DocumentationRelease Notes
Log In
Documentation

BlokSec

Suggest Edits

Traditional remote access methods such as RDP, VPN, and legacy remote desktop tools lack granular access management controls. These processes enable easy exploits via stolen credentials and session hijacking. Extending remote access to your vendors makes matters even worse.

BeyondTrust Secure Remote Access enables organizations to apply least privilege and audit controls to all remote access from employees, vendors, and service desks. BlokSec provides users the ability to securely connect without the hassle of passwords or MFA. Representatives and public portals are supported.

Remote Support for representatives provides the ability to configure a SAML authentication provider, which needs to be configured to point to BlokSec instance. Configuration is required in both products.

ℹ️

Note

See BlockSec to learn more.

BlokSec integration for representatives

Prerequisites

  • Installed BeyondTrust Remote Support instance
  • Installed BlokSec instance
  • BlokSec test users with mobile app installed

Create Remote Support for representatives application in the BlokSec administration console

Log in to Bloksec and follow the steps below:

  1. From the dashboard, click + Add Application.
  2. Select Create from Template.
  3. Select the BeyondTrust Remote Support and Privileged Remote Access for Representatives template.
  4. On the Create Application screen:
    • Replace {your-instance-url} in the Entity ID and Assertion Consumer Service URLs with the URL of your BeyondTrust site (for example, eval######.beyondtrustcloud.com or your customer URL).
    • Set the NameID Source to User email.
  5. Edit the Groups attribute and set the Value to the group name, passed with the SAML assertion.
  6. Submit the new application, then make note of the SSO Uri, and view and save the X.509 Signing Certificate in a new file, for example, signing_cert.pem.

Configure the SAML for representatives identity provider in BeyondTrust

Log in to BeyondTrust Remote Support. Continue with the steps below.

  1. Click the Users & Security > Security Providers tab, click + Add, and select SAML for Representatives.
  2. Under Identity Provider Settings:
    • Enter the Entity ID: https://api.bloksec.io
    • Set the Single Sign-On Service URL to the SSO Uri value provided by BlokSec when the new application was submitted in the BlokSec Administration Console. For example, https://api.bloksec.io/sso/SingleSignOnService/{unique ID}.
    • Click + UPLOAD CERTIFICATE and upload the certificate downloaded from BlokSec when the new application was submitted in the BlokSec Administration Console.
  3. Under Authorization Settings, choose the group to be used for the Default Group Policy.

Test the configuration

  1. Go to the BlokSec administration console, and navigate to the newly created BeyondTrust Remote Support for Representatives application.

  2. Click the settings icon.

  3. Select Create Account.

  4. Go to the BeyondTrust instance’s login page (for example, https://eval######.beyondtrustcloud.com/login/login) and click Use SAML Authentication.

  5. Enter the username created in the step above.

  6. BlokSec sends a push notification to the user's mobile application to authenticate the representative.

  7. The representative can review the request, and then approve it. The device performs a biometric authentication (e.g., fingerprint or facial recognition depending on the mobile device's capabilities), and then a digital signature is sent to the BlokSec service to verify the representative's authenticity.

  8. The representative is securely logged into the BeyondTrust Remote Support console.

BlokSec integration for public portals

Prerequisites

  • Installed BeyondTrust Remote Support instance
  • Installed BlokSec instance
  • BlokSec test users with mobile app installed

Create Remote Support for public portal application in the BlokSec administration console

Remote Support for the public portal provides the ability to configure a SAML authentication provider, which needs to be configured to point to the BlokSec instance.

Log in to Bloksec and follow the steps below.

  1. From the dashboard, click + Add Application.

  2. Select Create from Template.

  3. Select the BeyondTrust Remote Support Public Portal template.

  4. On the Create Application screen:

    • Replace {your-instance-url} in the Entity ID and Assertion Consumer Service URLs with the URL of your BeyondTrust site (for example, eval######.beyondtrustcloud.com or your customer URL).
    • Set the NameID Source to User email.

  5. Submit the new application, and then make note of the SSO Uri and save the X.509 Signing Certificate in a new file, for example, signing_cert.pem.

Configure the SAML for public portals identity provider in BeyondTrust

Log in to BeyondTrust Remote Support. Continue with the steps below.

  1. Click the Users & Security > Security Providers tab, click + Add, and select SAML for Public Portals.
  2. Under Identity Provider Settings:
    • Enter the Entity ID: https://api.bloksec.io
    • Set the Single Sign-On Service URL to the SSO Uri value provided by BlokSec when the new application was submitted in the BlokSec Administration Console. For example, https://api.bloksec.io/sso/SingleSignOnService/{unique ID}.
    • Click + UPLOAD CERTIFICATE and upload the certificate downloaded from BlokSec when the new application was submitted in the BlokSec Administration Console.

Configure the public portal to require SAML authentication

  1. On the Public Portals > Public Sites tab, edit the public site for the portal to be authenticated with BlokSec.
  2. Check the Require SAML Authentication box.
  3. Click Save.

Test the configuration

  1. Go to the BlokSec administration console, and navigate to the newly created BeyondTrust Remote Support for Representatives application.
  2. Click the settings icon.
  3. Select Create Account.
  4. Go to your BeyondTrust instance’s public site (for example, https://eval######.beyondtrustcloud.com) and click the Login button.
  5. Enter the username created in the step above.
  6. BlokSec sends a push notification to the user's mobile application to authenticate the representative.
  7. The representative can review the request, and then approve it. The device performs a biometric authentication (e.g., fingerprint or facial recognition depending on the mobile device's capabilities), and then a digital signature is sent to the BlokSec service to verify the representative's authenticity.
  8. The representative is securely logged into the BeyondTrust Remote Support portal.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.