DocumentationAPI ReferenceRelease Notes
Documentation
Start typing to search…

Users & security | PRA Cloud

What is the Users page?

The Users page allows administrators to manage individual user accounts, including creating, editing, and deleting accounts. It provides detailed control over user-specific settings, permissions, and roles within the Privileged Remote Access environment.

How is the Users page useful to my organization?

The Users page enables administrators to customize access and permissions for each user, ensuring security and proper role alignment. It also allows for efficient user management, helping to maintain compliance and support operational needs.

How do I access the Users page?

  1. Use a Chromium-based browser to sign in to your Privileged Remote Access URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click Users & Security.
    The Users page opens and displays by default.

  1. Add: Adds a new user.

  2. Filter: Search users based on Last Authenticated As, Display Name or Email Address.

  3. Hide columns: Option to hide/display columns.

  4. Users columns: The list of Users columns. Not all of the columns are displayed.

    Users columns
    • Last Authenticated As: The name of the user in the form of [email protected].
    • Private Display Name: The full name of the account. For example, "John Smith".
    • Last Authentication Date: The last date the user logged on.
    • Administrator: Defines whether the user is an administrator which is defined in General Permission section of the Users & Security > Group Policies page. The value of the column is Yes or No.

  5. Users list options: Edit or delete a user.

  6. Download Report: Generate a report for user accounts.

Add a user account

  1. From the left menu, click Users & Security.
    The Users page opens and displays by default.
  2. Click + Add.
    The Add User page displays.
  3. Enter a unique Username as an identifier used to log in.
  4. Enter the Display name to display on the public site, in chats, etc. Users can use a public display name, for use with customers, and a private display name, for use in all internal communications.
  5. Enter a unique Display number or leave this field blank to automatically select the next available number. This number affects the order in which users are listed on the public site.
  6. Upload a photo to be used as a representative avatar, which is displayed in the customer client chat window and in the /login administrative interface. The image used must be in .png or .jpeg format, no more than 1 MiB in size, and with a minimum 80x80 pixel size.
    1. Click Set Photo.
    2. Set the image dimensions using the slider and the buttons Fit in Box and Fill Entire Box
    3. When satisfied, click Crop to use it, or Cancel, if you do not wish to keep the image you just selected.
    4. Click Change Photo to select a new photo or Delete Photo to remove the avatar from this user. The photo can also be changed or deleted from the /login > My Account page.
ℹ️

For more information, see Customer client in a session.

  1. Enter the Email address to where email notifications are sent, such as password resets or extended availability mode alerts.

  2. Enter the Preferred email language. If more than one language is enabled on this site, set the language in which to send emails.

  3. Enter the Password used with the username to log in. The password may be set to whatever you choose, as long as the string complies with the defined policy set on the /login > Management > Security page.

  4. Select Must reset password at next login to require the user to reset their password at next login.

  5. Select Password never expires to allow the password to never expire.

  6. Select Password expiration date to causes the password to expire on a given date.

  7. Update the options in the following sections from the default settings as needed for the user:

Memberships

Memberships
Account settings
General permissions
Access permissions
  • Allowed to access endpoints: Enables the user to use the access console in order to run sessions. If endpoint access is enabled, options pertaining to endpoint access will also be available.
  • Session management
    • Allowed to share sessions with teams which they do not belong to: Enables the user to invite a less limited set of user to share sessions, not only their team members. Combined with the extended availability permission, this permission expands session sharing capabilities.
    • Allowed to invite external users: Enables the user to invite third-party users to participate in a session, one time only.
    • Remove User from session after inactivity: Sets the time interval to remove a user from a session after inactivity. Values range from No Timeout to 24 hours.
    • Allowed to enable extended availability mode: Enables the user to receive email invitations from other users requesting to share a session even when they are not logged into the access console.
    • Allowed to edit the external key: Enables the user to modify the external key from the session info pane of a session within the access console.
  • User to user screen sharing
    • Allowed to show screen to other users: Enables the user to share their screen with another user without the receiving user having to join a session. This option is available even if the user is not in a session.
    • Allowed to give control when showing screen to other users: Enables the user sharing their screen to give keyboard and mouse control to the user viewing their screen.
  • Jump Technology
    • Allowed Jump Item methods: Enables the user to Jump to computers using the following:
      • Jump Clients
      • Local Jump (Windows only)
      • Remote Jump
      • Remove VNC
      • Web Jump
      • Remote RDP
      • Shell Jump
      • Protocol Tunnel Jump
    • Jump Item Roles: A Jump Item Role is a predefined set of permissions regarding Jump Item management and usage. For each option, click Show to open the Jump Item Role in a new tab.
      • The Default role is used only when Use User's Default is set for that user in a Jump Group.
      • The Personal role applies only to Jump Items pinned to the user's personal list of Jump Items.
      • The Teams role applies to Jump Items pinned to the personal list of Jump Items of a team member of a lower role. For example, a team manager can view team leads' and team members' personal Jump Items, and a team lead can view team members' personal Jump Items.
      • The System role applies to all other Jump Items in the system. For most users, this should be set to No Access. If set to any other option, the user is added to Jump Groups to which they would not normally be assigned, and in the access console, they can see non-team members' personal lists of Jump Items.
      • The Endpoint automation role sets how a user can use endpoint automation.
        • Not allowed prevents them from seeing the Jump > Endpoint Automation tab altogether.
        • A User can create new automation jobs with these restrictions:
          • They are able to choose any existing Script Template but cannot edit the Script Template, Script Command, nor select or change the template accompanying Resources.
          • The Script Template, Script Command, Operating System, and Resources fields are unavailable.
          • They can run scripts only on Jump Items where their Jump Item Role includes the Start Sessions permission (set on the Jump > Jump Items Role page).
          • An Administrator has full access and ability to create Jobs, Scripts Templates, and Resources.
            ℹ️

            For more information, see Jump Item Roles and Endpoint Automation.

      • External tools
        • Enable static port and username for external tool sessions: This option accepts two values:
          • Enable: Ensures that the port and username generated for a user starting a session with a Jump item using external tools are preserved from session to session.
          • Disable: A new port number and username are randomly generated for that user every time they start a new session with each Jump item.
Session permissions
Availability settings
  1. Click Save at the top of the page.

Edit a user account

  1. From the left menu, click Users & Security.
    The Users page opens and displays by default.
  2. Locate the user you want to edit from the list.
  3. Click .
    The Edit User page displays.
  4. Edit the User details. The details available are the same as the Add User page details except for the following Membership details, which can be viewed only when you edit a user account:
  • Team memberships Listing of the teams to which the user belongs.
  • Jumpoint memberships Listing of the Jumpoints which the user can access.
  • Jump Group memberships Listing of the Jump Groups to which the user belongs.
  • Vault Account Group memberships Listing of the Vault Account Groups to which the user belongs
ℹ️

A icon displays next to fields that are not editable because they are defined by a group policy.

  1. Click Save at the top of the page.

Delete a user account

You cannot delete your own account.

  1. From the left menu, click Users & Security.
    The Users page opens and displays by default.
  2. Locate the user you want to delete from the list.
  3. Click to delete the user.

Updated about 1 month ago

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.