BeyondTrust Explained: Advanced Solutions for Privileged Account and Session Management

Introduction

BeyondTrust helps businesses to safeguard identities, prevent threats, and provide dynamic access. The only platform that offers zero-trust based least privilege to reduce your attack surface and get rid of security blind spots, along with intelligent identity threat detection. It focuses mainly on handling the privilege accounts like Break glass accounts, Privileged user accounts, Domain Admin accounts, Service Accounts, Local Administrators , Application Accounts,Specialty Accounts.

BeyondTrust products

·         BeyondTrust Insight/password safe

·         Privileged Remote Access

·         Remote Support

·         Identity Security Insights

·         Endpoint Privilege management

·         AD Bridge

·         Privileged Identity

·         Integrations

Password Safe

Password-safe enables complete visibility and control over privileged credentials to safeguard sensitive information from unauthorized access and prevent breaches. The expansion of remote workforces causes the privilege accounts to rise. Increased complexity in the resources makes it difficult to handle the credentials. Password Safe provides unified and session management.

The duration and frequency of password requests, remote access sessions, and application access under Password Safe management are specified by an access policy.A default password policy is included with Password Safe and is used to create new passwords for automatically managed accounts. The default password policy cannot be deleted, but you can alter its parameters, such as the complexity and length of the password. Additionally, new password policies can be made.

Base Configuration

Like all other connectors, the base configuration includes the Source Name, Source Description, Source Owner, Virtual Appliance Cluster and Governance Group For Source Management.

Connection Settings

·         OAuth authentication

·         API Token

OAuth 2.0 authentication where an access token is used for the connection. There are three grant types available: Client Credentials, Refresh tokens, and Passwords. In all these grant types Token URL is required. In Client Credentials- Client ID and Client Secret, in Refresh Token – Client ID, Client Secret, and Refresh token and in the Password, username and Password are required.

If the API token is selected, enter the API token under the API token.

In the aggregation setting, mention if there is any requirement related to the Page Size, the Account Filter to aggregate the user accounts, and the group filter to aggregate the user resources.  JSON Path Attribute Mapping, the schema attribute, and its corresponding JSON path for the attribute must be given.

Conclusion

Integrating BeyondTrust Password Safe and SailPoint Identity Security Cloud offers an extremely scalable method for handling privileged access for numerous essential corporate processes, such as provisioning, search and analytics, access certifications, access requests, and more. Now, businesses can automate granting the appropriate access privileges to the appropriate people while cutting down on laborious and time-consuming human activities. By doing this, administrators can focus on more effective initiatives and reduce the possibility of delays and human error. As a result, businesses can sustain high levels of security, compliance, and user productivity.

Stay tuned to our blog to see more posts about Sailpoint products implementation and its related updates.