Helpdesk

This process only outlines the creation of the Team within AD and PS. Not the users themselves. If you require users to be onboarded, follow this process. 

Active Directory 
Services > Groups > AAD synced > Beyond Trust 
 Right click, add new team. 
 Input team name, and then the same for admin team. 
 Add non-priv team into BT-All-Non-Priv-Users grp

Azure Active Directory 
Enterprise Applications > BeyondTrust PRA Cloud
Expand manage, go to Users and Groups 
Add in new Team

Password Safe
Config > User Management 
Create New Group 
Active Directory Group Search 

Credentials as Bind account 

Input grp name as stated in AD. 
Select Add group. 
 
Directory Query
Config> Role Based Access > Directory Query
Clone a directory query
Update LDAP have new team name. 
 
Smart Rules - Onboard
Config > Smart rules
Select managed account
Clone relevant 3.Onboard Admin accounts 
Change name 
Change query to the above one that was just created 
Check/change required access - any reference to 'link domain account to managed system'.  
Add required access here.
  
Smart Rules - Map account
Config > Smart rules 
Clone relevent 4. Account Mapping smart rule 
Change name
Change dedicated smart group to map to 
Save and process as required. 

PRA
Jump Tab
Jump Groups
- Add jump group
- Follow standardised naming convention 

Configuration Tab
Teams
- +add team
- Follow standardised naming convention 

Users and Security Tab
Security Providers
- Add team (BT-Team-***) to Authorisation settings in SAML - this is assuming the team is already on-boarded. 
Group Policies
- Copy policy, change name, remove teams, remove jump group.
-Ad Team and jump group
- Set session policy to internal/vendors