DocumentationAPI ReferenceRelease Notes
Documentation

Security providers | PRA Pathfinder

Suggest Edits

What are security providers?

Security providers authenticate users against existing identity sources like LDAP, RADIUS, Kerberos, OpenID Connect, SCIM, or SAML2 servers. They can also assign privileges based on the hierarchy and group settings defined in those servers.

How are security providers useful?

Security providers streamline authentication by using LDAP for directory services, SAML2, OpenID Connect, and Kerberos for single sign-on, and SCIM for automated user provisioning. They also enhance security with two-factor methods like RSA via RADIUS.

How do I access the Security Providers page?

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Privileged Remote Access > Users & Security.
    The User & Security page opens and the Users tab displays by default.
  3. Click the Security Providers tab.
    The Security Providers tab displays.
For users moving from Cloud or On-premises

The way authentication providers are managed in Privileged Remote Access on Pathfinder differs from Cloud and On-premises. Instead of configuring them directly in the admin interface of Privileged Remote Access, authentication providers are created and managed through the Pathfinder Platform.

All tasks related to creating and maintaining security providers must now be performed within Pathfinder configuration. This decreases the amount of administrative overhead and standardizes authentication configuration when configuring users across all BeyondTrust products.

Privileged Remote Access connects to the Pathfinder Platform using OpenID Connect (OIDC), which is automatically set up during the provisioning of your Pathfinder tenant.

As a result, all configuration of local and SAML users is managed at the Pathfinder Platform level, not within individual instances of the Privileged Remote Access (PRA) product.

SAML users and groups defined in Pathfinder are exposed within the Admin interface of PRA, where user and groups can be used for individual assignments or group policy configurations.

🚧

Important information

This explains why you cannot add or view security providers on the Security providers page in Privileged Remote Access on Pathfinder.

In Remote Support, you do have the ability to add SAML for Public Portals.

The Security Providers page

An image of BeyondTrust Privileged Remote Access interface showing the 'Users & Security' page with the 'Security Providers' tab selected. The page includes sections for Security Providers and OIDC Providers. Under OIDC Providers, an entry labeled 'BeyondTrust-Pathfinder' is listed, providing user authentication, user provisioning, and group lookup. Its status is marked as 'Available,' with icons for editing and additional options next to the status. The top bar includes a menu icon, the label 'Privileged Remote Access,' and a tenant dropdown labeled 'your-tenant'.
  1. Left menu: Easy access to all pages in Privilege Remote Access, including Status, Consoles & Downloads, My Account, Configuration, Jump, Vault, Console Settings, Users & Security, Reports, Management, and Appliance pages.
  2. Status: Opens the Status page.
  3. Header: Change your tenant site, manage your profile, and access documentation.

  1. Security Providers: A list of security providers is located on the Administration > Identity & Authentication Providers page.

  2. OIDC Provider: A list of OIDC providers.

  3. Security Providers list options: Edit a OIDC Security Provider.

How to manage security providers

Security providers are configured in the Administration tenant in Pathfinder. To add, edit, or delete a security provider, see Identity providers.

Edit an OIDC provider

  1. From the Security Providers page, locate the provider from the OIDC Provider section.
  2. To edit the provider, click .
  3. Make the necessary changes, then click Save.

To view the security provider log

  1. From the Security Providers page, locate the provider from the OIDC Provider section.
  2. Click > View Log.

Updated about 2 months ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.