DocumentationRelease Notes
Log In
Documentation

Entrust IDaaS (SAML)

Suggest Edits

Entrust Identity as a Service (IDaaS) is a Cloud-based identity and access management (IAM) solution with multi-factor authentication (MFA), credential-based passwordless access, and single sign-on (SSO).

BeyondTrust Privileged Remote Access provides identity-secure, just-in-time access to all enterprise environments including cloud, on-premises and OT.

This quick configuration guide covers a simple SAML Single Sign-On integration between Entrust IDaaS and BeyondTrust Privileged Remote Access. The configuration requires steps in Entrust IDaaS and steps in Privileged Remote Access.

Prerequisites

An instance of Entrust IDaaS with administrator privileges.

An instance of BeyondTrust Privileged Remote Access with administrator privileges.

Configure Entrust IDaaS

Create and edit the application

  1. In Entrust IDaaS, navigate to Add Application.
  2. Under Select an Application Template, search for SAML.
  3. Select the Generic SAML Application template to create the SRA Application.
  4. Enter a name and description for the application, and an application logo if desired.
  5. Under Enable Authentication Flow, check User login only.
  6. Click NEXT.
  7. Enter the ACS URL and Issuer ID URL appropriate for your instance of BeyondTrust. For example, https://myInstance.beyondtrustcloud.com/saml/sso and https://myInstance.beyondtrustcloud.com. This information is also displayed when the application is configured in Privileged Remote Access.
  8. Add SAML Attributes:
    • Email: <Email>
    • FirstName: <First Name>
    • Groups: TestGroup
    • LastName: <Last Name>
    • Username: <User ID>
  9. Click SUBMIT.
  10. Click ADD RESOURCE RULE.
  11. Select the Group to Add, to provide application access to its members.
  12. From the Applications List, click the download link to download the metadata file file.
  13. Continue the configuration in BeyondTrust Privileged Remote Access

Configure Privileged Remote Access

Once the app has been configured, follow these steps to add the provider to BeyondTrust Privileged Remote Access:

  1. Log in to Privileged Remote Access
  2. Navigate to Users & Security > Security Providers.
  3. Click +ADD.
  4. Select SAML2.
  5. Click UPLOAD IDENTITY PROVIDER METADATA to import the metadata file downloaded from IDaaS, which includes the signing certificate.
  6. The service provider information needed to configure the SAML application in IDaaS in available under Service Provider Settings.
  7. The default User Attribute Settings can be modified to match the application attributes, if necessary.
  8. Under Authorization Settings, a default group policy must be selected. Also, enter a name in Available Groups that matches the static value configured for the Groups attribute for IDaaS SAML Application.

Test the integration

On the Privileged Remote Access login page, select Use SAML Authentication under Authenticate Using.

You will be redirected to the IDaaS login page, where you can authenticate using an IDaaS User who is a member of the Authorization Group configured for the SAML Application.

You are then authenticated to Privileged Remote Access.

Under Users & Security, Users, the new user account has been provisioned via SAML.

Updated 29 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.