Product Documentation

BeyondTrust Walkthrough

Suggest Edits

The following steps will demonstrate setting up an OIDC connection within BeyondTrust that leverages AuthID's biometric authentication platform.

Video Walkthroughs

Setup BeyondTrust Policies

The following video demonstrates how to set up rules and policies that will activate authID to perform biometric authentication on an endpoint:

Image alt text](https://player.vimeo.com/video/791285323?h=e1712376d9)

End User Experience

The following video demonstrates what a user sees when authenticating with authID.

Image alt text](https://player.vimeo.com/video/791285360?h=edcd97b66a)

Install Privilege Management

Using the appropriate installation guide for Windows or Mac devices, ensure that endpoints have the BeyondTrust endpoint management software installed and that the computers/groups are synchronized in the Privilege Management Console:

The San Juan Mountains are beautiful!

Install Privilege Management.

Create authID Integration

Follow the steps in the integration guide to create a new identity provider, make sure to set the Client Type to Public, and Require PKCE to be true. It does not generate a client secret to ensure that the integration remains secure using PCKE. Finally, set the login redirect URL to com.beyondtrust.pmfm://idp.

The San Juan Mountains are beautiful!

Create authID Integration.

Update Policy

The user must adjust the policy to use the authID identity provider you created in the previous step if the user successfully configured and deployed a policy for Windows or Mac.

Edit and unlock the relevant policy in the policy list, then navigate to Messages underneath either Windows or macOS. Select the Identity Provider Settings button to enter the following details for the integration:

  • Identity Provider: OIDC
  • Authority URI: https://id.authid.ai/oidc/web
  • Client ID: use the value from the previous step
  • Redirect URI: enter the redirect URI used for Windows endpoints
The San Juan Mountains are beautiful!

Update Policy.

As an optional step, you can create a new message type or modify an existing one to activate the IDP authentication. In the third section, check the box that says Verify their Identity through an Identity Provider and select the Idp - OIDC from the dropdown under Multifactor Authentication.

The San Juan Mountains are beautiful!

IDP - OIDC.

Test Policy (Optional)

You can test that the policy functions correctly by having a user engage in an activity that activates the message you created/modified. This will show a dialog that lets the user enter their details in the authID system to complete the authentication.

The San Juan Mountains are beautiful!

Test Policy.

From here, the default browser will appear and a user is prompted to continue their authentication with authID:

The San Juan Mountains are beautiful!

Authentication to authID.

Updated about 2 months ago