Documentation
Start typing to search…

Security | PRA Pathfinder

What is the Security page?

The Security page provides options for configuring security-related settings within your BeyondTrust deployment. It includes features for managing user authentication, session security, and other security controls to ensure that access is protected and policies are enforced.

How is the Security page useful?

The Security page is essential for administrators to implement and manage security measures across the system, such as authentication methods and session policies. It helps protect sensitive data and ensures that user access aligns with organizational security requirements.

How do I access the Security page?

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Privileged Remote Access > Management.
    The Management page opens and the Software tab displays by default.
  3. Click the Security tab.
    The Security tab displays.

The Security page

Security Page

  1. Vendor Authentication: Settings for authentication.

  2. Vendor Password: Set password for vendor accounts.

  3. Access Console: Settings for Access Console.

How to configure the security settings

Vendor Authentication

Default authentication method

The default authentication method is OIDC Credentials. If the Enable Passwordless FIDO2 Authentication for vendor users checbox is selected, then Passwordless FIDO2 is available for the default authentication method. If Passwordless FIDO2 authentication is selected, either authentication method can be selected when you sign in.

Enable Passwordless FIDO2 authentication

This feature allows users from the local security provider or vendor users to register and log in with FIDO2-certified authenticators rather than a password. FIDO2 authenticator devices must support CTAP2 and be able to perform user verification using biometrics or a PIN.

Clearing this feature does not remove previously registered authentications. If it is necessary to remove those, they must be deleted before the feature is disabled.

Users with registered passwordless authentication can continue to log in using their username and password. This can be useful if they need to log in using a device that does not support passwordless authentication.

This feature cannot be limited to specific users or user groups.

  • Users: Add User Permissions for a User or Admin: Users and Security > Users > Add > Session Permissions > Clipboard Synchronization Direction
  • Session Policies: Set Session Permission and Prompting Rules: Users and Security > Session Policies > Add > Permission > Clipboard Synchronization Direction
  • Group Policies: Apply User Permissions to Groups of Users: Users and Security > Group Policies > Add > Session Permissions \Session Policy > Clipboard Synchronization Direction

Updated 2 months ago

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.