DocumentationRelease Notes
Documentation

Install BeyondTrust Bridge | AD Bridge

Suggest Edits

This section provides information on BeyondTrust Bridge requirements and installing the console.

Requirements to use AD Bridge with Entra ID

You must have the following to use BeyondTrust Bridge with Entra ID.

  • Windows administrative workstation running .NET 7.0
  • Azure CLI (version 2.72 or later) to connect and manage Entra ID app registrations. Follow the official Microsoft instructions: Install the Azure CLI on Windows.

Administrative privileges

To set up the app and schema extensions, the following Entra ID permissions are required:

  • Must have an active subscription.
  • Must be assigned the following roles:
    • Directory Writers: Required to apply schema extensions.
    • Application Administrator: Required to create the app and generate secrets.
    • Privileged Role Administrator: Required to grant admin rights on app roles.

Install the BeyondTrust Bridge console

To install the BeyondTrust Bridge console on a Windows machine:

  1. Run ADBridge64-##.#.#.###.msi.
  2. Ensure the BeyondTrust Bridge application is selected in the Select Features window.
  3. Launch the BeyondTrust Bridge console by opening the Start menu and selecting the BeyondTrust Bridge shortcut.

First time deployment with Entra ID

To set up Entra ID for the first time, navigate to Entra ID Status and sign in with a user that has application administrator and privileged role administrator roles.

Users are required to create the BeyondTrust - Identity Bridge application and the BeyondTrust - Linux Endpoint application.

  • BeyondTrust - Identity Bridge holds the schema with the user and group attributes.
  • BeyondTrust - Linux Endpoint is for Linux endpoints to authenticate with Microsoft Entra ID.

Once created, users can view the application ID, secret, and extensions status. The secret file is created and stored on the disk for the user who is logged on.

ℹ️

Privileged role administrator is only required for first time deployment to grant the admin rights on the application role.

Use the BeyondTrust Bridge console to provision users and groups

Use the Entra ID Users and Groups tiles to provision users and groups. You can assign the UID, HomeDirectory, loginShell, and GID for users and the GID for groups.

Manage Microsoft Entra ID users and groups in AD Bridge

Logging and debugging

Users can access log files by navigating to the Logging Configuration page. Users can create a log file archive or use the links to open the applicable log file.

Logging configuration in AD Bridge

Updated 13 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.