DocumentationRelease Notes
Log In
Documentation

Launch the web rep console

Suggest Edits

The web rep console enables you to use a web-based representative console to securely support customers and access remote systems by connecting to them remotely through the B Series Appliance. To begin using the web rep console to support customers, follow the steps outlined below.

ℹ️

Note

Representatives using a Chrome OS device to support customers can use only the web rep console.

Launch the web rep console using /console

This is the quickest way to access the web console.

  1. In the address bar of your browser, enter your BeyondTrust site host name followed by /console, for example, access.example.com/console.
  2. Enter the username and password associated with your BeyondTrust user account.
  3. Click Login to start your web-based representative console session.

FIDO2-certified authenticators can be used to securely log in to the desktop representative console, web rep console, and the /login administrative interface without entering your password. You can register up to 10 authenticators.

If passwordless login has been enabled, Authenticate Using may default to Passwordless FIDO2, or it can be selected. The exact process for passwordless login depends on the type of device and manufacturer.

You can enable passwordless login and set the default authentication after logging into the /login administrative interface, by navigating to Management > Security, and then registering passwordless authenticators at My Account > Security.

ℹ️

Note

Passwordless login for the desktop representative console on macOS or Linux systems is supported only for roaming authenticators (such as the YubiKey hardware security keys). Platform or integrated authenticators (such as Face ID and fingerprint scanners) are not supported for the desktop desktop representative console login when using macOS or Linux systems.

Launch the web rep console using /login

ℹ️

Note

By default, this option is not available. To launch the web console from the /login administrative interface, you must navigate to Management > Security and check Allow Mobile Representative Console and Web Rep Console to Connect.

  1. In the address bar of your browser, enter your BeyondTrust site host name followed by /login, for example, access.example.com/login.
  2. Enter the username and password associated with your BeyondTrust user account, and click Login, or log in using passwordless authentication.
  3. Click Consoles & Downloads in the left menu, or click the user icon in the upper-right corner of the screen. The image below shows both options selected.
  4. Click Launch Web Rep Console on the Consoles & Downloads screen or on the user options window.
  5. The web rep console opens in a new tab, and you can begin working with endpoints.

To log out of the web rep console, click the user icon in the upper-right corner of the screen and click Log Out. This does not log you out of the /login administrative interface. To log out of the /login administrative interface, click the user icon in the upper-right corner of that screen and click Log Out.

Web rep console preferences

The language and color scheme options visible when the user icon is clicked in the /login administrative interface affect only that interface. To set preferences in the web rep console, click the user icon in the upper-right corner of the web rep console, and then click Preferences. Select your preferences in the pop-up window.

Select your preferred color scheme. You can switch between Light and Dark modes, or System, which uses whatever mode is selected for your system.

Select any of the automatic options you would like to use:

  • Automatically collapse the Session Queues panel when a session is selected.
  • Automatically collapse the Jump Groups panel when a Jump Item is selected.
  • Automatically open the chat sidebar in new sessions.
  • Automatically lock the chat sidebar open in new sessions.
  • Automatically collapse the Volumes panel when a file is selected in the File Transfer view.

Sign in directly to the web rep console using SAML

It is possible to configure an application or tile in a SAML identity provider (IdP), (like the tiles used to sign in to Okta and similar applications) that takes you directly to the web rep console rather than to /login.

To configure this, you must:

  • Set up application in the IdP as you would for /login
  • Change the RelayState parameter. To obtain the correct parameter, copy the entire string shown for RelayState in the SAML request in SP-initiated login into the /console page, and paste this value into the SAML SP provider configuration for RelayState on the IdP side. This enables IdP-initiated login to be to the /console page instead of to the default /login page.

There are two parts to the SAML configuration: the IdP and service provider (SP). In this instance you are the SP, and the SAML service is the IdP (OneLogin, Okta, and similar). Currently, you can export metadata from the SAML security provider on /login (in the Service Provider section), which you can then import into the IdP to help configure the SAML side. If, as part of this configuration, you set the RelayState parameter to console, then any login initiated from the IdP (for example, clicking the tile in Okta) sends you to the web rep console rather than to /login.

Authenticate from the API

This feature allows users to log in to the web rep console and Jump to an endpoint using the Reporting API.

The Client Scripting API URL follows the format of https://support.example.com/api/client_script, where support.example.com is your B Series Appliance hostname.

The API accepts a client type (web_console), an operation to perform (execute), and a command (start_jump_item_session). No other commands are supported for the web_console client type.

If the user is logged into the desktop representative console when the Client Scripting API URL is accessed with type=web_console, then the user is logged into the web rep console and disconnected from the desktop representative console. If this behavior is not desired, then the user must use a Client Scripting API URL with type=rep instead of type=web_console.

Conversely, if the user is logged into the web rep console and the API calls type=rep, the user is logged into the desktop representative console and disconnected from the web rep console.

Here is an example of a valid Client Scripting API request:

https://support.example.com/api/client_script?type=web_console&operation=execute&action=start_jump_item_session&search_string=ABCDEF02

If the user is already logged into the web rep console, the above request runs the command in the browser tab running the web rep console. In this case, the command starts a session with the Jump Client whose hostname, comments, public IP, or private IP matches the search string "ABCDEF02."

If the user is not already logged into the web rep console, the above request opens a new browser tab and directs the user to /login to authenticate (this step is skipped if the user is already logged in to /login). The user is then redirected to the web rep console, and the command starts a session with the Jump Client whose hostname, comments, public IP, or private IP matches the search string "ABCDEF02."

In both cases, if more than one Jump Item matches the search criteria, the user must select the correct Jump Item from a list. If no Jump Items match the search criteria, the web rep console shows an error message to the user.

All of the search criteria for the start_jump_item_session command are supported with type=web_console, including:

  • jump.method
  • search_string
  • client.hostname
  • client.comments
  • client.tag
  • client.public_ip
  • client.private_ip
  • session.custom.

Join as an external rep

From the native representative console, representatives with the appropriate permission and session policy can invite external representatives to participate in a session, for the duration of that session only. When an external representative clicks the rep invite URL, they are given the option to join the session using the web rep console or to download and install the desktop representative console. Once they have selected the web rep console or desktop representative console, they can join the session.

When an external representative joins the session, they are greeted with a welcome message. They have access only to the session they were invited to and have a limited set of privileges. Invited representatives can never be the session owner. If the inviting representative leaves the session without another session owner, any external representatives are logged out.

Download the desktop representative console from the web rep console

While working in the web rep console, you can choose at any time to switch to working in the desktop representative console. Click on the Desktop Representative Console menu item located under the Actions menu in the top-right corner of the screen.

ℹ️

Note

Representatives using Chrome OS devices cannot download and use the desktop rep console.

If you already have the desktop representative console installed, run the BeyondTrust Representative Console Script to open and log in to the representative console. Any sessions active in the web rep console open in the desktop representative console. You are automatically signed out of the web rep console.

If you do not already have the desktop representative console installed, you must first follow the link to the My Account page to download and install the desktop representative console. You may then run the BRCS file.

ℹ️

Note

On a Linux system, you must save the file to your computer and then open it from its download location. Do not use the Open link that appears after downloading a file from some browsers.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.