Vendors

What are vendors?

Vendors are third-party users who are granted controlled access to your systems for tasks like support, maintenance, or other necessary operations.

How are they useful to my organization?

Vendors enable you to securely collaborate with external parties by granting access through configurable vendor groups, with support for up to 150 groups.

How do I access the Vendors page?

1. Sign into app.beyondtrust.io.
   The BeyondTrust Home page displays.
2. From the main menu, click Privileged Remote Access > Users & Security.
   The User & Security page opens and the Users tab displays by default.
3. Click the Vendors tab.
   The Vendors tab displays.

The Vendors page

1. Left menu: Easy access to all pages in Privilege Remote Access, including Home, Status, Consoles & Downloads, My Account, Configuration, Jump, Vault, Console Settings, Users & Security, Reports, Management, and Appliance pages.

2. Status: Takes you to the Status page.

3. Header: Change tenant site and obtain user profile setting information.

4. Add:- Adds a new vendor group.

5. Vendors Group columns: The list of Vendors Group columns.

   Vendors Group columns

   • Name: Unique name of the special action.
   • Group Policy: The group policy name that authenticates with the vendor.
   • Number of Accounts: Administrative accounts associated with the vendor.

6. Special Actions list options: Edit or delete a vendor group.

Add new vendor group

1. Sign into app.beyondtrust.io.
   The BeyondTrust Home page displays.
2. From the main menu, click Privileged Remote Access > Users & Security.
   The User & Security page opens and the Users tab displays by default.
3. Click the Vendors tab.
   The Vendors tab displays.
4. Click Add.
   The Add new Vendor Group displays.
5. For Name, enter a unique group name.
6. In the Authorization Settings section, set the options to the following values:

Group Policy

• The selected group policy defines the permissions, memberships, and other settings to all users authenticating with this vendor. These settings cannot be changed on a per-user basis. Select a policy from those available or go to Users and Security > Group Policies to create a new one.

ℹ️

Note

Group policies that grant administrative permissions are not available for vendors.

Vendor users expires after

• Vendor user accounts will expire after the given number of days from their creation. After expiration, they will not be able to log in until the PRA User or a vendor admin extends their account's expiration time.

ℹ️

Note

The vendor account is deactivated according to this setting, regardless of the options selected for the selected group policy Account Expiration.

Automatically delete expired users

• Vendor user accounts that have expired are automatically deleted after the given number of days since their expiration.

Users and Teams for management and notifications

• You can select up to 10 users and teams to manage vendor users in this group and some self-registration portal settings. These users and teams receive all configured notifications for this vendor group if they have valid email addresses.
  The configuration settings are:
  • Notify when a user is added to this vendor group
  • Notify when a user has expired in this vendor group
  • Notify when a user has expired or has been automatically deleted in this vendor group (displays when the Automatically delete expired user checkbox is selected
  • Require approval to activate users in this vendor group
  • Require approval to extend or reactivate users in this vendor group
  • Email if users are awaiting action after

Network Restrictions

Network address allow list

Enter network address prefixes, one per line, in the formats shown in the examples. Netmasks are optional, and they can be given in either dotted-decimal or integer bitmask format. Entries that omit a netmask are assumed to be single IP addresses.

Vendor portal settings

You can customize the vendor self-registration portal users see when they register.

📘

Note

Changes are not applied until after the vendor group is saved.

Enable Vendor Portal

Check the box to enable the vendor portal. This feature can only be turned on after selecting a group policy under Authorization Settings.

Upload logo

Click to upload a logo. This can be your logo, or the vendor's logo, depending on your needs and preferences. For best results use an image that is 128x128 pixels.

Branding colors

You can apply two accent colors and one background color:

• Accent Color 1: Controls the section header background color, border color, and dark text color.
• Accent Color 2: Controls the link color, button background color, and the language globe color.
• Background Color: Controls the page background color and light text color.

👍

Tip

Click Revert to Default if you do not want to keep the changes you made.

Portal Instructions

Enter the text to be displayed to users when they register in the self-registration portal.

Email Subject

This is the email subject that users see when they receive their confirmation email, after they have registered through the self-registration portal.

Email Body

Enter the text for the confirmation email sent to users after they submit the registration form.

Vendor Portal URL

Enter the URL for the users' registration site.

Email Domain Allow List

You can restrict email addresses to the domains listed here when users register through the portal. Enter one email domain per line. Commas and spaces are prohibited. If not provided, there are no restrictions on allowed email addresses.

Configurable Slug

Enter the URL slug for your site. By default, this is a randomly generated string.

When you are done, click Preview Vendor Portal to see how the portal looks.

Add vendor administrator

Vendor administrators

After you click Save on the newly created vendor group, you are notified that all vendor groups must have one user assigned as vendor administrator. You can either click Proceed to assign a vendor administrator or add the admin user later from the Vendors page.

ℹ️

Note

Vendor admins cannot add other vendor admins.

Add user

To add an administrator to the vendor group after the initial save, do the following:

1. Click Proceed.
2. For Username, enter a valid user name.
3. For Display Name, enter the name you want to display.
4. For Email Address, enter a valid email address.
5. For Password, enter a valid password that is associated with the email address in step 4.
6. For Confirm Password, enter the same password in step 5.
7. Click Save.

📘

Note

• When you add a vendor admin, ensure the Vendor Group Administrator box is checked.
• When Email Password Reset Link to User is checked, vendor admins can send password reset links to users. The reset link expires 24 hours after the email is sent. The expiration time cannot be changed.

PRA user

Click to select an admin or a user from the list. The selected user can manage vendor users in this group and some self-registration settings. This user receives all configured admin notifications for this vendor group and should have a valid email address.

ℹ️

Note

Any PRA user can be assigned by a PRA administrator to take over the management of that vendor group after it has been created. The PRA user does not have permission/rights to change security settings specific to the vendor–rather, the PRA user is the designated approver, receiver of notifications, and has visibility and edit privileged regarding the vendor users themselves.

Notify the PRA user when a user is added to this vendor group

If this box is checked, an email is sent to the PRA admin or user in charge of the group each time a new user is added. You can require PRA approval for new members. If approval is required, a message displays next to the new member's name in the group member's list, indicating that the user Needs Approval.

Notify the PRA user when a user has expired in this vendor group

If this box is checked, the admin or user in charge of the group users receives an email whenever a user has expired, as well as a link to reactivate the user, if so desired.

Require PRA user approval to activate users in this vendor group

If this box is checked, a PRA admin or user in charge of the group must approve new members.

Require PRA user approval to extend or reactivate users in this vendor group

If this box is checked, a PRA admin or user in charge of the group must approve extension or reactivation of users in this vendor group.

Email PRA user if users are awaiting action after

If this box is checked, the PRA admin or user in charge of the group receives an email notification if users are awaiting action after a selected time period. The default is one day, but time periods from one hour to one week are available in the dropdown list below the check box.

Network restrictions

Network address allow list

Enter network address prefixes, one per line, in the formats shown in the examples. Netmasks are optional, and they can be given in either dotted-decimal or integer bitmask format. Entries that omit a netmask are assumed to be single IP addresses.

Users requiring action

Users requiring an action from the admin or user in charge of the vendor group are listed here. Under Action Required you find the issue requiring attention. The listed issues are Disabled, Expired, Failed Login, Locked, Needs Approval, and Pending.

Users

Click Add to add members to an existing group. You can use the search box to search for listed users under Last Authenticated As, Display Name, and Email Address. You can select which column categories with user information to display from the settings icon on the right. The options are Last Authenticated As, Display Name, Email Address, Last Authentication Date, Administrator, and Expiration Date.

Vendor portal settings

You can customize the vendor self-registration portal users see when they register. Changes are not applied until after the vendor group is saved.

Enable vendor portal

Check the box to enable the vendor portal. This feature can only be turned on after selecting a group policy under Authorization Settings.

Upload logo

Click to upload a logo. This can be your logo, or the vendor's logo, depending on your needs and preferences. For best results use an image that is 128x128 pixels. You can apply two accent colors and one background color:

• Accent Color 1: Controls the section header background color, border color, and dark text color.
• Accent Color 2: Controls the link color, button background color, and the language globe color.

Click Revert to Default if you do not want to keep the changes you made.

Portal instructions

Enter the text to be displayed to users when they register in the self-registration portal.

Email subject

This is the email subject that users see when they receive their confirmation email, after they have registered through the self-registration portal.

Email body

Enter the text for the confirmation email sent to users after they submit the registration form.

Vendor portal URL

Enter the URL for the users' registration site.

Email domain allow list

You can restrict email addresses to the domains listed here when users register through the portal. Enter one email domain per line. Commas and spaces are prohibited. If not provided, there are no restrictions on allowed email addresses.

Configurable slug

Enter the URL slug for your site.

When done click Preview Vendor Portal to see how the portal will look.

Add vendor administrator

Vendor administrators

After clicking Save on the newly created vendor group, you are notified that all vendor groups must have one user assigned as vendor administrator. You can either click Proceed to assign a vendor administrator or add the admin user later from the Vendors page.

ℹ️

Note

Vendor admins cannot add other vendor admins.

Add user

When adding a vendor admin, ensure the Vendor Group Administrator box is checked.

When Email Password Reset Link to User is checked, vendor admins can send password reset links to users. The reset link expires 24 hours after the email is sent. The expiration time cannot be changed.