The BeyondTrust Password Safe integration makes it easy for users to sign into systems using credentials stored in BeyondTrust. Remote Desktop Manager leverages credentials from Password Safe to bridge the gap between connecting to remote systems and securing secrets.
Four different entry types are available. Here is a overview to help you understand their roles and configuration.
Remote Desktop Manager Windows connects to the BeyondTrust instance to retrieve credentials, enabling account brokering during sessions.
Create a new entry and select BeyondTrust Password Safe (credentials type).
Enter a name.
Go to the General tab
Enter the Host, which is the URL of your BeyondTrust portal.
Check Use My account settings to use the credentials configured in your account settings.
Enter the Username and Password of an account that has the permissions to connect to BeyondTrust.
Enter the domain.
Enter the Application API key, which is the key of one of your BeyondTrust API Registrations. Note that the API Key needed must be associated to a user from a group in BeyondTrust.
Link an entry by clicking on the ellipsis button or by checking the Always prompt with list option.
Click Add to save the entry and close the window.
To directly access endpoints via BeyondTrust, you can use the BeyondTrust Password Safe (session type) entry. This entry connects through the proxy, just like the dashboard does.
Create a new entry and select BeyondTrust Password Safe (session type).
Enter a name.
Go to the General tab
Enter the Host, which is the URL of your BeyondTrust portal.
Enter the Username and Password of an account that has the permissions to connect to BeyondTrust.
Enter the domain.
Enter the Application API key, which is the key of one of your BeyondTrust API Registrations. Note that the API Key needed must be associated to a user from a group in BeyondTrust.
Go to the Advanced tab.
In the System field, click the ellipsis button (...) to browse and select from available systems in your BeyondTrust vault.
The Account field automatically displays the account associated with the selected system.
Select a template from your template listif needed.
Choose the Session type by selecting RDP or SSH.
Specifies which field should be used to resolve the host address for the session. Select from the following options: System name, IP address, or DNS name.
Click Proxy, Direct, or Admin session to determine how the session will connect.
Check the Check-in-request on close to automatically triggers a check-in for the credentials used after the session ends.
Click Add to save the entry and close the window.
The dashboard is used to view all your secrets and seamlessly connecting to endpoints through the Password Safe proxy, thus enabling the use of conditional access policies from BeyondTrust.
Create a new entry and select BeyondTrust Password Safe dashboard (session type).
Enter a name.
Go to the General tab
Enter the Host, which is the URL of your BeyondTrust portal.
Enter the Username and Password of an account that has the permissions to connect to BeyondTrust.
Enter the domain.
Enter the Application API key, which is the key of one of your BeyondTrust API Registrations. Note that the API Key needed must be associated to a user from a group in BeyondTrust.
Go the Advanced tab.
Check the auto-refresh box to enable automatic refreshing of the dashboard data.
Set the interval (in minutes) between automatic refreshes.
Click Add to save the entry and close the window.
The BeyondTrust Admin session works similarly to the BeyondTrust Password Safe dashboard, but it is designed for administrative sessions.
There are three ways to access the Admin session:
Configure a BeyondTrust Admin session entry type by clicking Add new entry – BeyondTrust Admin session.
Navigate to an existing BeyondTrust Password Safe entry and go to Advanced – Connect mode – Admin session.
Through the BeyondTrust Password Safe dashboard properties by selecting Open admin session in the Advanced tab.
Give us Feedback