre-provision the users by LDAP/AD Group synchronization similar functionality as Password Safe (without using SCIM). Thanks, 

Hello Team,We will be moving/migrating our on-prem EPM to the cloud in the upcoming months and I was just looking for any insights or things to look out for during or after the migration.Thank you for anything you can share.

We would like to confirm the current behavior of the sorting function on the Events page in Privilege Management Console.Environment : Privilege Management Console 25.8.865Location in the UI : Home > Analytics > EventsObservationOn this page, only a few fields such as the following display a triangle sorting indicator next to the column label: VirusTotal Score Time Since Last Lookup Other fields do not display this indicator.In addition, when the triangle icon is clicked, the icon changes direction (upward / downward), but the actual list order does not appear to change.Questions Is it expected that only certain fields show the sorting indicator? Is the sorting function currently implemented only for specific fields? Enhancement requestIf sorting is intended to be available, it would be helpful if: the sorting indicator and functionality were consistently available across sortable fields, and clicking the indicator clearly changed the sort order of the list. For reference,

HelloWe have a situation with the Web Jump where user needs to open a specific website which automaticaly downloads an instalation package. I was able to configure web jump but when user connects to it - it just displays the webpage. Is it possible to set web jump to auto download the file after connecting?Kind Regards

I am encountering a limitation when using BeyondTrust Privileged Remote Access (PRA) for remote access to network shares.I tested an alternative using: Jump Client Session Policies → File Transfer tab ➡️ File transfer works correctly from the remote machine.❌ However, the main issue is that: The session runs under a local administrator account The user accessing the session does have access to the shared folders, but not when using their Active Directory account Requirement / QuestionI would like to know if there is a way: To access the remote machine via Jump Client (File Transfer tab) using the user’s Active Directory account during the session Specifically through: A network tunnel Running the session in the Active Directory user context Active Directory credential injection Or any other native BeyondTrust PRA functionality ObjectiveAllow the remote user to access shared folders and files using their Active Directory account, without using a local administrator account on

Hello Team, We are planning to implement automation in such way that there should not be any need to go into configuration page and create new credentials (for scan account) manually.However, I would like to know do we have any automated way to create or update scan credentials (as it seems Rest API is not available). Thanks,Prasad