How to Configure SAML 2.0 for BeyondTrust Remote Support (Public Portals)

Contents

• Supported Features
• Configuration Steps
• Notes

Supported Features

The Okta/BeyondTrust Remote Support (Public Portals) SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO
• JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

---

Configuration Steps

1. Log in to your BeyondTrust Remote Access account as an administrator.

2. Go to USERS & SECURITY > SECURITY PROVIDERS.

3. Go to +ADD, then select SAML For Public Portals from the drop-down menu.

4. Do the following:

   • Identity Provider Settings

     • Save the following as metadata.xml:

       Sign into the Okta Admin dashboard to generate this value.

     • Metadata: Click + Upload Identity Provider Metadata, locate and upload the Okta metadata you just saved.

     • Click Save.

5. Go to Public Portals > Public Sites and click Edit next to the desired public site. Then follow the steps below:

   • Select Require SAML Authentication.

   • Click Save.

6. Done!

---

Notes

• Make sure that you entered the correct value in the Base URL field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to BeyondTrust Remote Support and Privileged Remote Access (Public Portals).




• The following SAML attributes are supported:

  Name	Value
  FirstName	user.firstName
  LastName	user.lastName
  Email	user.email
  Username	user.userName

SP-initiated SSO

1. Go to: https://[yourBaseUrl]

2. Click Login.