Recently active topics

Hello, we recently started using BeyondTrust for our Intune-managed MacOS devices, and we have run into an issue with several of our users. They get 10-15 popups a day, saying "Remote Support Customer Client" is requesting to bypass the system private window picker and directly access your screen and audio. Screenshot here:  Here are the details.Device:MacBook Pro (16-inch, 2024) MacOS Tahoe 26.3.2 BeyondTrust Remote Support 25.3.1Symptoms:Pop-ups happen all throughout the day, approximately 10-15 times daily, with no specific trigger. Even after pressing "Allow", the pop-ups continue to reappear. The Pop-ups have the following text: "Remote Support Customer Client" is requesting to bypass the system private window picker and directly access your screen and audio. This will allow Remote Support Customer Client to record your screen and system audio, including personal or sensitive information that may be visible or audible. Troubleshooting steps:Tried turning the setting off and back

My Security Team wants to do unauthenticated scans with Rapid 7 on our Privileged Management on-prem appliances.  I dont see why this would be an issue, but wanted to check if anyone has any experience with this or any issues that they have run into.  Or if anyone from Beyond Trust has any info also that would be great.

Hi All ,Just wondering how others managing “Mandatory multifactor authentication for Azure sign-in” where azure app published as managed apps and ps_automate injecting credential.Given especially user do not know their credential.  Announcing mandatory multifactor authentication for Azure sign-in | Microsoft Azure BlogRegards,M 

I tried to install my EPM for Windows Local AD connector on a server but it failed on the activation part.Error is:[ERR] [BT.LocalAdConnector.Services.ActivationService] [9] Activation failed.System.Net.Http.HttpRequestException: No such host is known. (xxxxxx-xxxxxxxxx-services.pm.beyondtrustcloud.com:443) ---> System.Net.Sockets.SocketException (11001): No such host is known. My server is connected to my proxy server for external access and I have the policy opened from my server to xxxxxx-xxxxxxxxx-services.pm.beyondtrustcloud.com but it is not getting triggered at all. Am I missing something here? do I need any additional URL for the activation of the AD connector?

Hi Team, The customer has a requirement to maintain segregation for administrators across different sites. Could you please advise how this can be achieved? Currently, we have five sites (A, B,C,D,E,F configured in an Active-Active setup. Each site has its own set of administrators. The customer now requires segregation of duties so that administrators from one site are restricted from viewing or accessing assets, groups, or directory queries belonging to other sites. For example, administrators from the Asite should only be able to view and manage assets, groups, and directory queries related to A, and should not have visibility into resources from the other sites. Please let us know the possible approach to implement this requirement.

The following articles were published last week. New Knowledge Base Articles: KB0021644 - Configuration for Opengear Custom Platform KB0022089 - After Password Safe upgrade getting unauthorized error for Vaulting request KB0022096 - Email alerts received by the appliance. Error - Failed for: 'IUSER_REM', machine name KB0022098 - Custom dashboard disappears after logout or browser change KB0022101 - Resource Broker installations fail "Failed to get server time. One or more errors occurred." KB0022162 - Workforce Passwords URL is trimmed when creating a credential KB0022172 - Large Active Directory (AD) group sync fails - Error Code: RequestTimedOutError Message: Timeout making http request KB0023337 - Unable to view Secrets Safe after upgrade to 25.3 - Failed to fetch folders or An unexpected error occurred KB0023374 - Does Password Safe support Windows Server 2025?  

The following articles were published last week. New Knowledge Base Articles: KB0022044 - Using --nohosts results in error - Required configuration stage not enabled [code 0x0000a606] KB0023321 - Error 1721 installing AD Bridge "There is a problem with this Windows Installer package"  

The following articles were published last week. New Knowledge Base Articles: KB0022023 - Error "HTTP status code: undefined" when trying to log in to Password Safe Cloud KB0022062 - RDP proxied session through Password Safe is missing bgInfo KB0022113 - New Access Policy Setting: API Only Access setting KB0022128 - Password Safe error - Group not provisioned KB0023185 - No application provisioned error intermittently on some users when logging in via SAML KB0023267 - Intune deployed Workforce Passwords constantly prompts notification "Your administrator has updated your Workforce Passwords configuration" KB0023325 - How to update or replace an MFA token (authenticator) for users in Password Safe KB0023328 - After upgrading to 25.3 OAuth does not work KB0023329 - Cannot access policies after upgrading BI and WPE - Oops! Something went wrong! KB0023334 - Unable to use RDP to connect to system when an UK pound symbol is used in AD Password. Error "Contains forbidden characters"

We have defender for endpoint and since past couple of days, we are most of powershell scripts are trying to elevate. Earlier they were running in passive mode. Also many applications including intune pushed scripts are giving Yes/No Promts (Configured in policy). As it was working fine earlier and suddenly started this issue. Anyone else facing the same?

HI All, Good dayDo you have any document/article to migrate from on-prem to password safe cloud. Thanks and looking for your response

This might be a bit too big of a question for this forum. However, I am not sure where to start. We are still somewhat new to PRA. I am wanting to start using Docker containers for our jumpoints instead of putting them on Linux instances. First, where do I go to download the container image? I heard that there is a stock image that we would use and then just input the key to start the connection to our system. Second, can we put the container in a service like AWS container service or Azure container service? Third, and this will show my very beginner level of experience with containers, would we do the firewall rules for the containers the same way that we do them for the Linux servers that are jumpoints?I have a feeling there are other items that I am totally missing, but I figured this is a good start. If you know of documentation you can point me to I am more than happy to start reading and testing things out. 

I have a requirement to deploy a web application that will handle credential injection when users attempt to log on to the vCenter console. From an RDS perspective, what would be the recommended approach? Specifically, can I leverage my existing Brokers to publish this application, given that I currently support approximately 70 concurrent RDP and SSH sessions distributed across three brokers? Or is it strongly advised to provision dedicated RDS servers for this purpose?!--endfragment>!--startfragment>

Tell Us What You Want to LearnWe’re opening up a new series of informal, instructor‑led sessions, and we want your input to decide what topics we cover next. If there’s a feature you’ve been curious about, a concept you’d like explained more clearly, or an area of a product you’d like to explore in more depth, this is your chance to tell us. Share the topics you’d like our instructors to walk through, and we’ll build short, discussion‑focused sessions around the most requested ideas. We’ll be collecting suggestions until March 27th, and then our instructors will schedule sessions based on the themes you submit. To keep these sessions useful and relevant for everyone, a few guidelines:This isn’t a space for troubleshooting, error messages, or support‑ticket issues. We can’t address environment‑specific setups or consulting‑style questions. Topics should be broad enough for an instructor to cover without formal labs.We look forward to hearing from you!

Hi,Has anyone tried using a custom platform in Password Safe to onboard Allied Telesis? Hoping for your help. Thank you

Hi,Usually we do the workaround of reinstalling BeyondTrust client when it affects more than 30% usage but now it takes up to 98% and reinstallation also does not help.Please let me know if you have any ideas on this issue.

Hi All,In PRA, we have a SAML security provider configured for user authentication and provisioning. User will only be provisioned when they first-time logged in.Is there anyway we can pre-provision the users by LDAP/AD Group synchronization similar functionality as Password Safe (without using SCIM). Thanks, 

Hello Team,We will be moving/migrating our on-prem EPM to the cloud in the upcoming months and I was just looking for any insights or things to look out for during or after the migration.Thank you for anything you can share.

We would like to confirm the current behavior of the sorting function on the Events page in Privilege Management Console.Environment : Privilege Management Console 25.8.865Location in the UI : Home > Analytics > EventsObservationOn this page, only a few fields such as the following display a triangle sorting indicator next to the column label: VirusTotal Score Time Since Last Lookup Other fields do not display this indicator.In addition, when the triangle icon is clicked, the icon changes direction (upward / downward), but the actual list order does not appear to change.Questions Is it expected that only certain fields show the sorting indicator? Is the sorting function currently implemented only for specific fields? Enhancement requestIf sorting is intended to be available, it would be helpful if: the sorting indicator and functionality were consistently available across sortable fields, and clicking the indicator clearly changed the sort order of the list. For reference,

HelloWe have a situation with the Web Jump where user needs to open a specific website which automaticaly downloads an instalation package. I was able to configure web jump but when user connects to it - it just displays the webpage. Is it possible to set web jump to auto download the file after connecting?Kind Regards

I am encountering a limitation when using BeyondTrust Privileged Remote Access (PRA) for remote access to network shares.I tested an alternative using: Jump Client Session Policies → File Transfer tab ➡️ File transfer works correctly from the remote machine.❌ However, the main issue is that: The session runs under a local administrator account The user accessing the session does have access to the shared folders, but not when using their Active Directory account Requirement / QuestionI would like to know if there is a way: To access the remote machine via Jump Client (File Transfer tab) using the user’s Active Directory account during the session Specifically through: A network tunnel Running the session in the Active Directory user context Active Directory credential injection Or any other native BeyondTrust PRA functionality ObjectiveAllow the remote user to access shared folders and files using their Active Directory account, without using a local administrator account on

Hello Team, We are planning to implement automation in such way that there should not be any need to go into configuration page and create new credentials (for scan account) manually.However, I would like to know do we have any automated way to create or update scan credentials (as it seems Rest API is not available). Thanks,Prasad  

Hello Team, We are looking for KBA article, pointer to know how MongoDB instances can be configured in BeyondTrust Password safe. We are looking for similar option as we do while performing asset scan (with database option checked) for Oracle type databases. Thanks,Prasad

Out shop is using BeyondTrust 25.2 and soon upgraded to 25.3  I find the current reporting and analysis is quite limited in terms of functionality.  I would like to see if you faced the same or any other circumventions.  I regarded my requirements quite elementary however, it turns out to my very big despair. In fact, my intention is to produce a holistic entitlement report for review purpose.  Our interest is to export an excel like format with  user id                            list of managed accounts                                       role (requestor/auditor/approver)  Now, I try to use smart rule details of password safe.   However, the structure of this is totally unacceptable as if you want to download.   100 Smart rules will need to download 200 times which is very time consuming other next, is to associate by table join to group entitlement report as I don’t want reviewers to know which groups and in particular smart groups which are no meaning to them as well as they are

Dear all,I am seeking your assistance regarding a challenge we are facing in our current project to present events generated by the EPM-W Agent in PowerBI.As you are aware, the GUI allows us to download up to 5 million records, but this process is often time-consuming, especially when the data size reaches several gigabytes. Additionally, I recently learned that the API has a limit of only 10,000 events per request, which is insufficient for our environment. We generate approximately 455,882,549 events over a 30-day period. While I am actively working to reduce the number of events, this is our current situation.Your advice on how to efficiently process and visualize such large datasets in PowerBI would be greatly appreciated. Specifically, if there are ways to increase the API limit or alternative best practices for handling this scale of data, please let me know.

Hi Team,I am trying to create the EntraId group in Beyondtrust password using API. I am calling below API to do it https://jlr-uat.ps.beyondtrustcloud.com/BeyondTrust/api/public/v3/usergroupsBelow is the body param I am providing {"isActive":"true","groupType":"EntraID","groupName" :"***","description" :"***","TenantId" : "5....","ClientId" : "3873..","ClientSecret" : "d....."}Client Id and client secret is correct. I have provided below permission to group which has API key configured   When I am trying to create the group for group type as Entra Id I am getting error message which says ""Unsupported group type: EntraID"I am following below documentationhttps://docs.beyondtrust.com/bips/reference/post-api-public-v3-usergroupsIn event logs I see below error Warning DetailsMessageBadRequest (400) - "Unsupported group type: EntraId"Exception--ThreadId102HttpRequestIde7d013ef-d20f-46c9-9e37-066becSourceServicepublicapiStatusCode0ElapsedMilliseconds0From Password Safe, I am able to Add gro