DocumentationRelease Notes
Log In
Documentation

PRIVILEGED REMOTE ACCESS FOR ADMINS USER GUIDE

What is Privileged Remote Access for admins?

Privileged Remote Access for admins refers to the set of pages in your PRA site where you can download, deploy, and configure your PRA settings and consoles.

Important information about Privileged Remote Access

  • BeyondTrust Privileged Remote Access is licensed by concurrent users, allowing you to create as many accounts as needed, each with unique usernames and passwords.
  • When signing into Privileged Remote Access for the first time:
    • You must accept the BeyondTrust EULA.
    • Select your preferred language from the drop-down menu, if multiple languages are enabled on your site.
  • For security, the administrative username and password for your B Series Appliance are separate from those used for your PRA site and must be managed independently.

How do I access the Privileged Remote Access administrative interface?

  1. In a Chromium-based browser, navigate to your B Series Appliance URL and append /login.

  2. Log in using passwordless authentication, single sign-on, or your administrator credentials.

    The default credentials are:

    • Username: admin
    • Password: password

For security, you must change the default credentials immediately upon your initial login.

ℹ️

Note

For security purposes, the administrative username and password used for the /appliance interface are distinct from those used for the /login interface and must be managed separately.

If two-factor authentication is enabled for your account, enter the code from the authenticator app.

ℹ️

Note

If more than one language is enabled for your site, select the language you want to use from the dropdown menu. You can also change the language of your choice after logging in to the admin site.

Use passwordless login

FIDO2-certified authenticators can be used to securely log in to the desktop access console, web access consol, and the /login administrative interface without entering your password. You can register up to 10 authenticators.

If passwordless login has been enabled, Authenticate Using may default to Passwordless FIDO2, or it can be selected. The exact process for passwordless login depends on the type of device and manufacturer.

You can enable passwordless login and set the default authentication after logging into the /login administrative interface, by navigating to Management > Security, and then registering passwordless authenticators at My Account > Security.

ℹ️

Note

Passwordless login for the desktop access console on macOS or Linux systems is supported only for roaming authenticators (such as the YubiKey hardware security keys). Platform or integrated authenticators (such as Face ID and fingerprint scanners) are not supported for the desktop access console login when using macOS or Linux systems.

Use integrated browser authentication

If Kerberos has been properly configured for single sign-on, you can click the link to use integrated browser authentication, allowing you to enter directly into the web interface without requiring you to enter your credentials.

ℹ️

Note

For more information, please see Kerberos single sign-on.

Forgot your password?

If password reset has been enabled from the /login > Management > Security page and the SMTP server has been set up for your site, this link is visible. To reset your password, click the link, enter and confirm your email address, and then click Send. If there is more than one user sharing the same email address, you are required to confirm your username. You will receive an email with a link that takes you back to the login page. On the login screen, enter and confirm your new password, and then click Change Password.

Login agreement

Administrators may restrict access to the login screen by enabling a prerequisite login agreement that must be confirmed before the login screen is displayed. The login agreement can be enabled and customized from the /login > Management > Site Configuration page.

How to use the administrative interface

Search the admin interface

From every page within /login, you can search for settings and features within the administrative interface using the search bar in the top-right corner. This feature searches for static text, including titles and labels, within the entirety of /login. Search results are listed in a dropdown, grouped by page. You can click any of the items in the listed search results to be taken directly to the page within /login. Titles and labels specific to your search are highlighted on the page.

ℹ️

Note

  • Search results include only areas within /login where you have permissions.
  • User-entered items are not searched.
  • Search supports all languages supported by /login — all languages are searched and indexed.

App switcher

If you have BeyondTrust Identity Security Insights, you can connect Privileged Remote Access and other BeyondTrust cloud applications, and then switch between applications without needing to re-enter credentials. The App Switcher menu appears in the same place in all applications: in the upper right. In Privileged Remote Access, the menu appears between the Search field and the User Menu.

Click the menu for a list of connected applications, and click the desired application. There can be more than one instance of an application, except for Identity Security Insights.

The menu does not appear if there are no connected applications. The menu is automatically removed if all connected applications are removed, or if it has not been used for 60 days. Re-entering credentials may be necessary in some circumstances, depending on the login configuration of the different applications.

The user menu

The user dropdown menu, located in the upper-right corner of the screen, offers access to a few key features from anywhere on the admin site. Click the user icon to view the logged-in user name and email address, and available links and options.

Log Out: Click to log out of the /login administrative interface. This does not log you out of any consoles. Those must be logged out separately.

Change Email Settings: This is a link to My Account > Profile.

Change Password: This is a link to My Account > Security.

Launch Privileged Web Access Console: This gives you convenient access to the web access console from anywhere in /login.

Download Access Console: This gives you a quick link to download the desktop access console.

Enable Extended Availability: Click to enable this feature in the access console. Once enabled, this option switches to Disable, and can be clicked again to disable this feature.

Language: Displays the current language. If more than one language is enabled for your site, select the language you want to use from the dropdown menu. This language is also applied to the web access consol.

Color Scheme: Select your preferred color scheme for the /login administrative interface. You can switch between Light and Dark modes, or System, which uses whatever mode is selected for your system.


©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.