Configure LDAP on Pathfinder | Pathfinder

Overview

Pathfinder authenticates users through a connected BeyondTrust product instead of connecting directly to Active Directory or LDAP. The connected product — Privileged Remote Access or Remote Support — acts as the proxy site for directory authentication.

Prerequisites

Before you begin, make sure you have:

  • Administrator access to Pathfinder.
  • A connected BeyondTrust product configured with an LDAP or Active Directory provider.
  • The directory domain and any required connection details.
🚧

Important information

This procedure assumes you have already configured an LDAP or Active Directory provider in your BeyondTrust product. If you have not, complete the appropriate configuration procedure before continuing.

Although Password Safe appears as a product option, it is not currently available for use with directory authentication in Pathfinder.

Register the directory provider

  1. Log in to Pathfinder as an administrator.
  2. From the tenant dropdown, select Administration.
  3. Open the navigation menu and click Directory Authentication.
Navigation menu with Administration expanded and Directory Authentication selected.
  1. On the Directory Authentication page, you can add a new directory provider or edit an existing one.
Directory Authentication page showing existing providers with options to add, edit, or remove a provider.
  1. When adding a provider, configure:

    • Label
    • Provider type
    • Domain or server
    • Proxy site
    • Product
Add Directory Provider page with settings to configure an Active Directory or LDAP provider through a connected BeyondTrust product.
⚠️

Warning

Removing a provider prevents users who rely on that directory from signing in unless another authentication method is available.

Provision users

To add an LDAP user manually:

  1. From the navigation menu, go to User Management.
Navigation menu with Administration expanded and User Management selected.
  1. Click Invite User.
Organization Users page with the Invite User button.
  1. In the User Details section, enter an Email Address, First Name, and Last Name. All fields are required.
  2. In the User Permissions section, for Organization Role, select either Standard User or Administrator.
  3. For Site Access, select the sites and at least one application to grant user access to.
Invite User page with fields to enter user information and assign permissions.
  1. Click Invite User.
    The user receives an email with a link to create a new password, then access the selected site(s) and application(s).

Sign in

Users sign in using the tenant-specific URL. For example, https://login.beyondtrust.io/signin/signIn?orgId=your-org-id

Replace your-org-id with your organization's tenant ID.

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.