BeyondTrust Walkthrough
The following steps will demonstrate setting up an OIDC connection within BeyondTrust that leverages AuthID's biometric authentication platform.
Video Walkthroughs
Setup BeyondTrust Policies
The following video demonstrates how to set up rules and policies that will activate authID to perform biometric authentication on an endpoint:
](https://player.vimeo.com/video/791285323?h=e1712376d9)
End User Experience
The following video demonstrates what a user sees when authenticating with authID.
](https://player.vimeo.com/video/791285360?h=edcd97b66a)
Install Privilege Management
Using the appropriate installation guide for Windows or Mac devices, ensure that endpoints have the BeyondTrust endpoint management software installed and that the computers/groups are synchronized in the Privilege Management Console:
Create authID Integration
Follow the steps in the integration guide to create a new identity provider, make sure to set the Client Type to Public, and Require PKCE to be true. It does not generate a client secret to ensure that the integration remains secure using PCKE. Finally, set the login redirect URL to com.beyondtrust.pmfm://idp
.
Update Policy
The user must adjust the policy to use the authID identity provider you created in the previous step if the user successfully configured and deployed a policy for Windows or Mac.
Edit and unlock the relevant policy in the policy list, then navigate to Messages underneath either Windows or macOS. Select the Identity Provider Settings button to enter the following details for the integration:
- Identity Provider: OIDC
- Authority URI: https://id.authid.ai/oidc/web
- Client ID: use the value from the previous step
- Redirect URI: enter the redirect URI used for Windows endpoints
As an optional step, you can create a new message type or modify an existing one to activate the IDP authentication. In the third section, check the box that says Verify their Identity through an Identity Provider and select the Idp - OIDC from the dropdown under Multifactor Authentication.
Test Policy (Optional)
You can test that the policy functions correctly by having a user engage in an activity that activates the message you created/modified. This will show a dialog that lets the user enter their details in the authID system to complete the authentication.
From here, the default browser will appear and a user is prompted to continue their authentication with authID:
Updated 10 days ago