To authenticate to the API, you must create an API account on the /login > Management > API Configuration page (see www.beyondtrust.com/docs/privileged-remote-access/getting-started/admin/api-configuration.htm). The account must have permission to access the necessary APIs.
Full Answer
See more
What is BeyondTrust privileged remote access?
BeyondTrust Privileged Remote Access empowers security professionals to control, monitor, and manage privileged users' access to critical systems. Get up and running with admin and user guides. How-To. Secure your software and set up integrations. Updates and Features.
What is BeyondTrust used for?
BeyondTrust is the worldwide leader in Privileged Access Management, offering the most seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.
Is BeyondTrust a VPN?
BeyondTrust allows you to give vendors access to your network without a VPN connection and enables security professionals to control, monitor, and manage access to critical systems by privileged users, including third-party vendors.
What is BeyondTrust remote client?
The BeyondTrust Customer Client enables customers to interact with representatives during remote support, chat or presentation sessions. Because it is the most secure remote support solution, BeyondTrust places a top priority on user controls. Customers Can Override Remote Control.
How does BeyondTrust privilege management work?
BeyondTrust Privilege Management for Windows Servers reduces the risk of privilege misuse by assigning admin privileges to only authorized tasks that require them, controlling application and script usage, and logging and monitoring on privileged activities.
What is BeyondTrust session monitoring?
Session monitoring records the actions of a user while they access your password-protected managed systems. The actions are recorded in real time with the ability to bypass inactivity in the session. This allows you to view only the actions of the user.
How do I use my BeyondTrust remote?
2:3115:29How BeyondTrust Privileged Remote Access Works - YouTubeYouTubeStart of suggested clipEnd of suggested clipOne common method of remote access is the use of jump clients a jump client is an agent you deployMoreOne common method of remote access is the use of jump clients a jump client is an agent you deploy to the application layer of an endpoint.
Is BeyondTrust secure?
BeyondTrust has always been designed with security at the forefront. Not only is the product architecture superior from a security standpoint, the product itself includes a number of features that strengthen the security of your organization on a day to day basis.
How do you secure remote access to employees?
7 Best Practices For Securing Remote Access for EmployeesDevelop a Cybersecurity Policy For Remote Workers. ... Choose a Remote Access Software. ... Use Encryption. ... Implement a Password Management Software. ... Apply Two-factor Authentication. ... Employ the Principle of Least Privilege. ... Create Employee Cybersecurity Training.
How does BeyondTrust remote support work?
BeyondTrust connects support reps with remote desktops, servers, laptops and network devices wherever they are. Support reps can see the screen, control the mouse and work as if physically in front of the remote desktop, speeding time to resolution.
What does privileged access management do?
Privileged Access Management (PAM) is an information security (infosec) mechanism that safeguards identities with special access or capabilities beyond regular users. Like all other infosec solutions, PAM works through a combination of people, processes and technology.
Who owns BeyondTrust?
Who owns BeyondTrust? BeyondTrust is privately held by Francisco Partners, a leading technology-focused private equity firm.
What does privileged access management do?
Privileged Access Management (PAM) is an information security (infosec) mechanism that safeguards identities with special access or capabilities beyond regular users. Like all other infosec solutions, PAM works through a combination of people, processes and technology.
Who owns BeyondTrust?
Who owns BeyondTrust? BeyondTrust is privately held by Francisco Partners, a leading technology-focused private equity firm.
How many employees does BeyondTrust have?
Throughout the year, BeyondTrust continued to grow its talented team, growing to 1200+ employees globally and promoting 300+ employees across the organization.
How many countries does BeyondTrust operate in?
We are the trusted partner for more than 20,000 customers in over 100 countries, including 75% of the Fortune 100, and a global partner community.
How is OAuth client secret generated?
The OAuth client secret is generated by the B Series Appliance using a cryptographically secure pseudo-random number generator.
What is OAuth client ID?
The OAuth client ID is a unique ID generated by the B Series Appliance. It cannot be modified. The client ID is considered public information and, therefore, can be shared without compromising the security of the integration.
What is ECM group?
The ECM Groups feature provides support for multiple disconnected credential providers. It allows a single PRA deployment to integrate with multiple external credential providers like Password Safe or Privileged Identity. These can be located at various remote locations through multiple ECM instances.
What is an API account?
An API account stores all of the authentication and authorization settings for the API client. At least one API account is required to use the API, either in conjunction with the Integration Client, with a third-party app, or with your own in-house developed software.
How many ECM groups can you configure?
Create a unique name to help identify this ECM group. You can configure up to fifty ECM groups.
What is configuration API?
The Configuration API allows for the management and configuration of common tasks in /login, which can be automated and work with your orchestration processes.
Can you use OAuth tokens on API?
Any API calls using those tokens cannot access the API. The OAuth client ID and client secret are used to create OAuth tokens, necessary for authenticating to the API. For more information, please see the API Guide.
Access the YAML file via API
By following the steps below and referring to the documentation for the OpenAPI tool of your choice, you can view the API documentation and even try out features of the API using an intuitive browser user interface.
Download the YAML file
Alternatively, you can download the YAML file by clicking the Download the Configuration API's OpenAPI YAML file
How to authenticate to API?
To authenticate to the API, you must create an API account on the /login > Management > API Configuration page. The account must have permission to access the necessary APIs. API requests require a token to be first created and then submitted with each API request. An example API request can be seen in the Test Scenario.
How to execute API requests?
API requests are executed by sending an HTTP request to the B Series Appliance. Send the request using any HTTPS-capable socket library or scripting language module, URL fetcher such as cURL, or an OAuth library specific to your platform. BeyondTrust 's web APIs use OAuth as the authentication method.
Can a client secret be modified?
The client secret cannot be modified, but it can be regenerated on the /login > Management > API Configuration page. Regenerating a client secret and then saving the account immediately invalidates any OAuth tokens associated with the account. Any API calls using those tokens will be unable to access the API.
API Configuration
- Enable XML API
Choose to enable the BeyondTrustXML API, allowing you to run reports and issue commands such as starting or transferring sessions from external applications, as well as to automatically back up your software configuration.
API Accounts
- An API account stores all of the authentication and authorization settings for the API client. At least one API account is required to use the API, either in conjunction with the Integration Client, with a third-party app, or with your own in-house developed software.
Add Or Edit An API Account
- Enabled
If checked, this account is allowed to authenticate to the API. When an account is disabled, all OAuth tokens associated with the account are immediately disabled. - Name
Create a unique name to help identify this account.
Permissions
- Select the areas of the API this account is allowed to use. For the Command API, choose to deny access, to allow read-only access, or to allow full access. Also set whether this account can use the Reporting API, the Backup API, the Configuration API, and/or the Endpoint Credential Manager API. The Configuration API allows for the management and configuration of common tasks in /l…
Network Restrictions
- List network address prefixes from which this account can authenticate. API accounts are not restricted by the network prefixes configured on the /login > Management > Securitypage. They are restricted only by the network prefixes configured for the API account.
ECM Groups
- This feature is only present if enabled when your site is built. If it is not present, please contact your site administrator. The ECM Groups feature provides support for multiple disconnected credential providers. It allows a single PRA deployment to integrate with multiple external credential providers like Password Safe or Privileged Identity. These can be located at various re…