Privileged Remote Access 23.2.1 release notes
May 9, 2023
Important
This release has been removed due to a critical issue. An updated release will be made available as soon as possible. For more information, please see KB0020207 at https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207.
Requirements:
- This version of Privileged Remote Access has been certified for physical BeyondTrust Appliances, virtual BeyondTrust Appliances, and cloud deployment models.
- 23.2.1 PA requires Base 7.0.0.
- Requires ECM 1.6.0.
- Requires Integration Client 1.7.5.
New features and enhancements:
-
FIDO2 authentication now supported in /login, access console, and web access console.
-
Multiple SAML providers can now be configured.
-
SAML is now allowed to use external group providers.
-
Streamlined SAML authentication in the access console.
-
Web access console can now create, edit, copy, and delete Jump Items.
-
Added ephemeral Jump Clients. This allows administrators to override the offline time of Jump Clients, creating short-lived installers that provide our non-ephemeral Jump Clients access to ephemeral machines but are automatically removed when the endpoint is torn down.
-
Added Terraform module, which allows users to interact with the Remote Support Configuration API to manage access to the resources under management.
-
Added dark mode for /login.
-
Jump Client installers are now listed in /login.
-
Users now have additional options available when using Command shell within a Jump Client session, including Windows Command Prompt, PowerShell, Zsh, Bash, sh, fish, and tcsh.
-
OAuth 2 support added for /login email configurations.
-
A new API for downloading Syslog reports has been created. Also, a new permission has been added to the API account.
-
Added a new session policy setting for automatically starting the privacy screen.
-
The Run As Special Action now logs the command in session reports.
-
Vendor Approvers are now notified of any waiting approval requests. The interval at which these reminders are sent can be configured on the Edit Vendors page.
-
Public keys for stored private keys have been added for Vault SSH accounts.
-
The Configuration API User Rate Limit per Hour has been increased from 15,000 to 60,000.
-
Added `enter` and `delete` keyboard shortcuts to the native access console. `enter` now starts a session with the selected Jump Item and `delete` now removes the selected Jump Item.
-
Jump Item export in the access console now allows you to select Export All, Export Current View, or Export Selected.
-
The elevation tooltip in the access console now displays why the Elevation button is disabled.
-
Configuration API additions and enhancements:
-
VNC Jump Items
- GET jump-item/remote-vnc
- GET jump-item/remote-vnc/`id`
- POST jump-item/remote-vnc
- PATCH jump-item/remote-vnc/`id`
- DELETE jump-item/remote-vnc/`id`
- COPY jump-item/remote-vnc/`id`
-
Vault Account Jump Item association
- GET vault/endpoint
- GET vault/endpoint/`id`/remote-rdp-jump-item-candidates
- POST vault/endpoint/`id`/remote-rdp-jump-item-association
- UPDATE jump-item/remote-rdp
-
Associate Vault Accounts with Jump Items
- GET vault/account/`id`/jump-item-association
- PATCH vault/account/`id`/jump-item-association
- POST vault/account/`id`/jump-item-association
- DELETE vault/account/`id`/jump-item-association/jump-item
- POST vault/account/`id`/jump-item-association/shared-jump-group
- POST vault/account/`id`/jump-item-association/jump-item
- DELETE vault/account/`id`/jump-item-association
- DELETE vault/account/`id`/jump-item-association/shared-jump-group
- DELETE vault/account/`id`/jump-item-association/jump-item
-
Associate Vault Account Groups with Jump Items
- GET vault/account-group/`id`/jump-item-association
- PATCH vault/account-group/`id`/jump-item-association
- POST vault/account-group/`id`/jump-item-association/shared-jump-group
- POST vault/account-group/`id`/jump-item-association/jump-item
- DELETE vault/account-group/`id`/jump-item-association/jump-item
- DELETE vault/account-group/`id`/jump-item-association/shared-jump-group
-
Added connected state to Jumpoint
- GET jumpoint
- GET jumpoint/`id`
-
Added account_expiration to VendorUser
- GET vendor/`id`/user
-
Reactivate Vendor Account
- POST vendor/`vendor_group_id`/user/`user_id`/reactivate
- POST vendor/`vendor_group_id`/reactivate
-
Extended GET user to include all permissions:
- GET user
-
Return a list of all API accounts and permissions:
- GET api-account
-
Manage Group Policy membership for Account Groups
- GET group-policy/`id`/vault-account-group
- POST group-policy/`id`/vault-account-group
- DELETE group-policy/`group_policy_id`/vault-account-group/`account_group_id`
-
Added public_key to Vault accounts.
-
Issues resolved:
Administrative Interface
-
API
- Increased API version to 1.23.1.
- Resolved an issue with POST group-policy returning an error when id is specified.
-
Vault
- Resolved an issue with checking out a local account at the same time a discovery is being run on that domain.
- Resolved an issue with importing accounts overwriting the previously imported accounts if their account names were changed.
- Resolved an issue with deleting domain with large numbers of endpoints taking longer than expected.
- Vault performance improvements.
- Resolved an issue with not displaying all discovery errors.
- Resolved an issue with the Discovery Results page showing local accounts for endpoints that are not reachable.
-
Group Policies
- Made performance improvements to Group Policies in /login when there are large numbers of Group Policies and Jump Groups.
-
Search
- Resolved an issue with spaces counting as characters.
-
Vendor
- Resolved an issue with case sensitivity in the email domain field in Vendor registration.
- Resolved an issue with the change password email not being sent to Vendor users if they were approved by non-admin PRA users.
- Resolved an issue with Vendor registration allowing the same email address to be registered multiple times.
-
Text Updates
- Updated some of the verbiage on the Backup Setting page.
- In /login, renamed the left navigation link for Downloads to Consoles & Downloads, and the left navigation link for Access Console to Console Settings.
- Resolved an issue with extra characters being displayed in the Edit Service Principal error message under Vault > Domains.
-
Miscellaneous
- Resolved an issue with the Android Mass Deploy Jump Client link.
- Resolved an issue with the language selection icon showing on sites that don’t have any languages.
- Resolved an issue with the customizable strings on the Customer Client page not saving correctly for non-English languages.
- Added Vault Service Principal to the warning message that is displayed when configuring an outbound proxy.
- Updated the error message received when using the password reset link when the password was expired.
Clients
-
Access Console
- Resolved an issue with Jump Clients that had not yet been upgraded showing as Pending in the access console.
- Resolved an issue with the access console sometimes crashing after pinning a session.
- Resolved an issue with the access console sometimes crashing when the network connection dropped.
- Resolved an issue with the access console crashing if the Jump Approval window was left open.
- Resolved an issue with the access console sometimes crashing while editing a registry value during registry access.
- Resolved an issue with the access console randomly crashing during customer client download.
- Resolved an issue with Shift + F10 not passing through screen sharing.
- Resolved an issue with the Time in Queue icon not being dark in dark mode.
- Resolved an issue with Jump Item details not being displayed correctly with long comments.
-
Customer Client
- Resolved an issue with Windows clipboard history not being cleared at the end of a session.
-
Web Access Console
- Resolved an issue with time counters not continuing when the web access console page was hidden.
- Resolved an issue with screenshots not working in some Firefox versions.
- Resolved an issue with slow UI responsiveness when there were large numbers of Jump Groups.
-
Infrastructure Access Console
- Now when the IAC is started on a system that does not have a system tray, the IAC checkbox is greyed out and help text is provided to explain why.
-
Web Jump
- Resolved an issue with starting Web Jump sessions through a Linux Jumpoint.
-
vPro
- Resolved an issue with vPro sessions sometimes disconnecting and not reconnecting.
-
Jump Client
- The ability to install and run multiple Jump Clients for the same user and site has been deprecated. There are other means available now to attain the same functionality.
- Resolved an issue with starting a Jump Client session while a Jump Client discovery is in process.
-
Shell Jump
- Resolved an issue with the authentication error message not showing when the wrong credentials have been used to start a Shell Jump session.
-
Mac
- Resolved an issue with transitioning from IAC mode to full console mode causing the access console’s title bar to not respond.
- Resolved an issue with upgrading the rep console if it was originally installed by a non-admin user.
- Resolved an issue with granting Accessibility permission if Screen Recording permission wasn’t granted first.
- Resolved issue with Jump Clients that were not restarting automatically being granted permissions by the System Settings app.
- Resolved an issue with sending AltGr keys through screen sharing on Macs.
-
RDP
- Resolved an issue with backslash character (\) not being copied into the native Windows Security window.
- Resolved an issue with RDP file downloads when multiple reps, native access console and web access console, are in the same RDP session.
- Updated the error message displayed when a rep tries to start an RDP session without the proper permissions.
- Added support for 16 bit color in native BYOT RDP.
- Resolved an issue in which RDP was failing with certain certificates.
Notes:
- Verified for GA.
- Supports upgrades from 22.2.1 PA+.
- Supports ECM Protocol 1.6.
- Includes VSC 1.2.6.1.
- This release is certified with the following mobile versions: