Security providers

What are Security Providers?

Security providers authenticate users against existing identity sources like LDAP, RADIUS, Kerberos, or SAML servers. They can also assign privileges based on the hierarchy and group settings defined in those servers.

How are Security Providers useful?

Security providers streamline user authentication by leveraging existing directory services, enable single sign-on with Kerberos, and enhance security through two-factor authentication methods like RSA via RADIUS.

How do I access the Security Providers page?

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Privileged Remote Access > Users & Security.
    The User & Security page opens and the Users tab displays by default.
  3. Click the Security Providers tab.
    The Security Providers tab displays.

What changed in Security Providers?

The way authentication providers are managed in Privileged Remote Access on Pathfinder has changed. Instead of configuring them directly in the Admin (/login) interface of Privileged Remote Access, authentication providers are now created and managed through the Pathfinder Platform.

Additionally, the Security Providers section (found under Users & Security > Security Providers) is no longer visible in the Admin interface of Privileged Remote Access. All tasks related to creating and maintaining Security Providers must now be performed within Pathfinder configuration. This decreases the amount of administrative overhead and standardizes authentication configuration when configuring users across all BeyondTrust products.

Privileged Remote Access connects to the Pathfinder Platform using OpenID Connect (OIDC), which is automatically set up during the provisioning of your Pathfinder tenant.

As a result, all configuration of local and SAML users is managed at the Pathfinder Platform level, not within individual instances of the Privileged Remote Access (PRA) product.

SAML users and groups defined in Pathfinder are exposed within the Admin interface of PRA, where user and groups can be used for individual assignments or Group Policy configurations.

❗️

Important

This explains why you do not have the ability to add Service Providers nor the ability to see any Service Provider information on the Service Provider pages in Privileged Remote Access on Pathfinder and Remote Support on Pathfinder. In Remote Support, you do have the ability to add SAML for Public Portals.

The Security Providers page

An image of BeyondTrust Privileged Remote Access interface showing the 'Users & Security' page with the 'Security Providers' tab selected. The page includes sections for Security Providers and OIDC Providers. Under OIDC Providers, an entry labeled 'BeyondTrust-Pathfinder' is listed, providing user authentication, user provisioning, and group lookup. Its status is marked as 'Available,' with icons for editing and additional options next to the status. The top bar includes a menu icon, the label 'Privileged Remote Access,' and a tenant dropdown labeled 'your-tenant'.
  1. Left menu: Easy access to all pages in Privilege Remote Access, including Status, Consoles & Downloads, My Account, Configuration, Jump, Vault, Console Settings, Users & Security, Reports, Management, and Appliance pages.
  2. Status: Opens the Status page.
  3. Header: Change your tenant site, manage your profile, and access documentation.
  1. Security Providers: List of Security Providers are located Administration>Identity & Authentication Providers page.

  2. OIDC Provider: A list of OIDC Providers.

  3. Security Providers list options: Edit a OIDC Security Provider.

How to add and configure security providers

The process in which you add and configure a security provider in Pathfinder has changed. To learn more about the process, see Identity providers.

Edit a service provider

  1. Sign into app.beyondtrust.io.
    The Pathfinder Home page displays.
  2. Sign into the Administration tenant located in the upper-right hand corner.
  3. Click the hamburger menu. The User Administration page displays.
  4. Click Identity & Authentication Providers.
    The SAML Providers page displays.
  5. Select a Service Provider from the list.
  6. Click the vertical ellipsis and then click Edit Provider.
  7. Make your changes, and then click Save Changes.

Delete a service provider

  1. Sign into app.beyondtrust.io.
    The Pathfinder Home page displays.

  2. Sign into the Administration tenant located in the upper-right hand corner.

  3. Click the hamburger menu. The User Administration page displays.

  4. Click Identity & Authentication Providers.
    The SAML Providers page displays.

  5. Select a Service Provider from the list.

  6. Click the vertical ellipsis and then click Delete Provider.

  7. The following confirmation dialog box displays:

    Confirmation Delete dialog box





  1. In the textbox, enter "delete".
  2. Click Delete.

Edit an OIDC provider

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Privileged Remote Access > Users & Security.
    The User & Security page opens and the Users tab displays by default.
  3. Click the Security Providers tab.
    The Security Providers tab displays.
  4. Locate the provider from the OIDC Provider section.
  5. To edit the provider, click the pencil.
  6. Make the necessary changes, click Save.

To view the security provider log

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Privileged Remote Access > Users & Security.
    The User & Security page opens and the Users tab displays by default.
  3. Click the Security Providers tab.
    The Security Providers tab displays.
  4. Locate the provider from the OIDC Provider section.
  5. Click the vertical ellipsis .
  6. Click View Log.

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.