BeyondTrust Privileged Remote Access

PRA provides controlled, just-in-time remote access for administrators and third-party vendors to servers, desktops, and other resources. It centralizes brokering of sessions over encrypted tunnels, enables least-privilege workflows, and captures comprehensive audit/recording for compliance and forensics.

Key Capabilities

  • Enterprise SSO & Directory Integration: Supports SAML 2.0, OpenID Connect, Kerberos, and LDAP/RADIUS as “security providers” for authentication/SSO and group-based authorization.

  • Provisioning & Deprovisioning: SCIM integration to automate user and group lifecycle from an external IdP/IAM.

  • Session Brokering & Isolation: Remote sessions are brokered through encrypted tunnels that isolate targets from direct network exposure and remove the need for VPN access.

  • Deployment Options: Documented for both on-premises (appliance) and cloud deployments, with admin guides and product release notes.

Limitations

  • Not an IdP/CIAM: PRA is an access broker and session control platform; it relies on external identity systems for authentication, rich user profile management, and customer identity use cases.

  • Protocol Roles: SSO is by integrating with external SAML/OIDC/Kerberos/LDAP providers; PRA is not documented as issuing OIDC tokens for third-party apps.

  • Feature Scope vs. PAM Suite: Advanced credential vaulting/rotation and full session vault governance are addressed in adjacent BeyondTrust products (e.g., Password Safe), not PRA alone.

  • Security Incident Context (product-specific): BeyondTrust disclosed a December 2024 incident involving Remote Support SaaS (separate product), stating other products were not affected.

Customer Identity, Simplified.

No Complexity. No Limits.
Thousands of businesses trust LoginRadius for reliable customer identity. Easy to integrate, effortless to scale.

See how simple identity management can be. Start today!
Free Trial
Contact Sales