This article addresses specific requirements from the security software perspective. The supported platforms are listed in a related article: Supported Platforms and System Requirements.
Credential Requirements
Administrative privileges are NOT required on local desktops/laptops.
macOS Team Identifier
The team identifier for macOS is BZA6SZ8XVQ.
Process allowlist requirements (latest version)
Windows 64-bit
Program | SHA256 |
%LocalAppData%\Programs\BeyondIdentity\BeyondIdentity.exe | 75ff95cf92f7f703ee21d5659abf6749c83f3b93a064aaac4949d95a9d8698c7 |
%LocalAppData%\Programs\BeyondIdentity\WebView\BeyondIdentityViewHelper.exe | bc362eea5ad5c3f012fa623ef0afef3c54600ed198c31e2ff450766602390df4 |
macOS
Program | SHA256 |
/Applications/BeyondIdentity.app/Contents/MacOS/BeyondIdentity | 17d75dba9606e55a89498a2161570b5dda551cf5af32d7ec4161985ae4d2968b |
Windows Desktop Login
Program | SHA256 |
%ProgramFiles%\BeyondIdentity\BeyondIdentity.exe | 75ff95cf92f7f703ee21d5659abf6749c83f3b93a064aaac4949d95a9d8698c7 |
%ProgramFiles%\BeyondIdentity\WebView\BeyondIdentityViewHelper.exe | bc362eea5ad5c3f012fa623ef0afef3c54600ed198c31e2ff450766602390df4 |
%ProgramFiles%\BeyondIdentity\WDL\BIService.exe | 6ea8674b9e50b7195e4842dd1ffe42f411404289881846d821a53e63828cb685 |
Firewall / Proxy URL Allowlisting
*.byndid.com
E-Mail Proxy Allowlisting
Allowlist domain byndid.com
Bypasses for Host Firewall
Windows | BeyondIdentity.exe: Outbound Port: 443 BeyondIdentity.exe: Inbound 127.0.0.1, ports 8198, 6221, 4995, 3032, 1286 |
macOS | BeyondIdentity.app: Outbound Port: 443 BeyondIdentity.exe: Inbound 127.0.0.1, ports: 8198, 6221, 4995, 3032, 1286 |
Beyond Identity Domains and Known Hosts
Some organizations want to control access more strictly and explicitly allowlist the known addresses or route their VPN tunnels differently based on the destination.
The recommended way is to allowlist all hosts in our ecosystem.
*.beyondidentity.com
*.byndid.com
Explicitly allowlisting specific hosts is likely to cause an interruption in the authentication service eventually as our services evolve and we introduce more features that use different hosts.
The following table describes the explicit hosts.
Domain / Host | Description |
beyondidentity.com | Main domain for websites and emails |
www.beyondidentity.com | Public web site |
support.beyondidentity.com | Main support website |
status.beyondidentity.com | Status page website |
byndid.com | Production services domain |
app.byndid.com | The main application endpoint |
auth.byndid.com | Authentication endpoint |
device-gateway.byndid.com | Policy related endpoint |
api.byndid.com | Application Programming Interface endpoint. |
webview-helper-config-overrides.byndid.com | Windows WebView helper application configuration endpoint. |
pa.authenticator.beyondidentity.com | Platform Authenticator service endpoint |
pa2.authenticator.beyondidentity.com | Platform Authenticator service endpoint |
launch-static.beyondidentity.com | Platform Authenticator service endpoint |
Beyond Identity’s IP addresses
Customers that use IP controls will need to add the following IPs to allow cloud communications from Beyond Identity cloud services to your integration servers.
Production IP Addresses
Region | Environment | IP Addresses |
|---|---|---|
US | Primary (us-east-2) | 3.139.250.82 |
US | Secondary | 13.52.210.186 |
EU | Primary (eu-central-1) | 18.196.19.155 |