How do I integrate with Beyond Trust?

To integrate with Beyond Trust, follow these steps:

1. Create API Registration

   WebConsole/#!/app/configuration/api-registration

   • We must add at least one IP or IP range rule to have it active.
     
     
2. Create a new group. Add users to the group. Add API registration to the group. WebConsole/#!/app/configuration/user-management
   1. check API registrations
3. Create a managed system WebConsole/#!/ps/managed-systems
4. Create managed account
   • set Managed System from point 3.
5. Add access policy. Configuration -> PAM Policies -> Access Policies.
   • create a schedule and allow to View Password
6. Add assignees to Access Policies
   1. Edit access policy
   2. Go to assignees
   3. Click "manage assignees."
   4. Click "view group details" on the group that you want to assign
   5. Go to "smart groups."
   6. Find "All Managed Accounts" and click "Edit Password Safe Rules."
   7. Add the "requestor" option and choose a policy from the dropdown list
   8. Go back to WebConsole/#!/ps/configuration/access-policies and check if:
      Role = Requestor
      Group name = <x>
      Smart Rule = All managed accounts
      Active = true
      API Enabled = true

 Configure Beyond Trust in Security Center

1. Login to Security Center.
2. Click on the Menu Icon in the top right corner.
3. Click Integrations and select Beyond Trust.
4. You will need to fill in the following:
   1. BeyondTrust host.
      • The Beyond Trust URL (example:https://b*****.ps.beyondtrustcloud.com/)
   2. Port
   3. API User
      • You can get the API user from Beyond Trust Configuration > Role based access > User management.
      • Navigate from Groups to Users, and choose the user, e.g., First name.Last name.
   4. API Key
      • You can get the API key from the Beyond Trust Configuration > General > API Registrations.
      • Click the eye icon on the First Details menu > Key to reveal your API key.
5. Once you fill out the information, click Save.
6. Done!