DocumentationAPI ReferenceRelease Notes
Log In
Documentation

BlokSec

Suggest Edits

BeyondTrust Endpoint Privilege Management for Windows and Mac pairs powerful least privilege management and application control capabilities to provide preventative endpoint security. Implement zero trust controls and benefit from advanced protection against lateral movement, ransomware, malware, and insider threats.

BlokSec provides BeyondTrust users with a frictionless experience using no password or response code, while also providing the highest levels of authentication and identity assurance through the use of zero-knowledge proofs to further complement the zero trust controls provided by BeyondTrust Endpoint Privilege Management for Windows and Mac. BlokSec also provides the benefit of tamper-proof audit logging through the use of an immutable ledger allowing system administrators to confidently review elevation request history.

📘

For more information about BlokSec, see https://bloksec.com/.

Prerequisites

  • BeyondTrust Endpoint Privilege Management (EPM) instance
  • BlokSec instance
  • Users enrolled with BlokSec mobile app

EPM includes in-policy multifactor authentication or step-up authentication, which needs to be configured to point to a BlokSec instance.

Create an EPM app from a template

  1. Create a new app from template.
  2. Select the BeyondTrust Endpoint Privilege Management template.
  3. Set the Token Endpoint Auth Method to None, and then click Submit.
  4. Click the Generate App Secret button.
  5. Make note of the Application ID. This is the Client ID used in the EPM's identity provider settings.

Configure EPM

  1. Access the Messages tab in the Policy Editor and click Identity Provider Settings.
  2. Provide the BlokSec Issuer ID and Application ID as the Client ID.
  3. Click Save the Settings.
  4. Select the message you want to configure for BlokSec and check the box Verify their identity through an Identity Provider.

Test the integration

Now we can use the test user and a test workstation to make sure the integration is properly configured.

  1. When a user is requesting elevation, they are redirected to a browser (the default set by the user) to authenticate through BlokSec, using their saved credentials on the workstation.
  2. A push notification is sent to the mobile app to authenticate the user.
  3. The user can click OK on the Reason Required message after BlokSec authentication.
  4. Next the requested elevation (printer driver .msi) is approved, and the executable starts with elevated permissions. The user is never elevated.

Updated 3 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.