Recently active topics

HiI am facing one issue with Application onboarding i have onboarded ssms as application however when i am trying to launch it from password safe, rdp session connects and automatically disconnects within seconds. it simply signs out me of rds server. login account has access to rds server.have you faced this issue any idea how to solve this RegardsImran

Hi Team, I have requirement wherein I need to open Browser as RunApp. I cannot use TargetURL option as targetULR option will open Browser in Private Mode.  We have some restriction and due to which we cannot open the URL in private mode. I am insisted trying to open the chrome/Edge as RunApp option which opens the browser in Normal Mode and ULR is also getting opened.  My next target is click some other link which are present on landing page. I am using TAB key to bring the cursor to link but Tab key is not working and it is not bring the cursor to link on which I want to click.   Hence I am unable to move a head.Below is my basic INI file [General]RunApp="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe %targeturl%"[TaskSequence1]SendKeys={TAB}{TAB}{TAB}{TAB}{TAB} Has any one face similar issue ? can anyone please tell me how was it solved. thanks in advance Regards,Imran Aliyani

 Context: The Endpoint Credential Manager (ECM) Software Development Kit for BeyondTrust Privileged Remote Access (PRA)  and Remote Support (RS)  allows developers to leverage a Credential Provider other than the one included (Vault) to allow Users to inject credentials when for accessing a Jump Client, a Web Jump, etc. This guide covers a specific example:  CyberArk Self-Hosted aka on-premises, Cloud. This guide also shows how to create a Custom Source to manage the configuration and credentials needed for the Plugin to authenticate to PRA and RS on one side, and to CyberArk on the other side. ######  IMPORTANT:  A new version is available via Reply below.  ####### Jump Client example leveraging CyberArk  secret. Note: Secure Remote Access (SRA) is used to refer to both PRA and RS. IMPORTANT: The example ECM Plugin covered in this tutorial has not been tested yet against a live instance of CyberArk Self-Hosted or Cloud, and is based on documentation only for the CyberArk Cloud REST AP

Hello, how are you?Has anyone else encountered problems importing a .csv file and received this message?I tried downloading credentials directly from the vault and then tried importing them to another folder within the vault.The profile already has a Workforce license.I also tried with the administrator profile without success.I also used the documentation without success.https://docs.beyondtrust.com/bips/docs/secrets-safe-configure-bi-cloud The import could not be performed. 

I’m posting this to see if anyone has run into this situation to see what their outcome was. We currently have two devices that do not show an active policy on the client, the platform shows a policy and that it is connected, but the device will not pull a policy. We have tried using the agentprotectionutility to generate a token but that token does not work. We have tried this with several computers, verified the token does work on a device that is not having the issue. Now we’ve tried moving that device to a test policy with agentprotectionstate set to 0, requested update from the device through the BT platform, rebooted the device, same issue. This device will not show a BT prompt for anything, UAC for everything, unable to modify any registry settings regarding BT, token does not work, moving to another policy with agentprotection disabled didn’t change anything. Reinstalling the agent doesn’t change anything. At this point it seems like there is nothing else that can be done and s

Dear all,I am seeking your assistance regarding a challenge we are facing in our current project to present events generated by the EPM-W Agent in PowerBI.As you are aware, the GUI allows us to download up to 5 million records, but this process is often time-consuming, especially when the data size reaches several gigabytes. Additionally, I recently learned that the API has a limit of only 10,000 events per request, which is insufficient for our environment. We generate approximately 455,882,549 events over a 30-day period. While I am actively working to reduce the number of events, this is our current situation.Your advice on how to efficiently process and visualize such large datasets in PowerBI would be greatly appreciated. Specifically, if there are ways to increase the API limit or alternative best practices for handling this scale of data, please let me know.

Hello everyone. In managing accounts in our environment, I've identified some accounts that fail during password testing. "Error[9] - code: 49, error: The supplied credential is invalid.The password for 'ACCOUNT' on domain 'DOMAIN' is invalid..." What I've identified is that this is caused by the account only being able to log in on two devices on the network, defined in the "Log on to..." option of Active Directory.Removing any device from this list makes the test work correctly.This makes sense because the password test is simply a login to a Domain Controller to validate if it's correct. Now comes the question... Is there any way to make this password test work even with devices listed in Log on to...?The only way I thought of would be to add the domain controller to the "Log on to" list. But then I would have to add all the Domain Controllers in our environment or limit it to a single Domain Controller that this account will be managed on, right? Has anyone else experienced this? R

Out shop is using BeyondTrust 25.2 and soon upgraded to 25.3  I find the current reporting and analysis is quite limited in terms of functionality.  I would like to see if you faced the same or any other circumventions.  I regarded my requirements quite elementary however, it turns out to my very big despair. In fact, my intention is to produce a holistic entitlement report for review purpose.  Our interest is to export an excel like format with  user id                            list of managed accounts                                       role (requestor/auditor/approver)  Now, I try to use smart rule details of password safe.   However, the structure of this is totally unacceptable as if you want to download.   100 Smart rules will need to download 200 times which is very time consuming other next, is to associate by table join to group entitlement report as I don’t want reviewers to know which groups and in particular smart groups which are no meaning to them as well as they are

In BeyondTrust Password Safe, Cloud  why are some manually added assets unable to change the assigned workgroup? The option appears unavailable & disabled.  

Hello everyone!We are facing a possible configuration issue, we believe.Is there any setting for using BeyondTrust Workforce Passwords in a fixed browser window? The problem is that every time we authenticate, a new browser window opens, causing us to lose visibility and usability. Has anyone else encountered this situation?Thank you very much.  

Use case - someone knows they are working on the weekend and they will need access to a bundle so want to schedule when the request will start I know you can use pagerduty or similar on call tools but in the absense of these…Seems a pretty standard requirement so wonder if I’m just missing a trick somewhere? :)

I understand that to implement TAP you add the TAP High Flex or High Security workstyles but what is this option in all workstyles:And given that specific rules block or allow and audit, what does this do?TIA

Installing the Linux Remote Support jumpclient in system mode breaks our GDM authentication configuration by installing the file /etc/dconf/profile/gdm with the contents:user-db:user system-db:gdm file-db:/usr/share/gdm/greeter-dconf-defaultsRedHat systems configure gdm by default via the dconf site database. RedHat expects a confguration like:user-db:user system-db:local system-db:site system-db:distro By removing the local, site, and distro DBs you are completely breaking the standard RedHat configuration. This is completely irresponsible on your part to be modifying such a critical system configuration. This took most of my day to resolve and locked a couple of users out of their machines for a few hours.I had actually just decided to enable your automatic updating of Remote Support - but that is out the window now if you are going to be releasing stuff like this.

The following articles were published last week. New Knowledge Base Articles: KB0022065 - Unable to install Jumpoint on Debian 11 OS. Error - PUSH_AGENT:ERROR exception occurred while connecting to gateway

The following articles were published last week. New Knowledge Base Articles: KB0022065 - Unable to install Jumpoint on Debian 11 OS. Error - PUSH_AGENT:ERROR exception occurred while connecting to gateway KB0023271 - Testing email from PRA results in error - Unknown error occurred. XOAUTH2 authentication failed CODE:535 verify the configuration

The following articles were published last week. New Knowledge Base Articles: KB0022077 - EPM Cloud not authenticating after changing OIDC settings from Azure B2B to another provider KB0023327 - Apple's SecurityAgent is stealing keyboard focus when EPM-M is installed KB0023330 - EPM-M (macOS) device with Windows Defender installed fails to wake up from sleep KB0023333 - Webhook is not being sent for JIT admin notifications

The following articles were published last week. New Knowledge Base Articles: KB0022050 - What is an integration account and how does it relate to performing access requests? KB0022639 - Performing an Access Request generates the "Can't create a new task..." error message

The following articles were published last week. New Knowledge Base Articles: KB0021637 - Discovery scan results show "Not Enough Data (No Open or Closed Ports)" for some Cisco switches KB0022048 - After editing a Built-in custom platform, the configurations were reset KB0023338 - Quick Connect and Password retrieval on version 25.3.0.1965 not working

Is it possible to launch multiple or duplicate tabs in a Web Jump?

Hi All,I have the PWS to PRA connection functional and have imported managed systems and account and can inject using the console from my account. BUT one of the use cases that sold us on this solution was to onboard our 3rd parties.So, during the build I onboarded an account from a different domain. (eg. my admin account is luke@company1.com and the test account is test@company2.com).When I just and start a jump when logged in as test@company2.com, no creds are injected and when I check the PWS logs I can see an error that the account from comany2.com does not exist, and this is correct. Company2 only exists at PRA not PWS.Have I done my build wrong???  Plugin found no credentials - [436c54cfe6ea4ccfa2053d1b94db6ec6]: Unable to authenticate app and run-as user; verify the API Registration, SSL/TLS Settings, and user permissions -- originalUsername=[test1], originalUserDomain=[] -- Details: Failed to authenticate due to one or more authentication rules.

Recently, we upgraded several customers to versions 25.1.1 and 25.3 of Password Safe/BI, and we have encountered an issue when accessing some SSH devices:"Managed system host key check is enabled but the list of accepted host keys is empty."In some cases, enabling the Auto Accept Initial Key property on the Managed System resolves the issue.However, for certain managed systems, this setting causes access problems.Has anyone else experienced this behavior or found an definitive and clear solution?

Hi all! Hope you are doing well.I’ve encountered an issue regarding installation of BT RS. Currently I have about 60 users that have the Jump Client installed on their device. I wanted to update the clients, and it seems like the .dmg file now says sra-scc-<uid>.dmg, and not bomgar-scc-<uid>.dmg (I believe this is not the issue though).Right now, when I prepared the package to be deployed from Jamf Pro (our MDM), the package installs, it shows the BT RS icon on the top-menu bar for a split second (it’s crossed), and then disappears. I can’t see the newly installed jump client in my representative console, so basically it’s like it installed for a moment, then uninstalled or is not present on the machine. I’ve followed the ‘mass deploy on macOS’ instruction, so have all the PPPC settings as well. I have also included the xattr command into the deployment script, but it looks like it does not matter whether it is included or not, the same situation keeps happening on both set

One of the laptop our company recent setup had error: BeyondTrust Jump Client disconnected from xxxxxxxxxBeyondTrust representative can not even find the computer name or ip address. Reconnect doesn't work at all and Enabled was ticked. 

Hello everyone, Is there any way to filter the linking of domain accounts in Oracle databases?In my environment, I have some accounts that are linked to Windows servers. However, this link is extending to Oracle databases located on these same servers.So when I go to Password Safe > Directory Linked Accounts and filter by the server in question, the credentials appear duplicated, pointing to the Server system and the Database system.We don't use these domain accounts to access the Oracle databases, and I understand that this link is being replicated by the smart rule created for linking the accounts to the server only. This is also causing me problems with the Secret Cache replication, which is collecting the passwords of these accounts and registering the database as the System, and not the System I registered for these accounts to be linked. Regards,Rudolf.

Hi All,In PRA, we have a SAML security provider configured for user authentication and provisioning. User will only be provisioned when they first-time logged in.Is there anyway we can pre-provision the users by LDAP/AD Group synchronization similar functionality as Password Safe (without using SCIM). Thanks,