Privileged Access Jump Client Guide

Privileged Access Jump Client Guide
Privileged Access
Jump Client Guide
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
TC:5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Table of Contents
Privileged Access Jump Client Guide: Unattended Access to Systems in Any
Network
3
Recommended Steps to Implement Jump Technology
4
Use Jump Item Roles to Configure Permission Sets for Jump Clients
5
Create Jump Policies to Control Access to Jump Clients
6
Use Jump Groups to Configure Which Users Can Access Which Jump Clients
9
Deploy Jump Clients from the Administrative Interface
11
Installation on Windows, Linux, or Mac Systems
12
Installation on Headless Linux Systems
14
Manage Jump Client Settings
Active vs. Passive Jump Clients
Start an Access Session through a Jump Client
16
17
18
From the Access Console
18
From the API
23
Use Cases for Implementing Jump Clients
26
Basic Use Case
26
Advanced Use Case
29
Appendix: Require a Ticket ID Workflow for Jump Client Access
34
What Users See
34
How It Works
34
Create a Jump Policy Requiring Ticket ID Approval
34
Connect External Ticket ID System to Jump Policies
35
API Approval Request
36
API Approval Reponse
37
Error Messages
38
Appendix: Jump Client Error Messages
39
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
2
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Privileged Access Jump Client Guide: Unattended Access to
Systems in Any Network
With Bomgar Jump Technology, a user can access and control remote, unattended computers in any network. Jump Technology is
integral to the Bomgar software offerings.
A Jump Client is an installable application that enables a user
to access a remote computer, regardless of its location. The
remote computer does not need to reside on a known network.
Jump Clients are persistently connected to the appliance, thus
helping you reach systems on remote networks anywhere in
the world. By pre-installing Jump Clients on remote systems, a
user can establish sessions with unattended Windows, Mac,
and Linux computers.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
3
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Recommended Steps to Implement Jump Technology
When working with Jump Technology, there are a lot of moving parts. Here is a recommended order of implementation to make full
use of your software.
1. Add Jump Item Roles. Jump Item Roles determine how users are allowed to interact with Jump Items. These roles are
applied to users by means of individual account settings, group policies, and/or when added to Jump Groups. For more
information about Jump Item Roles, see "Use Jump Item Roles to Configure Permission Sets for Jump Clients" on page 5.
2. Add Jump Policies.Jump Policies are used to control when certain Jump Items can be accessed by implementing
schedules, sending email notifications when a Jump Item is accessed, or requiring approval or user entry of a ticket system
ID before a Jump Item may be accessed. Jump Policies are applied to Jump Items upon creation and can be modified from
the access console. Additionally, Jump Policies can be applied to users when associating a user or group policy with a
Jump Group. For more information about Jump Policies, see "Create Jump Policies to Control Access to Jump Clients" on
page 6.
3. Add Jump Groups.A Jump Group is a way to organize Jump Items, granting members varying levels of access to those
items. Users are assigned to Jump Groups either individually or by means of group policy. For more information about Jump
Groups, see "Use Jump Groups to Configure Which Users Can Access Which Jump Clients" on page 9.
4. Deploy Jump Clients. Jump Clients can be deployed to Windows, Mac, and Linux systems and do not require those
systems to be on a network. Jump Clients are deployed from /login > Jump > Jump Clients. When creating the installer in
the mass deployment wizard, be sure to set the Jump Group and Jump Policy to determine who can access the Jump Client
and with what restrictions. For more information about Jump Clients, see "Deploy Jump Clients from the Administrative
Interface" on page 11.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
4
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Use Jump Item Roles to Configure Permission Sets for Jump
Clients
A Jump Item Role is a predefined set of permissions regarding
Jump Item management and usage. Jump Item Roles are
applied to users either from the Jump > Jump Groups page or
from the Users & Security > Group Policies page.
If more than one role is assigned to a user, then the most
specific role for a user is always used. The order of specificity
for Jump Item Roles, from most specific to least specific, is:
l
The role assigned to the relationship between a user and a Jump Group on the Jump > Jump Groups page.
l
The role assigned to the relationship between a user and a Jump Group on the Users & Security > Group Policies page.
l
The Jump Item Roles configured for a user on the Users & Security > Users page or the Users & Security > Group
Policies page.
Create or edit a Jump Item Role, assigning it a name and
description. Then set the permissions a user with this role
should have.
Under Jump Group or Personal Group, determine if users can
create and deploy Jump Items, delete Jump Items, and/or
move Jump Items from one Jump Group to another.
Check Start Sessions to enable users to Jump to any Jump
Items they have access to.
To allow users to edit Jump Item details, check any of Edit Tag,
Edit Comments, Edit Jump Policy, Edit Session Policy, Edit
Connectivity and Authentication, and Edit Behavior and
Experience. Click the orange arrows under the last two options to see exactly what is affected by these fields.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
5
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Create Jump Policies to Control Access to Jump Clients
To control access to particular Jump Items, create Jump Policies. Jump Policies are used to control when certain Jump Items can be
accessed by implementing schedules, sending email notifications when a Jump Item is accessed, or requiring approval or user
entry of a ticket system ID before a Jump Item may be accessed. A Jump Policy can be applied to Jump Clients as well as to Jump
shortcuts.
Create a Jump Policy
1. From the /login administrative interface, go to Jump > Jump Policies.
2. Click Add New Jump Policy.
Note: A Jump Policy does not take effect until you
have applied it to at least one Jump Item.
3. Create a unique name to help identify this policy. This
name should help users identify this policy when
assigning it to Jump Items.
4. Set a code name for integration purposes. If you do not
set a code name, one is created automatically.
5. Add a brief description to summarize the purpose of
this policy.
6. If you want to enforce an access schedule, check
Enable. If it is disabled, then any Jump Items that use
this policy can be accessed without time restrictions.
Note: Jump schedule and Jump approval cannot
both be enabled on the same policy.
l
l
l
Set a schedule to define when Jump Items
under this policy can be accessed. Set the time
zone you want to use for this schedule, and
then add one or more schedule entries. For
each entry, set the start day and time and the
end day and time.
If, for instance, the time is set to start at 8 am and end at 5 pm, a user can start a session using this Jump Item at any
time during this window but may continue to work past the set end time. They will not, however, be allowed to reaccess this Jump Item after 5 pm.
If stricter access control is required, check Force session to end. This forces the session to disconnect at the
scheduled end time. In this case, the user receives recurring notifications beginning 15 minutes prior to being
disconnected.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
6
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
7. You may choose to trigger an email notification whenever a session starts or ends with a Jump Item that uses this policy.
l
l
l
l
l
Check Notify recipients when a session starts to send an email at the beginning of a session. When a user
attempts to start a session with a Jump Item that uses this policy, a prompt states that a notification email will be sent
and asks if the user would like to start the session anyway.
Check Notify recipients when a session ends to send an email at the end of a session. When a user attempts to
start a session with a Jump Item that uses this policy, a prompt states that a notification email will be sent at the end
of the session and asks if the user would like to start the session anyway.
Enter one or more email addresses to which emails should be sent. Separate addresses with a space. This feature
requires a valid SMTP configuration for your appliance, set up on the /login > Management > Email Configuration
page.
Enter the name of the email recipient. This name appears on the prompt the user receives prior to a session with a
Jump Item that uses this policy.
If more than one language is enabled on this site, set the language in which to send emails.
8. If you check Require a ticket ID before a session starts, a valid ticket ID from your external ticket ID approval process must
be entered by the user whenever a session is attempted with any Jump Item that uses this Jump Policy. When a user
attempts to start a session with a Jump Item that uses this policy, a configurable dialog prompts the user to enter the
approved ticket ID from your external ITSM or ticket ID system. For more information, see "Appendix: Require a Ticket ID
Workflow for Jump Client Access" on page 34
9. If you check Require approval before a session starts, an approval email is sent to the designated recipients whenever a
session is attempted with any Jump Item that uses this Jump Policy. When a user attempts to start a session with a Jump
Item that uses this policy, a dialog prompts the user to enter a request reason and the time and duration for the request.
Note: Jump schedule and Jump approval cannot both be enabled on the same policy.
l
l
l
l
l
Set the maximum length of time for which a user can request access to a Jump Item that uses this policy. The user
can request a shorter length of access but no longer than that set here.
When approval has been granted to a Jump Item, that Jump Item becomes available either to any user who can see
and request access to that Jump Item or only to the user who requested access.
Enter one or more email addresses to which emails should be sent. Separate addresses with a space. This feature
requires a valid SMTP configuration for your appliance, set up on the /login > Management > Email Configuration
page.
Enter the name of the email recipient. This name appears on the prompt the user receives prior to a session with a
Jump Item that uses this policy.
If more than one language is enabled on this site, set the language in which to send emails.
10. If you check Disable Session Recordings, sessions started with this Jump Policy are not recorded, even if recordings are
enabled on the Configuration > Options page. This affects screen sharing recordings, protocol tunnel Jump recordings, and
command shell recordings.
11. When you are finished configuring this Jump Policy, click Save Jump Policy.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
7
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
12. You can modify the notification email template. Use any
of the macros listed below this field in the /login page to
customize the text for your purposes.
13. You also can modify the approval email template. Use
any of the macros listed below this field in the /login
page to customize the text for your purposes.
14. If you enabled the requirement of a ticket ID in the
Jump Approval section, configure access to your
external ticket ID system.
In Ticket System URL, enter the URL for your external
ticket system. If an HTTPS URL is entered, upload the
certificate for the HTTPS ticket system connection to the
appliance.
In User Prompt, enter the dialog text you want access console users to see when they are requested to enter the ticket ID
required for access.
If your company's security policies consider ticket ID information as sensitive material, check the Treat the Ticket ID as
sensitive information box.
For more information, see "Appendix: Require a Ticket ID Workflow for Jump Client Access" on page 34.
After the Jump Policy has been created, you can apply it to Jump Items either from the /login interface or from the access console.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
8
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Use Jump Groups to Configure Which Users Can Access
Which Jump Clients
A Jump Group is a way to organize Jump Items, granting
members varying levels of access to those items. Users are
assigned to Jump Groups either from the Jump > Jump
Groups page or from the Users & Security > Group Policies
page.
Create or edit a Jump Group, assigning it a name, code name,
and comments. The Group Policies section lists any group
policies which assign users to this Jump Group.
In the Allowed Users section, you can add individual users if
you prefer. Search for users to add to this Jump Group. You
can set each user's Jump Item Role to set their permissions
specific to Jump Items in this Jump Group, or you can use the
user's default Jump Item Roles as set on the Users & Security
> Group Policies or Users & Security > Users page. A Jump
Item Role is a predefined set of permissions regarding Jump
Item management and usage.
You can also apply a Jump Policy to each user to manage
their access to the Jump Items in this Jump Group. Selecting
Set on Jump Items instead uses the Jump Policy applied to
the Jump Item itself. Jump Policies are configured on the Jump
> Jump Policies page and determine the times during which a
user can access this Jump Item. A Jump Policy can also send a notification when it is accessed or can require approval to be
accessed. If neither the user nor the Jump Item has a Jump Policy applied, this Jump Item can be accessed without restriction.
Existing Jump Group users are shown in a table. You can filter the view by entering a string in the Filter Users text box. You can
also edit a user's settings or delete the user from the Jump Group.
To add groups of users to a Jump Group, go to Users & Security > Group Policies and assign that group to one or more Jump
Groups.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
9
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Note: You may see some users whose Edit and Delete options are disabled. This occurs either when a user is added via group
policy or when a user's system Jump Item Role is set to anything other than No Access.
You can click the group policy link to modify the policy as a whole. Any changes made to the group policy apply to all members
of that group policy.
You can click the user link to modify the user's system Jump Item role. Any changes to the user's system Jump Item role apply to
all other Jump Groups in which the user is an unassigned member.
You also can add the individual to the group, overriding their settings as defined elsewhere.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
10
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Deploy Jump Clients from the Administrative Interface
Jump Clients can be pre-installed on remote computers in anticipation of the need for remote access. This method of installation
may be applied to one system or multiple systems simultaneously. You can easily automate the mass deployment of your Jump
Client network by allowing customization during installation. The Jump Client command line installer has switches which allow a
script to modify a variety of Jump Client parameters when executed. This allows you to create custom mass deployment scripts to
pull in variables from other sources and use the variables to modify the Jump Client parameters at install time.
1. From the /login administrative interface, go to Jump > Jump Clients.
2. From the dropdown, select whether to pin the Jump
Client to your personal list of Jump Items or to a Jump
Group shared by other users. Pinning to your personal
list of Jump Items means that only you can access this
remote computer through this Jump Client. Pinning to a
shared Jump Group makes this Jump Client available
to all members of that Jump Group.
3. You may choose a Session Policy to assign to this
Jump Client. Session policies are configured on the
Users & Security > Session Policies page. A session
policy assigned to this Jump Client has the highest
priority when setting session permissions.
4. You may apply a Jump Policy to this Jump Client. Jump Policies are configured on the Jump > Jump Policies page and
determine the times during which a user can access this Jump Client. A Jump Policy can also send a notification when it is
accessed or can require approval to be accessed. If no Jump Policy is applied, this Jump Client can be accessed without
restriction.
5. Adding a Tag helps to organize your Jump Clients into categories within the access console.
6. Set the Connection Type to Active or Passive for the Jump Clients being deployed. An active Jump Client maintains a
persistent connection to the appliance, while a passive Jump Client instead listens for connection requests. For more
information on active versus passive Jump Clients, see "Active vs. Passive Jump Clients" on page 17.
7. If you have one or more Jumpoints set up as proxies, you can select a Jumpoint to proxy these Jump Client connections.
That way, if these Jump Clients are installed on computers without native internet connections, they can use the Jumpoint to
connect back to your Bomgar Appliance. The Jump Clients must be installed on the same network as the Jumpoint selected
to proxy the connections.
8. Add Comments, which can be helpful in searching for and identifying remote computers. Note that all Jump Clients
deployed via this installer have the same comments set initially, unless you check Allow Override During Installation and
use the available parameters to modify the installer for individual installations.
9. The installer remains usable only as long as specified by the This Installer is Valid For dropdown. Be sure to leave
adequate time for installation. If someone should attempt to run the Jump Client installer after this time, installation fails, and
a new Jump Client installer must be created. Additionally, if the installer is run within the allotted time but the Jump Client is
unable to connect to the appliance within that time, the Jump Client uninstalls, and a new installer must be deployed. The
validity time can be set for anywhere from 10 minutes to 1 year. This time does NOT affect how long the Jump Client remains
active.
In addition to expiring after the period given by the This Installer is Valid For option, Jump Client mass deployment
packages invalidate when their Bomgar Appliance is upgraded. The only exception to this rule is live updates which change
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
11
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
the license count or license expiration date. Any other updates, even if they do not change the version number of the
appliance, invalidate the Jump Client installers from before the upgrade. If these installers are MSI packages, they can still
be used to uninstall Jump Clients if necessary.
Once a Jump Client has been installed, it remains online and active until it is uninstalled from the local system either by a
logged-in admin user, by a Bomgar user from the access console's Jump interface, or by an uninstall script. A Bomgar user
cannot remove a Jump Client unless the user is given appropriate permissions by their admin from the /login interface.
10. If Attempt an Elevated Install if the Client Supports It is selected, the installer attempts to run with administrative rights,
installing the Jump Client as a system service. If the elevated installation attempt is unsuccessful or if this option is
deselected, the installer runs with user rights, installing the Jump Client as an application. This option applies only to
Windows and Mac operating systems.
Note: A Jump Client pinned in user mode is available only when that user is logged in. In contrast, a Jump Client pinned
in service mode, with elevated rights, allows that system to always be available, regardless of which user is logged in.
Note: This option does not apply to headless Linux Jump Clients.
11. If Prompt for Elevation Credentials if Needed is selected, the installer prompts the user to enter administrative credentials
if the system requires that these credentials be independently provided; otherwise, it installs the Jump Client with user
rights. This applies only if an elevated install is being attempted.
Note: This option does not apply to headless Linux Jump Clients.
12. Once you click Create, you can download the Jump
Client installer immediately if you plan to distribute it
using a systems management tool or if you are at the
computer that you need to later access. You can also
email the installer to one or more remote users.
Multiple recipients can install the client from the same
link. The Platform option defaults to the appropriate
installer for your operating system. You can select a
different platform if you plan to deploy the Jump Client on a different operating system.
Note: Once the installer has run, the Jump Client attempts to connect to the appliance. When it succeeds, the Jump
Client appears in the Jump interface of the access console. If the Jump Client cannot immediately reach the appliance,
then it continues to reattempt connection until it succeeds. If it cannot connect within the time designated by This
Installer Is Valid For, then the Jump Client uninstalls from the remote system and must be redeployed.
Installation on Windows, Linux, or Mac Systems
Note: To install a Jump Client in service mode on a Linux system, the Jump Client must be installed as root. This will NOT
cause the Jump Client to run as root. A service mode Jump Client allows the user to start a session even if no remote user is
logged on, as well as to log off the current remote user and log on with different credentials. A Linux Jump Client installed in
user mode cannot be elevated within a session.
For system administrators who need to push out the Jump Client installer to a large number of systems, the Windows, Mac, or Linux
executable or the Windows MSI can be used with your systems management tool of choice. You can include a valid custom install
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
12
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
directory path where you want the Jump Client to install. You can also override certain installation parameters specific to your
needs. These parameters can be specified for both the MSI and the EXE using a systems administration tool or the command line
interface. When you mark specific installation options for override during installation, you can use the following optional parameters
to modify the Jump Client installer for individual installations. Note that if a parameter is passed on the command line but not
marked for override in the /login administrative interface, the installation will fail. If the installation fails, view the operating system
event log for installation errors.
Command Line Parameter
Value
Description
Specifies a new writable directory under which to install the
Jump Client. This is supported only on Windows and Linux.
--install-dir
<directory_path>
When defining a custom install directory, ensure that the
directory you are creating does not already exist and is in a
location that can be written to.
--jc-jump-group
user:<username>
If override is allowed, this command line parameter overrides
team:<team-code-name>
the Jump Group specified in the Mass Deployment Wizard.
If override is allowed, this command line parameter sets the
--jc-session-policy
<session-policy-code-name>
Jump Client's session policy that controls the permission policy
during an access session.
If override is allowed, this command line parameter sets the
--jc-jump-policy
<jump-policy-code-name>
Jump Policy that controls how users are allowed to Jump to the
Jump Client.
--jc-tag
<tag-name>
--jc-comments
<comments ... >
--silent
If override is allowed, this command line parameter sets the
Jump Client's tag.
If override is allowed, this command line parameter sets the
Jump Client's comments.
If included, the installer shows no windows, spinners, errors, or
other visible alerts.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
13
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Note: When deploying an MSI installer on Windows using an msiexec command, the above parameters can be specified by:
1. Removing leading dashes (-)
2. Converting remaining dashes to underscores (_)
3. Assigning a value using an equal sign (=)
Example:
msiexec /i bomgar-scc-win32.msi KEY_INFO=w0dc3056g7ff8d1j68ee6wi6dhwzfefggyezh7c40jc90 jc_
jump_group=team:general jc_tag=servers
There are two exceptions to this rule:
l
installdir has a dash in the EXE version but no dashes in the MSI version.
l
/quiet is used for the MSI version in place of --silent in the EXE version.
Installation on Headless Linux Systems
To install a Jump Client on a remote Linux system with no graphical user interface, be sure you have downloaded the headless
Linux Jump Client installer, and then follow these additional steps:
1. Using your preferred method, push the Jump Client installer file to each headless Linux system you wish to access.
2. Once the installer file is on the remote system, use a command interface to install the file and specify any desired
parameters.
a. Install the Jump Client in a location to which you have write permission, using --install-dir <path>. You must
have permission to write to this location, and the path must not already exist. Any additional parameters must also be
specified at this time, as described below.
sh ./bomgar-scc-{uid}.bin --install-dir /home/username/jumpclient
b. If you wish to install under a specific user context, you can pass the --user <username> argument. The user must
exist and have rights to the directory where the Jump Client is being installed. If you do not pass this argument, the
Jump Client installs under the user context that is currently running.
sh ./bomgar-scc-{uid}.bin --install-dir /home/username/jumpclient --user jsmith
IMPORTANT!
It is not recommended to install the Jump Client under the root context. If you attempt to install when the current
user is root, you receive a warning message and are required to pass --user <username> to explicitly specify
the user that the process should run as.
c. You can also override certain installation parameters specific to your needs. These parameters can be specified for
both the MSI and the EXE using a systems administration tool or the command line interface. When you mark
specific installation options for override during installation, you can use the following optional parameters to modify
the Jump Client installer for individual installations. Note that if a parameter is passed on the command line but not
marked for override in the /login administrative interface, the installation will fail. If the installation fails, view the
operating system event log for installation errors.
sh ./bomgar-scc-{uid}.bin --install-dir /home/username/jumpclient --jc-jump-group
"Linux Admins" --jc-tag "Headless Linux Systems"
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
14
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Command Line
Parameter
Value
Description
--jc-jump-group
user:<username>
team:<team-code-name>
If override is allowed, this command line parameter
overrides the Jump Group specified in the Mass
Deployment Wizard.
--jc-jump-policy
<jump-policy-code-name>
If override is allowed, this command line parameter sets
the Jump Policy that controls how users are allowed to
Jump to the Jump Client.
--jc-tag
<tag-name>
If override is allowed, this command line parameter sets
the Jump Client's tag.
--jc-comments
<comments ... >
If override is allowed, this command line parameter sets
the Jump Client's comments.
3. After installing the Jump Client, you must start its process. The Jump Client must be started for the first time within the time
frame specified by This Installer Is Valid For.
/home/username/jumpclient/init-script start
This init script also accepts the stop, restart, and status arguments. You can use ./init-script status to make
sure the Jump Client is running.
IMPORTANT!
You must also arrange for init-script start to run at boot in order for the Jump Client to remain available whenever
the system restarts.
4. If you wish to uninstall the Jump Client, you must run its uninstall script.
/home/username/jumpclient/uninstall
Note: Separately and in addition to running the uninstall script, you must remove the Jump Client via the access
console. Otherwise, the Jump Client will remain in the access console, though it will not be accessible. Likewise,
removing the Jump Client only via the access console prevents it from being accessed but leaves the Jump Client files
on the Linux system.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
15
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Manage Jump Client Settings
An administrator can choose which statistics to view for all
Jump Clients on a site-wide basis. These statistics are
displayed in the access console and include CPU, console
user, disk usage, a thumbnail of the remote screen, and
uptime.
The Active Jump Client Statistics Update Interval
determines how often these statistics are updated. Managing
which statistics are viewed and how often can help to regulate
the amount of bandwidth used. The more active Jump Clients
you have deployed, the fewer the statistics and the longer the
interval may need to be.
Also set the maximum number of Jump Clients to upgrade at
the same time. Note that if you have a large number of Jump
Clients deployed, you may need to limit this number to regulate the amount of bandwidth consumed.
You may further regulate the bandwidth used during upgrades by setting Maximum bandwidth of concurrent Jump Client
upgrades.
Uninstalled Jump Client Behavior determines how a Jump Client deleted by an end user is handled by the access console.
Depending on dropdown option selected, the deleted item can either be marked as uninstalled and kept in the list or actually be
removed from the Jump Items list in the access console. If the Jump Client cannot contact the Bomgar Appliance at the time it is
uninstalled, the affected item remains in its offline state.
Allow users to attempt to wake up Jump Clients provides a way to wake up a selected Jump Client by broadcasting Wake-onLAN (WOL) packets through another Jump Client on the same network. Once a WOL is attempted, the option becomes unavailable
for 30 seconds before a subsequent attempt can be made. WOL must be enabled on the target computer and its network for this
function to work. The default gateway information of the Jump Client is used to determine if other Jump Clients reside on the same
network. When sending a WOL packet, the user has an advanced option to provide a password for WOL environments that require
a secure WOL password.
Set whether the default Jump Client connection type should be active or passive.
The Passive Jump Client Port specifies which port a passive Jump Client uses to listen for a "wake up" command from the
appliance. The default port is 5832. Ensure that firewall settings allow inbound traffic on this port for your hosts with passive Jump
Clients. Once awake, Jump Clients always connect to the appliance on port 80 or 443 outbound.
Note: You can set Jump Clients to allow or disallow simultaneous Jumps from the Jump > Jump Items > Jump Settings
section. If allowed, multiple users can gain access to the same Jump Client without an invitation to join an active session by
another user. If disallowed, only one user can Jump to a Jump Client at a time. Only an invitation by the user who originated the
session can allow for a second user to access the session.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
16
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Active vs. Passive Jump Clients
Jump Clients allow for one of two modes of behavior, active or passive. The default mode can be set from the Jump > Jump Clients
page, and the mode can be switched from the Jump interface of the access console.
A Jump Client in active mode maintains a persistent connection to the Bomgar Appliance, waiting for session requests. It sends
statistics updates as frequently as once per minute, as defined in the Jump Client Settings on the Jump > Jump Clients page.
A passive Jump Client does not maintain a connection to the appliance but rather listens for connection requests. It sends statistics
updates only once per day or upon manual check-in. In order to use a passive Jump Client, the appliance must be able to initiate
contact with the computer on which the passive Jump Client is installed. This requirement may necessitate that you modify firewall
rules to allow incoming connections to the target computer through the configured listen port. By default, this port is 5832; this can
be modified from the Jump > Jump Clients page. Passive mode may best be used on internal systems rather than external ones,
although with correct firewall configurations, it may be used in either implementation.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
17
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Start an Access Session through a Jump Client
Once a Jump Client has been installed on a remote computer, permitted users can use the Jump Client to initiate a session with
that computer, even if the computer is unattended.
From the Access Console
Your Jump Clients are listed in the Jump Interface.
Note: In addition to Jump Clients, you may also see Jump shortcuts for Remote Jumps, Local Jumps, RDP sessions, VNC
sessions, and Shell Jumps. Collectively, Jump Clients and Jump shortcuts are referred to as Jump Items. For more information
about Jump shortcuts, see the Jumpoint Guide.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
18
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Jump Items are listed in Jump Groups. If you are assigned to one or more Jump Groups, you
can access the Jump Items in those groups, with the permissions assigned by your admin.
Your personal list of Jump Items is primarily for your individual use, although your team
leads, team managers, and users with permission to see all Jump Items may have access to
your personal list of Jump Items. Similarly, if you are a team manager or lead with
appropriate permissions, you may see team members' personal lists of Jump Items.
Additionally, you may have permission to access Jump Items in Jump Groups you do not
belong to and personal Jump Items for non-team members.
If a Jump Group contains tagged Jump Items, an arrow appears to the left of the Jump Group
name. Click the arrow to show or hide the tags.
In addition to browsing for Jump Items, you can search based on multiple fields. Enter a
string in the search field and then press Enter. To change the fields you are searching, click
on the magnifying glass and check or uncheck any of the available fields. Searchable fields
include comments, console user, domain, group, Jump method, last accessed date, name,
private IP, public IP, status, tag, and workgroup.
To view additional statistics about a Jump Item, select the Jump Item. Available statistics appear in the right pane.
To start a session, double-click the Jump Item or select the Jump Item and click the Jump button from:
l
above the Jump interface
l
the right-click menu of the Jump Item
l
the top of the Jump Item statistics pane
If a Jump Policy is applied to the Jump Item, that policy affects how and/or when a Jump Item may be accessed.
Schedule
If a Jump Policy enforces a schedule for this Jump Item, an
attempt to access the Jump Item outside of its permitted
schedule prevents the Jump from occurring. A prompt informs
you of the policy restrictions and provides the date and time
when this Jump Item is next available for access.
Notification
If a Jump Policy is configured to send a notification on session start and/or end, then
an attempt to access a Jump Item alerts you that an email will be sent. You can
choose to proceed with the Jump and send a notification, or you can cancel the
Jump.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
19
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Ticket ID
If a Jump Policy requires entry of a ticket ID from your external
ITSM or ticket ID system before the Jump can be performed, a
dialog opens. In the dialog, enter the ticket ID you need,
authorizing access to this Jump Item.
Authorization
If a Jump Policy requires authorization before the Jump can be performed, a dialog opens.
In the dialog, enter the reason you need to access this Jump Item. Then enter the date and
time at which you wish authorization to begin, as well as how long you require access to
the Jump Item. Both the request reason and the request time are visible to the approver
and help them decide whether to approve or deny access.
When you click OK, an email is sent to the addresses defined
as approvers for this policy. This email contains a URL where
an approver can see the request, add comments, and either
approve or deny the request.
If a request was approved by one person, a second can
access the URL to override approval and deny the request. If a
request was denied, then any other approvers accessing the
site can see the details but cannot override the denied status. If
a user has already joined an approved session, that access
cannot be denied. Although other approvers can see the email address of the person who approved or denied the request, the
requester cannot. Based on the Jump Policy settings, an approved request grants access either to any user who can see and
request access to that Jump Client or only to the user who requested access.
In the Jump interface, the Jump Item's details pane displays the status of any authorization requests as either pending, approved,
approved only for a different user, or denied. When an approver responds to a request, a pop-up notification appears on the
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
20
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
requester's screen alerting them that access has been either approved or denied. If the requester has a configured email address,
an email notification is also sent to the requester.
When a user Jumps to a Jump Item which has been approved for access, a
notification alerts the user to any comments left by the approver.
When approval has been granted to a Jump Item, that Jump Item becomes
available either to any user who can see and request access to that Jump Item or
only to the user who requested access. This is determined by the Jump Policy.
Note: While multiple requests may be sent for different
times, the requested access times cannot overlap. If a
request is denied, then a second request may be sent for
the same time.
Depending on the permissions set by your administrator, you may also be able to wake up a selected Jump Client by broadcasting
Wake-on-LAN (WOL) packets through another Jump Client on the same network. Once a WOL is attempted, the option becomes
unavailable for 30 seconds before a subsequent attempt can be made. WOL must be enabled on the target computer and its
network for this function to work. The default gateway information of the Jump Client is used to determine if other Jump Clients
reside on the same network. When sending a WOL packet, the user has an advanced option to provide a password for WOL
environments that require a secure WOL password.
If you no longer need access to a remote system, select the Jump Item and click Remove, or right-click on the Jump Item and select
Remove from the menu. You may select multiple Jump Items to remove them all at the same time.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
21
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Note: If the remote user manually uninstalls a Jump Client, the deleted item is either marked as uninstalled or completely
removed from the Jump Items list in the access console. If the Jump Client cannot contact the Bomgar Appliance at the time it is
uninstalled, the affected item remains in its offline state. This setting is available at /login > Jump > Jump Clients. If a Jump
Client goes offline and does not reconnect to the Bomgar Appliance for 180 days, it is automatically uninstalled from the target
computer and is removed from the Jump interface.
Organize and manage existing Jump Items by selecting one or more Jump
Items and clicking Properties.
Note: To view the properties of multiple Jump Items, the
items selected must be all the same type (e.g., all Jump
Clients, all Remote Jumps, etc.).
l
Change a Jump Client's mode from the Connection Type
dropdown. Active Jump Clients send statistics to the Bomgar
Appliance on a defined interval. Passive Jump Clients send
statistics to the Bomgar Appliance once a day or upon a manual
check in.
Note: This feature is available only to customers
who own an on-premises Bomgar Appliance.
Bomgar Cloud customers do not have access to
this feature.
Based on the options your administrator sets, these statistics may include the remote computer’s logged-in console user,
operating system, uptime, CPU, disk usage, and a screen shot from the last update.
l
l
l
l
l
Move Jump Items from one Jump Group to another using the Jump Group dropdown. The ability to move Jump Items to or
from different Jump Groups depends upon your account permissions.
Further organize Jump Items by entering the name of a new or existing Tag. Even though the selected Jump Items are
grouped together under the tag, they are still listed under the Jump Group in which each is pinned. To move a Jump Item
back into its top-level Jump Group, leave this field blank.
Jump Items include a Comments field for a name or description, which makes sorting, searching, and identifying Jump
Items faster and easier.
To set when users are allowed to access this Jump Item, if a notification of access should be sent, and/or if permission or a
ticket ID from your external ticketing system is required to use this Jump Item, choose a Jump Policy. These policies are
configured by your administrator in the /login interface.
Choose a Session Policy to assign to this Jump Item. The session policy assigned to this Jump Item has the highest priority
when setting session permissions. The ability to set a session policy depends on your account permissions.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
22
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
From the API
By integrating with the Bomgar API, you may programmatically connect to a Jump Item directly from your systems management tool
or ticketing system. To start a session with a Jump Item from an external program, you will need to use a Bomgar Console Script
(BRCS). A BRCS contains a sequence of commands to be executed by the access console. Double-click a BRCS file to have it
automatically executed by the access console, or incorporate it into an external application to send commands to the access
console from that application.
One method of creating a BRCS is through the client scripting API. This API is located on your Bomgar Appliance at
https://access.example.com/api/client_script, where access.example.com is your Bomgar site hostname.
Note: By default, access to the API is SSL-encrypted; however, you can choose to allow HTTP access by checking the Allow
HTTP Access to XML API option on the Management > API Configuration page of the /login administrative interface. It is
highly recommended that HTTP remain disallowed as a security best practice.
This option has been deprecated as of 16.1 and does not appear to new users. For users upgrading from a version prior to 16.1,
the option is still available if you continue to use the deprecated method of authenticating to the API with a user account. If you
switch to the preferred method of authenticating with an API account, all API traffic must occur over HTTPS.
Optional Parameters for the start_jump_item_session Command
If specified, only Jump Items using the designated Jump method are included in
jump.method
the results. Acceptable values for this field are push (remote push), local_push,
pinned (Jump Client), rdp, vnc, and shelljump.
If specified, only a Jump Item with that specific credential ID associated is returned.
This field has a maximum length of 255 characters.
credential_id
Note: The credential ID is specific to information provided in Bomgar Vault and
is used to start sessions with the Bomgar Vault and Bomgar Privileged Access
integration.
Identifies the search criteria used to select and return specific Jump Items as
results.
search_string
Note: This parameter is required only if no of the client fields below are
specified.
If specified, only Jump Items with the given comments are included in the results.
client.comments
This field has a maximum length of 255 characters. Search is partial and caseinsensitive.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
23
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
If specified, only Jump Items with the given hostname are included in the results.
client.hostname
This field has a maximum length of 255 characters. Search is partial and caseinsensitive.
If specified, only Jump Clients with the given private IP address are included in the
results. This search field applies only to pinned clients.
client.private_ip
This field has a maximum length of 255 characters. Search is partial and caseinsensitive.
If specified, only Jump Clients with the given public IP address are included in the
results. This search field applies only to pinned clients.
client.public_ip
This field has a maximum length of 255 characters. Search is partial and caseinsensitive.
If specified, only Jump Items with the given tag are included in the results.
client.tag
This field has a maximum length of 255 characters. Search is partial and caseinsensitive.
The code name and value of any custom fields. These fields must first be
configured in /login > Management > API Configuration.
session.custom.[custom field]=[string]
Each attribute must be specified as a different parameter. Each custom field has a
maximum length of 1024 characters. The maximum total size of all combined
custom fields, including the external key, must be limited to 10KB.
IMPORTANT!
At least one client.* parameter must be specified. If multiple client.* parameters are specified, then only clients matching all
criteria are returned.
Query Examples: start_jump_item_session
Start a session with a Jump Item whose
https://access.example.com/api/client_script?type=rep&operation=generate&
hostname contains "ABCDEF02"
action=start_jump_item_session&client.hostname=ABCDEF02
Start a session with a Jump Item whose
https://access.example.com/api/client_script?type=rep&operation=generate&
comments contain "maintenance" and
action=start_jump_item_session&client.comments=maintenance&
whose tag contains "server"
client.tag=server
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
24
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Start a session with a pinned Jump Client
https://access.example.com/api/client_script?type=rep&operation=generate&
whose private IP address begins with
action=start_jump_item_session&client.private_ip=10.10.24&jump.method=
"10.10.24" and associate custom attributes
pinned&session.custom.custom_field1=Custom%20Value&
with the session
session.custom.custom_field2=123
Note: If more than one Jump Item matches the search criteria, then a dialog opens, giving the user the option to select the
appropriate Jump Item.
Sending one of the above requests to the API prompts the user to download a BRCS file. After downloading the file, the user can
run it to automatically open the access console and start a session with a Jump Item.
In addition to generating a script from the API, you can run a BRCS via the command prompt. From the command prompt, go to the
directory which contains the access console. Enter the name of your Bomgar access console (e.g., bomgar-acc.exe), followed by
one of two commands:
--run-script [BRCS command]
--run-script-file [path to BRCS file]
Examples:
bomgar-acc-x64.exe --run-script "action=start_jump_item_session&client.hostname=ABCDEF02"
bomgar-acc-x64.exe --run-script-file my_script_file.brcs-beta60
All Jump Items which this user is permitted to access are
searched. If the search results in only one Jump Item, the
session starts immediately. If multiple Jump Items are returned,
select one of the Jump Items listed in the selection window and
click OK.
For more information about Bomgar Access Console Scripting,
see the API Guide at www.bomgar.com/docs/privilegedaccess/how-to/integrations/api/client-script.
Note: Jump Items can be set to allow multiple users to simultaneously access the same Jump Item. If set to Join Existing
Session, other users are able to join a session already underway. The original owner of the session receives a note indicating
another user has joined the session, but is not allowed to deny them access. For more information on simultaneous Jumps,
please see Jump Item Settings at www.bomgar.com/docs/privileged-access/getting-started/admin/jump-items.htm.
Note: If you would like to learn about Jump Items for mobile devices, view Use Jump Items to Access Endpoints from the
Android Access Console at www.bomgar.com/docs/privileged-access/getting-started/access-console/android/jump-items.htm
for Android devices and Use Jump Items to Access Endpoints from the iOS Access Console at
www.bomgar.com/docs/privileged-access/getting-started/access-console/apple-ios/jump-items.htm for iOS devices.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
25
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Use Cases for Implementing Jump Clients
To offer you the most flexibility and control over your Jump Items, Bomgar includes quite a few separate areas where permissions
must be configured. To help you understand how you might want to set up your system, we have provided two use cases below.
Basic Use Case
You are a small organization without a lot of Jump Items or users to manage. You want your administrators to manage all of the
Jump Item setup steps and your users to only be able to Jump to those items.
1. Create two Jump Item Roles, Administrator and Start
Sessions Only.
a. The Administrator role should have all
permissions enabled.
b. The Start Sessions Only role should have only
Start Sessions enabled.
2. Create a Shared Jump Group that will contain all
shared Jump Items. Personal Jump Items can also be
created.
3. Put users into two group policies, Admins and Users.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
26
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
4. In the Admins group, configure settings and
permissions as appropriate. The permissions should
include the following:
a. Define Access Permissions and check
Allowed to access endpoints.
b. Under Jump Technology, check all Allowed
Jump Methods that your organization will use.
c. Under Jump Item Roles, set the Default and
Personal roles to Administrator.
d. Set the Team and System roles to Start
Sessions Only.
e. Under Memberships, define Added Jump
Groups.
f. In the Jump Group field, search for and select
Shared.
g. Set the Jump Item Role to Administrator.
h. Click Add to assign the members of this group
policy to the Jump Group.
i. Save the group policy.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
27
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
5. In the Users group, configure settings and permissions
as appropriate. The permissions should include the
following:
a. Define Access Permissions and check
Allowed to access endpoints.
b. Under Jump Technology, check all Allowed
Jump Methods that your organization will use.
c. Under Jump Item Roles, set the Default to
Start Sessions Only.
d. Set the Personal Jump Item Role to
Administrator.
e. Set the Team and System roles to No Access.
f. Under Memberships, define Added Jump
Groups.
g. In the Jump Group field, search for and select
Shared.
h. Set the Jump Item Role to Start Sessions
Only.
i. Click Add to assign the members of this group
policy to the Jump Group.
j. Save the group policy.
6. Deploy Jump Items, assigning them to the Shared
Jump Group.
7. Now, administrators can deploy and start sessions with Jump Items in the Shared Jump Group. They can also manage their
personal lists of Jump Items and start sessions with all other Jump Items.
Likewise, users can now start sessions with Jump Items in the Shared Jump Group. They can also manage their personal
lists of Jump Items.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
28
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Advanced Use Case
You are a large organization with a lot of Jump Items to manage and with users to manage in three different departments. You want
some users to have full permission to Jump Item creation and sessions, others to be able to create and modify Jump Items but not
start sessions, and others still to be able only to run sessions. In addition to your local users, you have some third-party vendors
who need occasional access. Some Jump Items should be accessible at all times, while others should be accessible only once a
week.
1. Create two Jump Item Roles, Administrator and Start
Sessions Only.
a. The Administrator role should have all
permissions enabled.
b. The Start Sessions Only role should have only
Start Sessions enabled.
2. Create three Jump Policies, Thursdays, Notification
Sent, and Authorization Required.
3. For the Thursdays policy, enable the Jump Schedule.
a. Click Add Schedule Entry.
b. Set the Start day and time to Thursday 8:00
and the End day and time to Thursday 17:00.
c. Save the Jump Policy.
4. For the Notification Sent policy, check Notify
recipients when a session starts.
a. Add the Email Addresses of one or more
recipients who should be notified when a
session starts.
b. Add a Display Name such as Manager. When
a user attempts to start a session with a Jump
Item that has this policy applied, the user sees
an alert that a notification will be sent to the
name set here.
c. Save the Jump Policy.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
29
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
5. For the Authorization Required policy, check Require
approval before a session starts.
a. Set the Maximum Access Duration to 3 Hours.
b. Under Access Approval Applies to, select
Requester Only.
c. Add the Email Addresses of one or more
recipients who can approve or deny access to
Jump Items.
d. Add a Display Name such as Manager. When
a user requests access to a Jump Item that has
this policy applied, the user must fill out a
request for authorization form. On that form, the
approver's name is displayed as set here.
e. Save the Jump Policy.
6. Create three Jump Groups, Web Servers, Directory
Servers, and User Systems. Personal Jump Items
can also be created.
7. Put users into three group policies, Admins, Local
Users, and Third-Party Users.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
30
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
8. In the Admins group, configure settings and
permissions as appropriate. The permissions should
include the following:
a. Define Access Permissions and check
Allowed to access endpoints.
b. Under Jump Technology, check all Allowed
Jump Methods that your organization will use.
c. Under Jump Item Roles, set the Default and
Personal roles to Administrator.
d. Set the Team and System roles to Start
Sessions Only.
e. Under Memberships, define Added Jump
Groups.
f. In the Jump Group field, search for and select
Web Servers.
i. Set the Jump Item Role to
Administrator.
ii. Leave Jump Policy set to Set on Jump
Items.
iii. Click Add to assign the members of this
group policy to the Jump Group.
g. In the Jump Group field, search for and select
Directory Servers.
i. Set the Jump Item Role to
Administrator.
ii. Leave Jump Policy set to Set on Jump
Items.
iii. Click Add to assign the members of this
group policy to the Jump Group.
h. In the Jump Group field, search for and select User Systems.
i. Set the Jump Item Role to Administrator.
ii. Leave Jump Policy set to Set on Jump Items.
iii. Click Add to assign the members of this group policy to the Jump Group.
i. Save the group policy.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
31
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
9. In the Local Users group, configure settings and
permissions as appropriate. The permissions should
include the following:
a. Define Access Permissions and check
Allowed to access endpoints.
b. Under Jump Technology, check all Allowed
Jump Methods that your organization will use.
c. Under Jump Item Roles, set the Default to
Start Sessions Only.
d. Set the Personal Jump Item Role to
Administrator.
e. Set the Team and System roles to No Access.
f. Under Memberships, define Added Jump
Groups.
g. In the Jump Group field, search for and select
Web Servers.
i. Set the Jump Item Role to Start
Session Only.
ii. Set Jump Policy to Notification Sent.
iii. Click Add to assign the members of this
group policy to the Jump Group.
h. In the Jump Group field, search for and select
Directory Servers.
i. Set the Jump Item Role to Start
Session Only.
ii. Set Jump Policy to Notification Sent.
iii. Click Add to assign the members of this
group policy to the Jump Group.
i. In the Jump Group field, search for and select User Systems.
i. Set the Jump Item Role to Start Session Only.
ii. Set Jump Policy to Thursdays.
iii. Click Add to assign the members of this group policy to the Jump Group.
j. Save the group policy.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
32
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
10. In the Third-Party Users group, configure settings and
permissions as appropriate. The permissions should
include the following:
a. Define Access Permissions and check
Allowed to access endpoints.
b. Under Jump Technology, check all Allowed
Jump Methods that your organization will use.
c. Under Jump Item Roles, set all roles to No
Access.
d. Under Memberships, define Added Jump
Groups.
e. In the Jump Group field, search for and select
Web Servers.
i. Set the Jump Item Role to Start
Session Only.
ii. Set Jump Policy to Authorization
Required.
iii. Click Add to assign the members of this
group policy to the Jump Group.
f. Save the group policy.
11. Deploy Jump Items, assigning them to the three Jump
Groups as appropriate. If any particular Jump Item
requires a different Jump Policy, assign that, as well.
12. Now, administrators can deploy and start sessions with Jump Items in all three Jump Groups. They can also manage their
personal lists of Jump Items and start sessions with all other Jump Items.
Likewise, local users can now start sessions with Jump Items in all three Jump Groups, with a notification sent upon session
start and with user systems accessible only on Thursdays. They can also manage their personal lists of Jump Items.
Finally, third-party users can start sessions with Jump Items in the Web Servers Jump Group, with approval required before
they can complete the Jump. They cannot deploy personal Jump Items.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
33
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Appendix: Require a Ticket ID Workflow for Jump Client
Access
If your service requests use ticket IDs as part of the change management workflow, connect your ticket IDs to endpoint access in
Bomgar. By leveraging Bomgar Jump Technology with your existing ticket ID process, your change management workflow
integration lets you restrict a Bomgar access request by requiring a Ticket ID to be entered as part of the access request process
before an access session begins.
What Users See
When users of the Bomgar access console attempt to access a
Jump Item that uses a Jump Policy configured to require a
ticket ID, a dialog opens. In the administrator-configured
dialog, users enter the ticket ID needed, authorizing access
this Jump Item.
To set up the connection to your existing ITSM or ticket ID
system, create a Jump Policy you can apply to those Jump
Items you want to only be used if a ticket ID from your external
system is entered.
How It Works
After the user enters the required ID and clicks OK, the Bomgar Appliance posts an HTTP outbound request to the ticket system
URL configured in Jump Policies. The request contains information about both the ticket ID and the Jump Item, as well as user
information. Your external system then replies asynchronously to either allow or deny access.
If the request is allowed, the external ticket ID system assigns the allowed session. Optionally, your external ITSM or ticket ID
system may send a list of custom session attributes in its response to assign to the allowed session. For more information on using
the Bomgar API see the Privileged Access API Programmer's Guide at www.bomgar.com/docs/privileged-access/howto/integrations/api.
Follow the steps below to set up a ticket ID requirement for access.
Create a Jump Policy Requiring Ticket ID Approval
First, create a Jump Policy with the requirement of ticket ID approval enabled.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
34
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
1. From your Bomgar /login administrative interface, go to Jump > Jump Policies.
2. In the Jump Policies section, click the Add New Jump
Policy button.
Note: A Jump Policy does not take effect until you
have applied it to at least one Jump Client item.
3.
4. Enter a Display Name, Code Name, and Description
in the corresponding locations to enable you to
effectively apply this Jump Policy appropriate to your
purposes after its creation.
5. Optionally, complete the configuration for Jump
Schedule and Jump Notification if appropriate for the
access control desired on this Jump Policy.
6. In the Jump Approval section, check Require a ticket
ID before a session starts. To instantly disable ticket
ID approval on this policy, simply uncheck this box. If
ticket ID approval is enabled on a policy that does not
have a ticket system URL configured, users attempting
to access a Jump Item to which the policy is applied
receive a message to contact the administrator.
7. Optionally, complete any additional approval
configuration you wish this Jump Policy to enforce.
8. Click Save Jump Policy.
Connect External Ticket ID System to Jump Policies
Next, connect your existing ITSM or ticket ID system to the Bomgar Appliance.
1. Remain in your Bomgar /login administrative interface on the Jump > Jump Policies page.
2. At the bottom of the Jump Policies page, locate the
Jump Policies :: Ticket System section.
3. In Ticket System URL, enter the URL for your external
ticket system. The Bomgar Appliance sends an
outbound request to your external ticketing system. The
URL must be formatted for either HTTP or HTTPS. If an
HTTPS URL is entered, the site certificate must be
verified for a valid connection. If a Jump Policy requiring a ticket ID exists, a ticket system URL must be entered or you will
receive a warning message.
4. The Current Status field is shown only when a valid status value exists to report the connection to the ticket system
configured in Ticket System URL. Any ticket system configuration change resets the value.
5. Click Choose File to upload the certificate for the HTTPS ticket system connection to the appliance. If your certificate is
uploaded, the appliance uses it when it contacts the external system. If you do not upload a certificate and the Ignore SSL
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
35
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
certificate errors box below this setting is checked, the Bomgar Appliance optionally falls back to use the built-in certificate
store when sending the request.
Note: When the Ignore SSL certificate errors checkbox is checked, the Bomgar Appliance will not include the
certificate validation information when it contacts your external ticket system.
6. In User Prompt, enter the dialog text you want access console users to see when they are requested to enter the ticket ID
required for access.
7. If your company's security policies consider ticket ID information as sensitive material, check the Treat the Ticket ID as
sensitive information box.
If this box is checked, the ticket ID is considered sensitive information and asterisks are shown instead of text. You must use
an HTTPS Ticket System URL. If an address with HTTP is entered, an error message appears to remind you HTTPS is
required.
When this feature is enabled you cannot bypass issues with SSL certificates by checking the Ignore SSL certificate errors
box. This means you must have a valid SSL certificate in place. If you try to check the Ignore SSL certificate errors box, a
message appears stating that you cannot ignore SSL certificate errors.
When the Ticket ID is sensitive, the following rules apply:
l
Both the desktop and the web access consoles show asterisks instead of text.
l
The ticket is not logged anywhere by the access console or on the appliance.
8. Click Save.
API Approval Request
Bomgar PA sends an HTTP Post request to the ticketing system URL. The POST request contains the following key-value pairs:
Unique ID that identifies the approval request.
request_id
Note: The request ID must be sent from the external ticketing system to Bomgar
PA in the response. The maximum length is 255 characters, and the ticketing
system must treat the request ID aas an opaque value.
ticket_id
ticket ID entered by the user.
response_url
URL to which the integration should POST its reponse.
jump_item.computer_name
Hostname or IP address of the endpoint the user is requesting access for.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
36
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Type of Jump Item being accessed:
jump_item.type
l
client (for Jump Clients)
l
shell (for Shell Jump Shortcuts)
l
rdp
l
vnc
l
push_and_start (for Remote Jump and Local Jump)
l
vpro
jump_item.comments
Comments noted about the Jump Item.
jump_item.group
Group associated of the Jump Item.
jump_item.tag
Tags associated with the Jump Item.
jump_item.jumpoint_name
Name of the Jumpoint.
Public IP address of the Jump Item.
jump_item.public_ip
Note: This is not provided for Jumpoints.
Private IP address of the Jump Item.
jump_item.private_ip
Note: This is not provided for Jumpoints.
Key-value pair designated for the Jump Item custom field.
jump_item.custom.<code>
Note: Only one key-value pair is permitted for each Jump Item custom field.
user.id
The requesting user's unique ID.
user.username
Username used by the requesting user for authentication.
user.public_display_name
The requesting user's public display name.
user.private_display_name
The requesting user's private display name.
user.email_address
Email address listed for the requesting user.
API Approval Reponse
The external ticketing system sends an HTTP POST request to the Bomgar Appliance URL at
https://example.bomgar.com/api/endpoint_approval.
Note: The API must be accessed over HTTPS.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
37
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
The POST request can contain the following key-value pairs in the POST body:
response_id
Request ID sent in the approval request. *Required
response
Response to the request; either allow or deny. *Required
Message displayed to the requesting user if the request is denied. *Optional
message
Note: The maximum length set for the message is 255 characters.
session.custom.<code name>
One or more custom session attributes set for the access session. *Optional
Error Messages
In certain circumstances, an error message displays in the Jump Policies :: Ticket System section:
l
l
l
l
Ticket System URL is required because one or more Jump Policies still require a ticket ID. - A Jump Policy exists requiring
the entry of a ticket ID for access.
Invalid ticket ID. - The external ticket system explicitly denied the request. If the external ticket system sends the error
message, that message is shown.
The Ticket System URL must start with "https://" when the Ticket ID is sensitive. - You must enter an HTTPS URL when Treat
the Ticket ID as sensitive information is checked.
Cannot ignore SSL errors when the Ticket ID is sensitive. - When this option is checked, you cannot ignore SSL errors and
must provide a valid SSL certificate.
l
The given host was not resolved. - An invalid ticket system URL was attempted.
l
The ticket system failed to respond in time. - The external ticket system failed to respond in a timely manner.
Users who are unable to connect due to misconfiguration or user error will see explanatory pop-up messages in the access
console for the error state of the configuration.
l
No ticket system URL is configured. Please contact your administrator - A ticket ID system URL is not configured in the /login
administrative interface.
l
User Prompt Not Configured. - The User Prompt is not configured in the /login administrative interface.
l
The ticket system returned an invalid response. - An invalid ticket ID was entered.
The following errors can be returned by the Bomgar Appliance:
404
Returned when no ticketing system URL is configured in /login
Returned when the request_id is not valid
403
Note: This error message is received when the request has timed out.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
38
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Appendix: Jump Client Error Messages
This appendix provides a reference for error messages that may occur while working with Jump Clients. Below is a list of actions
that may take place with Jump Clients along with error messages that may occur during each action. Each error message is
accompanied by a brief description.
Action
Error Message
The total number of deployable Jump Clients for
this site has been reached.
The total number of deployable active Jump
Clients for this site has been reached.
The total number of deployable passive Jump
Clients for this site has been reached.
Deploying a Jump
The associated Jumpoint is not currently online.
Explanation and Reproduction Notes
The build limit has been reached.
The build limit has been reached.
The build limit has been reached.
The Jumpoint designated as the Jumpoint Proxy
is offline before mass deployment is generated.
Client from the Mass
Deployment Wizard
The associated Jumpoint-proxy no longer exists.
Bad Password: The password must contain at
least __ characters and contain at least one
uppercase letter, one lowercase letter, one
number, and one special character.
Bad Password: The password must contain at
least __ character(s).
The Jumpoint designated as the Jumpoint Proxy
is deleted before mass deployment is generated.
The password designated for the Jump Client
does not meet security standards. (Reproduction
is UI-limited.)
The password designated for the Jump Client
does not meet security standards. (Reproduction
is UI-limited.)
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
39
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Action
Error Message
Explanation and Reproduction Notes
Race condition: A Jump Client has been deleted,
The Jump Client does not exist.
but another access console has attempted to
Jump to that Jump Client before being notified.
Race condition: A Jump Client has gone offline,
The Jump Client is offline.
but an access console has attempted to Jump to
that Jump Client before being notified.
Race condition: A Jump Client has been
The specified Jump Client has been uninstalled.
uninstalled, but an access console has attempted
to Jump to that Jump Client before being notified.
Taking an Action on a
Jump Client besides
The password is incorrect.
The provided password is incorrect.
Jumping (Set
The number of active Jump Clients has been
The build limit has been reached when changing
Comments, etc.)
reached.
from passive to active.
The number of passive Jump Clients has been
The build limit has been reached when changing
reached.
from active to passive.
Bad Password: The password must contain at
least __ characters and contain at least one
The password designated for the Jump Client
uppercase letter, one lowercase letter, one
does not meet security standards.
number, and one special character.
Bad Password: The password must contain at
The password designated for the Jump Client
least __ character(s).
does not meet security standards.
Simultaneous user access to a Jump Client is
disabled while Jumping into a Jump Client which
Permission denied joining existing access
session.
already has a session. This permission is
controlled by the Allow simultaneous user
access to a single Jump Client setting under
/login > Jump > Jump Clients :: Jump Client
Settings.
Jumping
The server is currently too busy. Please try again
More than twenty users are starting sessions at
later.
the same time on different Jump Clients.
An internal error occurred while spawning the
access session.
An internal operation was taking too long while
trying to spawn a access session.
Internal for active Jump Client starts.
Internal for active Jump Client starts.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
40
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Action
Error Message
Explanation and Reproduction Notes
Race condition: An active Jump Client
The active Jump Client is not connected.
disconnected before the access console was
notified.
Timeout while trying to connect to the Jump
Took too long to connect to any of the hostnames
Client.
or IPs.
Failed to connect to the Jump Client.
Timeout while communicating with the Jump
Client.
Could not connect to any IP address or hostname
of a passive Jump Client.
Timeout during a passive connect handshake.
The Jump Client has informed the server of a
The Jump Client sent a bad protocol version.
protocol version error during a passive connect
handshake.
The Jump Client identification check failed. This
may indicate that a new system has obtained the
The server was able to connect and handshake,
network address of the Jump Client you are
but the Jump Client gave the wrong identification
attempting to access. Or, there is possibly more
token, meaning that it is not the Jump Client you
than one passive Jump Client deployed to the
are attempting to reach or that the Jump Client
system, and only one of them can acquire the
has lost its token.
listen port (____) at a time.
The Jump Client has been disabled by the user
The Jump Client has been disabled on the remote
and will not allow a session to start at this time.
computer.
The Jump Client is running a different version and
will not attempt to upgrade. Please try again after
the upgrade completes.
Bomgar version mismatch. This should cause a
check-in, which causes an upgrade.
Race condition: A Jump Client has been deleted,
The Jump Client does not exist.
but another access console has attempted to
Jump to that Jump Client before being notified.
Race condition: A Jump Client has gone offline,
The Jump Client is offline.
but an access console has attempted to Jump to
that Jump Client before being notified.
Race condition: A Jump Client has been
The specified Jump Client has been uninstalled.
uninstalled, but an access console has attempted
to Jump to that Jump Client before being notified.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
41
TC: 5/3/2017
PRIVILEGED ACCESS JUMP CLIENT GUIDE
Action
Error Message
The password is incorrect.
Explanation and Reproduction Notes
The provided password is incorrect.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM
© 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
42
TC: 5/3/2017
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising