DocumentationRelease Notes
Log In
Documentation

Credential injection

Suggest Edits

When accessing a Windows-based Jump Client via the mobile representative console, you can use credentials from a credential store to log in to the endpoint or to run applications as an admin.

Before using credential injection, make sure that you have a credential store available to connect to BeyondTrust Remote Support, such as a password vault.

System requirements

  • Windows Vista or newer, 64-bit only
  • .NET 4.5 or newer
  • Processor: 2GHz or faster
  • Memory: 2GB or greater
  • Available Disk Space: 80GB or greater

Before you can begin accessing Jump Items using credential injection, you must download, install, and configure the BeyondTrust Endpoint Credential Manager (ECM).

ℹ️

Note

The ECM must be installed on your system to enable the BeyondTrust ECM Service and to use credential injection in BeyondTrust Remote Support.

  1. To begin, download the BeyondTrust Endpoint Credential Manager (ECM) from BeyondTrust Technical Support. Start the BeyondTrust Endpoint Credential Manager Setup Wizard.

  2. Agree to the EULA terms and conditions. Mark the checkbox if you agree, and click Install.

    If you need to modify the ECM installation path, click the Options button to customize the installation location.

ℹ️

Note

You are not allowed to proceed with the installation unless you agree to the EULA.

  1. Click Install.
  2. Choose a location for the credential manager and click Next.
  3. On the next screen, you can begin the installation or review any previous step.
  4. Click Install when you are ready to begin.
  5. The installation takes a few moments. On the screen, click Finish.

ℹ️

Note

  • To ensure optimal up-time, administrators can install up to five ECMs on different Windows machines to communicate with the same site on the BeyondTrust Appliance B Series. A list of the ECMs connected to the B Series Appliance site can be found at /login > Status > Information > ECM Clients.
  • When multiple ECMs are connected to a BeyondTrust site, the B Series Appliance routes requests to the ECM that has been connected to the B Series Appliance the longest.

Configure a connection to your credential store

Using the ECM Configurator, set up a connection to your credential store.

  1. Locate the BeyondTrust ECM Configurator you just installed using the Windows Search entry field or by viewing your Start menu programs list.

  2. Run the program to begin establishing a connection.

  3. When the ECM Configurator opens, complete the fields. All fields are required.

Field LabelValue
Client IDThe Admin ID for your credential store.
Client SecretThe Admin secret key for your credential store.
SiteThe URL for your credential store instance.
PortThe server port through which the ECM connects to your site.
PluginClick the Choose Plugin... button to locate the plugin.
  1. When you click the Choose Plugin... button, the ECM location folder opens.
  2. Paste your plugin files into the folder.
  3. Open the plugin file to begin loading.

ℹ️

Note

If you are connecting to a password vault, more configuration at the plugin level may be needed. Plugin requirements vary based on the credential store that is being connected.

Use credential injection to access endpoints

After the credential store has been configured and a connection established, BeyondTrust Remote Support can begin using credentials in the credential store to log in to endpoints.

  1. Go to your Jump Items list.

  2. Tap the Jump Item you wish to access.

  3. Tap Jump.

  4. Tap Credential Store.

  5. Tap the credentials you wish to use to access the system.

  6. Tap Continue.

  7. From within the session, tap the Start button to start screen sharing.

  8. Tap the Special Actions option. Tap Run as....

  9. Tap Windows Security (Ctrl-Alt-Del).

  10. Tap the Key icon. The Key icon allows the system to view your stored credentials to gain entry into the endpoint.

Choose from favorite credentials for injection

After you have used a set of credentials to log into an endpoint, the system stores your preferred credentials for the endpoint and the context in which they were used (to log in, to perform a special action, to elevate, or to push) in the B Series Appliance database. The next time you use a credential to access the same endpoint, the credential injection menu makes a recommendation for which credentials to use.

The credentials are displayed at the top of the credentials list, under Recommended Accounts, followed by any remaining credentials. If no credential history exists for an endpoint, the B Series Appliance displays all possible credentials, grouped by accounts that are associated with the Jump Item and not associated with the Jump Item. Jump Item associations for accounts and account groups are configured in /login.

The credential list recommends no more than five credentials.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.