DocumentationRelease Notes
Log In
Release Notes

Privileged Remote Access 23.2.1 release notes

May 9, 2023

⚠️

Important

This release has been removed due to a critical issue. An updated release will be made available as soon as possible. For more information, please see KB0020207 at https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207.

Requirements:

  • This version of Privileged Remote Access has been certified for physical BeyondTrust Appliances, virtual BeyondTrust Appliances, and cloud deployment models.
  • 23.2.1 PA requires Base 7.0.0.
  • Requires ECM 1.6.0.
  • Requires Integration Client 1.7.5.

New features and enhancements:

  • FIDO2 authentication now supported in /login, access console, and web access console.

  • Multiple SAML providers can now be configured.

  • SAML is now allowed to use external group providers.

  • Streamlined SAML authentication in the access console.

  • Web access console can now create, edit, copy, and delete Jump Items.

  • Added ephemeral Jump Clients. This allows administrators to override the offline time of Jump Clients, creating short-lived installers that provide our non-ephemeral Jump Clients access to ephemeral machines but are automatically removed when the endpoint is torn down.

  • Added Terraform module, which allows users to interact with the Remote Support Configuration API to manage access to the resources under management.

  • Added dark mode for /login.

  • Jump Client installers are now listed in /login.

  • Users now have additional options available when using Command shell within a Jump Client session, including Windows Command Prompt, PowerShell, Zsh, Bash, sh, fish, and tcsh.

  • OAuth 2 support added for /login email configurations.

  • A new API for downloading Syslog reports has been created. Also, a new permission has been added to the API account.

  • Added a new session policy setting for automatically starting the privacy screen.

  • The Run As Special Action now logs the command in session reports.

  • Vendor Approvers are now notified of any waiting approval requests. The interval at which these reminders are sent can be configured on the Edit Vendors page.

  • Public keys for stored private keys have been added for Vault SSH accounts.

  • The Configuration API User Rate Limit per Hour has been increased from 15,000 to 60,000.

  • Added `enter` and `delete` keyboard shortcuts to the native access console. `enter` now starts a session with the selected Jump Item and `delete` now removes the selected Jump Item.

  • Jump Item export in the access console now allows you to select Export All, Export Current View, or Export Selected.

  • The elevation tooltip in the access console now displays why the Elevation button is disabled.

  • Configuration API additions and enhancements:

    • VNC Jump Items

      • GET jump-item/remote-vnc
      • GET jump-item/remote-vnc/`id`
      • POST jump-item/remote-vnc
      • PATCH jump-item/remote-vnc/`id`
      • DELETE jump-item/remote-vnc/`id`
      • COPY jump-item/remote-vnc/`id`
    • Vault Account Jump Item association

      • GET vault/endpoint
      • GET vault/endpoint/`id`/remote-rdp-jump-item-candidates
      • POST vault/endpoint/`id`/remote-rdp-jump-item-association
      • UPDATE jump-item/remote-rdp
    • Associate Vault Accounts with Jump Items

      • GET vault/account/`id`/jump-item-association
      • PATCH vault/account/`id`/jump-item-association
      • POST vault/account/`id`/jump-item-association
      • DELETE vault/account/`id`/jump-item-association/jump-item
      • POST vault/account/`id`/jump-item-association/shared-jump-group
      • POST vault/account/`id`/jump-item-association/jump-item
      • DELETE vault/account/`id`/jump-item-association
      • DELETE vault/account/`id`/jump-item-association/shared-jump-group
      • DELETE vault/account/`id`/jump-item-association/jump-item
    • Associate Vault Account Groups with Jump Items

      • GET vault/account-group/`id`/jump-item-association
      • PATCH vault/account-group/`id`/jump-item-association
      • POST vault/account-group/`id`/jump-item-association/shared-jump-group
      • POST vault/account-group/`id`/jump-item-association/jump-item
      • DELETE vault/account-group/`id`/jump-item-association/jump-item
      • DELETE vault/account-group/`id`/jump-item-association/shared-jump-group
    • Added connected state to Jumpoint

      • GET jumpoint
      • GET jumpoint/`id`
    • Added account_expiration to VendorUser

      • GET vendor/`id`/user
    • Reactivate Vendor Account

      • POST vendor/`vendor_group_id`/user/`user_id`/reactivate
      • POST vendor/`vendor_group_id`/reactivate
    • Extended GET user to include all permissions:

      • GET user
    • Return a list of all API accounts and permissions:

      • GET api-account
    • Manage Group Policy membership for Account Groups

      • GET group-policy/`id`/vault-account-group
      • POST group-policy/`id`/vault-account-group
      • DELETE group-policy/`group_policy_id`/vault-account-group/`account_group_id`
    • Added public_key to Vault accounts.

Issues resolved:

Administrative Interface

  • API

    • Increased API version to 1.23.1.
    • Resolved an issue with POST group-policy returning an error when id is specified.
  • Vault

    • Resolved an issue with checking out a local account at the same time a discovery is being run on that domain.
    • Resolved an issue with importing accounts overwriting the previously imported accounts if their account names were changed.
    • Resolved an issue with deleting domain with large numbers of endpoints taking longer than expected.
    • Vault performance improvements.
    • Resolved an issue with not displaying all discovery errors.
    • Resolved an issue with the Discovery Results page showing local accounts for endpoints that are not reachable.
  • Group Policies

    • Made performance improvements to Group Policies in /login when there are large numbers of Group Policies and Jump Groups.
  • Search

    • Resolved an issue with spaces counting as characters.
  • Vendor

    • Resolved an issue with case sensitivity in the email domain field in Vendor registration.
    • Resolved an issue with the change password email not being sent to Vendor users if they were approved by non-admin PRA users.
    • Resolved an issue with Vendor registration allowing the same email address to be registered multiple times.
  • Text Updates

    • Updated some of the verbiage on the Backup Setting page.
    • In /login, renamed the left navigation link for Downloads to Consoles & Downloads, and the left navigation link for Access Console to Console Settings.
    • Resolved an issue with extra characters being displayed in the Edit Service Principal error message under Vault > Domains.
  • Miscellaneous

    • Resolved an issue with the Android Mass Deploy Jump Client link.
    • Resolved an issue with the language selection icon showing on sites that don’t have any languages.
    • Resolved an issue with the customizable strings on the Customer Client page not saving correctly for non-English languages.
    • Added Vault Service Principal to the warning message that is displayed when configuring an outbound proxy.
    • Updated the error message received when using the password reset link when the password was expired.

Clients

  • Access Console

    • Resolved an issue with Jump Clients that had not yet been upgraded showing as Pending in the access console.
    • Resolved an issue with the access console sometimes crashing after pinning a session.
    • Resolved an issue with the access console sometimes crashing when the network connection dropped.
    • Resolved an issue with the access console crashing if the Jump Approval window was left open.
    • Resolved an issue with the access console sometimes crashing while editing a registry value during registry access.
    • Resolved an issue with the access console randomly crashing during customer client download.
    • Resolved an issue with Shift + F10 not passing through screen sharing.
    • Resolved an issue with the Time in Queue icon not being dark in dark mode.
    • Resolved an issue with Jump Item details not being displayed correctly with long comments.
  • Customer Client

    • Resolved an issue with Windows clipboard history not being cleared at the end of a session.
  • Web Access Console

    • Resolved an issue with time counters not continuing when the web access console page was hidden.
    • Resolved an issue with screenshots not working in some Firefox versions.
    • Resolved an issue with slow UI responsiveness when there were large numbers of Jump Groups.
  • Infrastructure Access Console

    • Now when the IAC is started on a system that does not have a system tray, the IAC checkbox is greyed out and help text is provided to explain why.
  • Web Jump

    • Resolved an issue with starting Web Jump sessions through a Linux Jumpoint.
  • vPro

    • Resolved an issue with vPro sessions sometimes disconnecting and not reconnecting.
  • Jump Client

    • The ability to install and run multiple Jump Clients for the same user and site has been deprecated. There are other means available now to attain the same functionality.
    • Resolved an issue with starting a Jump Client session while a Jump Client discovery is in process.
  • Shell Jump

    • Resolved an issue with the authentication error message not showing when the wrong credentials have been used to start a Shell Jump session.
  • Mac

    • Resolved an issue with transitioning from IAC mode to full console mode causing the access console’s title bar to not respond.
    • Resolved an issue with upgrading the rep console if it was originally installed by a non-admin user.
    • Resolved an issue with granting Accessibility permission if Screen Recording permission wasn’t granted first.
    • Resolved issue with Jump Clients that were not restarting automatically being granted permissions by the System Settings app.
    • Resolved an issue with sending AltGr keys through screen sharing on Macs.
  • RDP

    • Resolved an issue with backslash character (\) not being copied into the native Windows Security window.
    • Resolved an issue with RDP file downloads when multiple reps, native access console and web access console, are in the same RDP session.
    • Updated the error message displayed when a rep tries to start an RDP session without the proper permissions.
    • Added support for 16 bit color in native BYOT RDP.
    • Resolved an issue in which RDP was failing with certain certificates.

Notes:

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.