Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
BeyondTrust Password Safe
#1
Hello,
We recently implemented BeyondTrust Password Safe but have had some buy-in resistance because most of our IT users use ASG-RD to manage their remote desktop sessions. One thing that makes this difficult out of the box is that to connect to a server, the server name has to be included in the username. For example, if I want to connect to SERVERA, I have to RDP to BEYONDTRUST with the username of DOMAIN\USER+DOMAIN\ACCOUNT+SERVERA, meaning I'd need a unique Credential for each server. 

I upgraded ASG to 2019 (from 2017) and was glad to see several password vault integrations, but BeyondTrust was not one of them. Is there any chance this could be included in a future release, or does anyone have any suggestions for a workaround? BeyondTrust does provide an API. I would more than happy to test any beta releases. 

Thanks!
Reply
#2
We will check that - which products of BeyondTrust do you use? Only PasswordSafe or also RemoteAccess Security or anything else? Just to know what we should do :-)
Regards/Gruss
Oliver
Reply
#3
(01-11-2019, 09:14 AM)DevOma Wrote: We will check that - which products of BeyondTrust do you use? Only PasswordSafe or also RemoteAccess Security or anything else? Just to know what we should do :-)

Just Password Safe.
Reply
#4
Any ETA on a solution for BeyondTrust / Password Safe?
Reply
#5
Sorry, it's on hold - we never got a test environment that was running well - so we stopped it - we can try to reactivate...
Regards/Gruss
Oliver
Reply
#6
We are currently rolling out Password Safe and have been using ASG for a long time, so the internal IT staff are used to it and it would be great if we could continue with using ASG after the shift to Password Safe Smile
Reply
#7
Anything new on this?
Reply
#8
Was planned for this week to get a test environment - but I have to ask again...
Regards/Gruss
Oliver
Reply
#9
We have a working test environment - and can read the data from Beyond Password Safe - but as we do not use it really it is not easy to see which data we need - I can see that getting passwords must be "Requested" for each system? And there are some categories like ManagedAccounts and FunctionalAccounts that I do not understand the difference - if you can tell me what do you expect to be synced it would help

You can answer here or send your suggestions to asg.rd@asg.com

Thanks
Regards/Gruss
Oliver
Reply
#10
(24-09-2020, 08:24 AM)DevOma Wrote: We have a working test environment - and can read the data from Beyond Password Safe - but as we do not use it really it is not easy to see which data we need - I can see that getting passwords must be "Requested" for each system? And there are some categories like ManagedAccounts and FunctionalAccounts that I do not understand the difference - if you can tell me what do you expect to be synced it would help

You can answer here or send your suggestions to asg.rd@asg.com

Thanks

Functional Accounts are the service accounts that BeyondTrust uses to change the passwords for Managed Accounts. For ASG, Managed Accounts are the ones we'd be concerned with. They would match up to the Credentials in ASG. In BeyondTrust, I have a regular account (call it "USER") that I use to login to BeyondTrust, then I request access to a Managed Account (call it "MA-USER") that has admin access on the systems. I know the password to USER, but BeyondTrust is the only one that knows the password to MA-USER, and it changes the MA-USER password when I am finished with the account. While some orgs may require approval to use an account, we just auto-approve all requests. 

Within ASG, we'd want to have connections in our list where we could choose Connect as and choose the MA-USER account, then it would interact with BeyondTrust to get the appropriate password for the MA-USER account to connect to the connection.
Reply
#11
Ok thanks - we will try to implement
Regards/Gruss
Oliver
Reply




Users browsing this thread: 1 Guest(s)