Embassy: Create an Embassy for External Support Teams

Users & Security > Embassy

Embassies

Use Bomgar not only to provide support but also to receive support or extend your range of support. Create embassy teams to grant limited access to trusted third-party vendors for the purpose of receiving remote support or using the vendor’s resources in supporting customers.

Once an embassy has been created, you may assign issues to the embassy from the Configuration > Issues page. If this embassy's issues are shown on a public site, a customer selecting one of these issues will be directed to that embassy queue.

Add New Embassy, Edit, Delete

Create a new object, modify an existing object, or remove an existing object. Deleting a team does not delete those user accounts, only the team with which they are associated. However, when not associated with an embassy team, embassy users are not allowed to log in.

Equilibrium Settings

Manage automatic session routing for this embassy team using equilibrium.

Embassies :: Add or Edit

Defined in this policy

For each setting, select whether it should be defined in this policy or left available for configuration for individual users. If it is defined, you will be unable to modify that privilege for an individual user from his or her user account page.

General Settings

Embassy Name

Create a unique name to help identify this object.

Code Name

Set a code name for integration purposes. If you do not set a code name, one will be created automatically.

Comments

Add comments to help identify the purpose of this object.

Persistent Queue

If this option is checked, support sessions remain in this queue even if no representatives are available. A session in this queue remains in the queue indefinitely until a representative or API operation handles the session. This option provides additional flexibility for custom session routing management.

Embassy Members

To assign members, click the Add button to open a select box. Select users from your local system, or select users or entire groups from configured security providers. To add users or groups from an external directory store such as LDAP, RADIUS, or Kerberos, you must first configure the connection on the /login > Users & Security > Security Providers page.

Only unassigned local embassy users are listed in the select box. For authentication, an embassy member must be assigned to a single embassy. Settings defined for the entire embassy override settings defined for the individual embassy user. In the case of users authenticating via security provider, embassy membership overrides your security provider's default group policy permissions.

Note: Take thought when assigning a default group policy to a security provider if that provider's members are to be added to an embassy. Should that embassy be deleted, the users added from the security provider will automatically be granted the permissions defined by the default group policy and can operate as normal, non-embassy users. If a security provider is to be used to authenticate embassy users, it is recommended not to assign that provider a default group policy.

Regular representative user accounts and embassy user accounts do not overlap. Only embassy users may be assigned to an embassy, and embassy users may not be assiend to regular support teams.

Embassy-wide Settings

Account Expires On

Causes the account to expire after a given date or never to expire.

Account Disabled

Disables the account so the user cannot log in. Disabling does NOT delete the account.

Allowed to Change Display Names

Enables the user to change his or her display names.

Allowed to Show on Public Site

Displays the user's name on all public sites that have the representative list enabled.

Representative Permissions

Support

Allowed to provide remote support

Enables the user to use the representative console in order to run support sessions. If support is enabled, options pertaining to remote support will also be available. This option is always enabled for embassies and embassy users. Disable this setting for presentation-only users.

Session Management

Allowed to generate session keys for support sessions within the Representative Console

Enables the user to generate session keys to allow customers to start sessions with him or her directly.

Allowed to generate access keys for sending iOS profiles

Enables the user to generate access keys to offer iOS content to iOS device users.

Allowed to participate in the general queue

Enables the user to interact with other users in the general queue.

Allowed to manually accept sessions from a team/embassy queue

Enables the user to select and start sessions that are in one of his or her team queues.

Allowed to transfer sessions to teams which they do not belong to

Enables the user to transfer sessions to teams other than his or her own. If disabled, user interaction is restricted solely to the user's assigned teams.

Allowed to transfer sessions to embassies

Enables the user to transfer sessions to third-party embassy team queues.

Allowed to share sessions with teams which they do not belong to

Enables the user to invite a less limited set of user to share sessions, not only their team members. Combined with the extended availability permission, this permission expands session sharing capabilities.

Allowed to share sessions with embassies

Enables the user to share support sessions with one or more members of a third-party embassy team.

Allowed to invite external support representatives

Enables the user to invite a third-party user to participate in a support session one time only.

Allowed to use the Get Next Session feature

Enables the user to start supporting the oldest queued session from all of his or her teams simply by clicking a button.

Allowed to enable extended availability mode

Enables the user to receive email invitations from other users requesting to share a session even when he or she is not logged into the representative console.

Allowed to edit the external key

Enables the user to modify the external key from the session info pane of a session within the representative console.

Equilibrium

Allowed to opt out of session assignments

Enables the representative to mark himself or herself as unavailable for sessions to be assigned using Equilibrium.

Do not assign sessions if the representative is participating in at least

Sets the least number of sessions the representative must be supporting before sessions will no longer be automatically assigned using Equilibrium.

Do not assign sessions if the representative has been idle for at least

Sets the least amount of time the representative must have been idle before sessions will no longer be automatically assigned using Equilibrium.

Rep to Rep Screen Sharing

Allowed to show screen to other representatives

Enables the user to share his or her screen with another user without the receiving user having to join a session. This option is available even if the user is not in a session.

Allowed to give control when showing screen to other representatives

Enables the user sharing his or her screen to give keyboard and mouse control to the user viewing his or her screen.

Bomgar Buttons

Allowed to deploy and manage Bomgar Buttons in personal queue

Enables the user to deploy and manage personal Bomgar Buttons. This setting affects deploying Bomgar Buttons from both the web interface and the representative console. To deploy a Bomgar Button from within a session, the Bomgar Buttons Deployment session permission must also be allowed.

Allowed to deploy Team Bomgar Buttons

Enables the user to deploy team Bomgar Buttons for teams they are a member of. This setting affects deploying Bomgar Buttons from both the web interface and the representative console. To deploy a Bomgar Button from within a session, the Bomgar Buttons Deployment session permission must also be allowed.

Allowed to manage Team Bomgar Buttons

Enable the user to modify the Bomgar Buttons deployed to teams they are a member of. If the user is a team lead or manager, they can modify the personal Bomgar Buttons of any team members as well.

Allowed to change the Public Portal associated with Bomgar Buttons

Enables the user to set the public portal through which a Bomgar Button should connect. Because session policies may be applied to public portals, changing the portal may affect the permissions allowed in the session.

Jump Technology

Allowed Jump Methods: Allowed to start sessions through Jump Clients which use any of the following Jump methods

Enables the user to Jump to computers using Jump Clients, Local Jump on the local network, Remote Jump via a Jumpoint, RDP via a Jumpoint, Shell Jump via a Jumpoint, and/or Intel vPro via a Jumpoint.

Allowed to set passwords on Jump Clients

Enables the user to password-protect Jump Clients. Users with permission to modify all Jump Clients, regardless of team membership, can override passwords on individual Jump Clients.

Allowed to modify, remove and start sessions from Jump Clients without entering a password

Enables the user to access password-protected Jump Clients without needing to know the password.

Jump Client Permissions: Allowed to start sessions from all Jump Clients within the system

Enables the user to Jump to remote computers in all team and embassy Jump groups.

Allowed to deploy, remove and modify Jump Clients in the following Jump Groups

Enables the representative to pin sessions, set groups, and add comments to Jump Clients for team and team members' queues. This setting affects deploying Jump Clients from both the web interface and the representative console. To deploy a Jump Client from within a session, the Jump Clients Pinning/Unpinning session permission must also be allowed.

Allowed to change the Public Portal associated with Jump Clients

Enables the user to set the public portal through which a Jump Client should connect. Because session policies may be applied to public portals, changing the portal may affect the permissions allowed in the session.

Allowed to change the Session Policies associated with Jump Clients

Enables the user to set the session policy a Jump Client should use. Changing the session policy may affect the permissions allowed in the session.

Representative Console

Idle Timeout

Set how long the representative can be idle before being logged out of the representative console. This permission can use the site-wide setting or can override that setting.

Full Support License Pool

Choose the license pool to which this representative should belong. When this representative logs into the representative console, a license is consumed from the designated license pool. If None is selected, the representative will be able to log into the representative console only if one or more licenses are left unassigned to license pools and are available.

Attended and Unattended Session Permissions

Set the prompting and permission rules that should apply to this user's sessions. Choose an existing session policy or define custom permissions for this user. If Not Defined, the global default policy will be used. These permissions may be overridden by a higher policy.

Use the same permissions for Unattended sessions

To use the same permissions for both attended and unattended sessions, check Use the same permissions for Unattended sessions. Uncheck this box to define attended and unattended permissions separately. You can also copy the permissions from one to the other.

Description

View the description of a pre-defined session permission policy.

Support Tool Prompting

Prompting Rules

Choose to ask the customer permission to use any of the support features below. Select No Prompting to never prompt, Always Prompt to always prompt, or Prompt for Some Tools to choose which permissions to prompt for. If Prompt for Some Tools is chosen, a Prompt Customer option will appear beside each tool with the options to Never prompt or to Always prompt. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Allowed to prompt once

If Screen Sharing is set to View and Control and prompting is enabled, this option appears. Check the box to make the screen sharing prompt request access to all tools during the session, with no further prompts.

Prompting Options

Set how long to wait for a response to a prompt before defaulting to the answer of Deny or Allow. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Screen Sharing

Screen Sharing

Enable the user to view or control the remote screen. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Application Sharing Prompt Behavior

Set if a request for screen sharing should always or never prompt the customer to select applications to share, or if the user can choose whether to prompt for application sharing or not. Selecting Always or Rep Decides also allows you to predefine application sharing restrictions.

Application Sharing Restrictions

Limit access to specified applications on the remote system with either Allow only the listed executables or Deny only the listed executables. You may also choose to allow or deny desktop access.

Note: This feature applies only to Windows and Linux operating systems and does not include Remote Desktop Protocol (RDP) sessions.

Add New Executables

If application sharing restrictions are enforced, an Add New Executables button appears. Clicking this button opens a dialog that allows you to specify executables to deny or allow, as appropriate to your objectives.

After you have added executables, one or two tables display the file names or hashes you have selected for restriction. An editable comment field allows administrative notes.

Enter file names or SHA-256 hashes, one per line

When restricting executables, manually enter the executable file names or hashes you wish to allow or deny. Click on Add Executable(s) when you are finished to add the chosen files to your configuration.

You may enter up to 25 files per dialog. If you need to add more, click Add Executable(s) and then reopen the dialog.

Browse for one or more files

When restricting executables, select this option to browse your system and choose executable files to automatically derive their names or hashes. If you select files from your local platform and system in this manner, use caution to ensure that the files are indeed executable files. No browser level verification is performed.

Choose either Use file name or Use file hash to have the browser derive the executable file names or hashes automatically. Click Add Executable(s) when you are finished to add the chosen files to your configuration.

You may enter up to 25 files per dialog. If you need to add more, click Add Executable(s) and then reopen the dialog.

Note: This option is available only in modern browsers, not in legacy browsers.

Allowed Customer Restrictions

Set if the user can suspend the remote system's mouse and keyboard input. The user may also prevent the remote desktop from being displayed.

Allowed to show his/her screen to the customer

Enables the user to share his or her screen with the customer during a support session.

Allowed to login using credentials from an Endpoint Credential Manager

Enable connection of a user to your Endpoint Credential Manager to use credentials from your existing password stores or vaults.

Use of the Endpoint Credential Manager requires a separate services agreement with Bomgar. Once a services agreement is in place, you may download the required middleware from the Bomgar self-service center.

Note: This is only available in sessions started from an elevated Jump Client on Windows®.

Browser Sharing

Enables the user to browse the same web page the customer is viewing without having control or seeing other applications. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Annotations

Enables the user to use annotation tools to draw on the remote system's screen. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

File Transfer

File Transfer

Enables the user to upload files to the remote system, download files from the remote system, or both. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Accessible paths on customer's filesystem

Allow the user to transfer files to or from any directories on the remote system or only specified directories.

Accessible paths on representative's filesystem

Allow the user to transfer files to or from any directories on his or her local system or only specified directories.

Command Shell

Command Shell

Enables the user to issue commands on the remote computer through a virtual command line interface. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

System Information

System Info

Enables the user to see system information about the remote computer. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Allowed to use system information actions

Enables the user to interact with processes and programs on the remote system without requiring screen sharing. Kill processes; start, stop, pause, resume, and restart services; and uninstall programs.

Registry Access

Registry Access

Enables the user to interact with the registry on a remote Windows system without requiring screen sharing. View, add, delete and edit keys, search and import/export keys.

Other Tools

Canned Scripts

Enables the user to run canned scripts that have been created for his or her teams. Note that when the user is in view-only screen sharing, the customer receives a prompt to allow the script to run. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Elevation

Enables the user to attempt to elevate the customer client to run with administrative rights on the remote system. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Bomgar Button Deployment

Enables the user to deploy or remove a Bomgar Button while in a session. Locations available for deployment depend on the Bomgar Button settings above. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Jump Clients Pinning/Unpinning

Enables the user to pin or unpin a Jump Client while in a session. Locations available for deployment depend on the Jump Client settings above. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Chat

Chat

Enables the user to chat with the remote customer. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Allowed to push URLs to the customer's web browser

Enables the user to enter a URL into the chat area and then click the Push URL button to automatically open a web browser to that address on the remote computer.

Allowed to send files using the chat interface

Enables the user to send files via the chat interface.

Login Schedule

Restrict representative login to the following schedule

Set a schedule to define when users can log into the representative console. Set the time zone you want to use for this schedule, and then add one or more schedule entries. For each entry, set the start day and time and the end day and time.

If, for instance, the time is set to start at 8 am and end at 5 pm, a user can log in at any time during this window but may continue to work past the set end time. He or she will not, however, be allowed to log back in after 5 pm.

Force logout when the schedule does not permit login

If stricter access control is required, check this option. This forces the user to log out at the scheduled end time. In this case, the user receives recurring notifications beginning 15 minutes prior to being disconnected. When the user is logged out, any owned sessions will follow the session fallback rules.

Jumpoints

Designates Jumpoints to which representatives in this embassy have access.

Jump Client Access

Access Granted By This Embassy

Select which teams should have access to any Jump Clients pinned to this team's Jump group. By default, only this team has access to its own Jump Clients. However, you can select multiple other teams to see and Jump to this team's Jump Clients.

Access Granted To This Embassy

View a list of other teams that share Jump Client access with members of this team.

Equilibrium Settings

Routing Algorithm

If this is set to Least Busy, a session in this queue is assigned to the least busy representative who is available to take sessions from this queue. If it is set to Skills Match, Least Busy, then if a session has needed skills marked and is in this queue, that session is assigned to the representative with the best skills match who is available to take sessions from this queue.

Alert Timeout

A representative has as long as is set here to either accept or reject an assigned session. If the representative rejects the session or fails to respond before the timeout, the session will be reassigned to the next best matched representative who is available to take sessions from this queue.

Waiting Session Rule

You also can create a Waiting Session Rule. If enabled, set how long a session is allowed to remain in this queue. Then choose the action to take if the session waits for longer than the set time. You can either transfer the session to an overflow queue, or you can mark the session as overdue. A session that becomes overdue will play an audio alert, flash in the queue, cause the queue itself to flash, and display a pop-up notification. These notifications can be modified in the rep console settings.

Embassy Users

Regular representative user accounts and embassy user accounts do not overlap. Only embassy users may be assigned to an embassy, and embassy users may not be assiend to regular support teams.

For local embassy users, you may assign privileges per user, per embassy, or a mixture of both. For users added via configured security providers, privileges are assigned per embassy only, and users will not appear in the Embassy Users list.

Add New Embassy User, Edit, Delete

Create a new object, modify an existing object, or remove an existing object.

Search

Search embassy user accounts based on username and display name.

Show Embassy Users for

View all local embassy users, all unassigned local embassy users, or all local embassy users assigned to a specific embassy.

Reset

If a user has one or more failed login attempts, click the Reset button beside his or her name to reset the number back to 0.

Embassy User :: Add or Edit

User Settings

Username

Unique identifier used to log in.

Display Names

User's name as shown on the public site, in chats, etc. Users can use a public display name, for use with customers, and a private display name, for use in all internal communications.

Display Number

Type a unique ID number or leave this field blank to automatically select the next available number. This number affects the order in which users are listed on the public site.

Email Address

Set the email address to which email notifications are sent, such as password resets or extended availability mode alerts.

Preferred Email Language

If more than one language is enabled on this site, set the language in which to send emails.

Password

Password used with the username to log in. The password may be set to whatever you choose, as long as the string complies with the defined policy set on the /login > Management > Security page.

Email Password to User

Send an automatic email to the user containing his or her new password. If this option is selected, then the user must reset his or her password at next login. This feature requires valid SMTP configuration for your appliance, set up on the /login > Management > Email Configuration page.

Must Reset Password at Next Login

If this option is selected, then the user must reset his or her password at next login.

Password Expires On

Causes the password to expire after a given date or never to expire.

Security Question and Security Answer

The security question and answer allow a user to reset a forgotten password after providing the correct answer to the question. Passwords may be reset only if Enable Password Reset is checked on the Management > Security page. Admins cannot reset their passwords using the security question.

Account Expires On

Causes the account to expire after a given date or never to expire.

Account Disabled

Disables the account so the user cannot log in. Disabling does NOT delete the account.

Comments

Add comments to help identify the purpose of this object.

Allowed to Set Passwords

Enables the user to set passwords and unlock accounts for non-administrative local users.

Allowed to Change Display Names

Enables the user to change his or her display names.

Allowed to Show on Public Site

Displays the user's name on all public sites that have the representative list enabled.

Representative Permissions

Support

Allowed to provide remote support

Enables the user to use the representative console in order to run support sessions. If support is enabled, options pertaining to remote support will also be available. This option is always enabled for embassies and embassy users. Disable this setting for presentation-only users.

Session Management

Allowed to generate session keys for support sessions within the Representative Console

Enables the user to generate session keys to allow customers to start sessions with him or her directly.

Allowed to generate access keys for sending iOS profiles

Enables the user to generate access keys to offer iOS content to iOS device users.

Allowed to participate in the general queue

Enables the user to interact with other users in the general queue.

Allowed to manually accept sessions from a team/embassy queue

Enables the user to select and start sessions that are in one of his or her team queues.

Allowed to transfer sessions to teams which they do not belong to

Enables the user to transfer sessions to teams other than his or her own. If disabled, user interaction is restricted solely to the user's assigned teams.

Allowed to transfer sessions to embassies

Enables the user to transfer sessions to third-party embassy team queues.

Allowed to share sessions with teams which they do not belong to

Enables the user to invite a less limited set of user to share sessions, not only their team members. Combined with the extended availability permission, this permission expands session sharing capabilities.

Allowed to share sessions with embassies

Enables the user to share support sessions with one or more members of a third-party embassy team.

Allowed to invite external support representatives

Enables the user to invite a third-party user to participate in a support session one time only.

Allowed to use the Get Next Session feature

Enables the user to start supporting the oldest queued session from all of his or her teams simply by clicking a button.

Allowed to enable extended availability mode

Enables the user to receive email invitations from other users requesting to share a session even when he or she is not logged into the representative console.

Allowed to edit the external key

Enables the user to modify the external key from the session info pane of a session within the representative console.

Equilibrium

Allowed to opt out of session assignments

Enables the representative to mark himself or herself as unavailable for sessions to be assigned using Equilibrium.

Do not assign sessions if the representative is participating in at least

Sets the least number of sessions the representative must be supporting before sessions will no longer be automatically assigned using Equilibrium.

Do not assign sessions if the representative has been idle for at least

Sets the least amount of time the representative must have been idle before sessions will no longer be automatically assigned using Equilibrium.

Rep to Rep Screen Sharing

Allowed to show screen to other representatives

Enables the user to share his or her screen with another user without the receiving user having to join a session. This option is available even if the user is not in a session.

Allowed to give control when showing screen to other representatives

Enables the user sharing his or her screen to give keyboard and mouse control to the user viewing his or her screen.

Bomgar Buttons

Allowed to deploy and manage Bomgar Buttons in personal queue

Enables the user to deploy and manage personal Bomgar Buttons. This setting affects deploying Bomgar Buttons from both the web interface and the representative console. To deploy a Bomgar Button from within a session, the Bomgar Buttons Deployment session permission must also be allowed.

Allowed to deploy Team Bomgar Buttons

Enables the user to deploy team Bomgar Buttons for teams they are a member of. This setting affects deploying Bomgar Buttons from both the web interface and the representative console. To deploy a Bomgar Button from within a session, the Bomgar Buttons Deployment session permission must also be allowed.

Allowed to manage Team Bomgar Buttons

Enable the user to modify the Bomgar Buttons deployed to teams they are a member of. If the user is a team lead or manager, they can modify the personal Bomgar Buttons of any team members as well.

Allowed to change the Public Portal associated with Bomgar Buttons

Enables the user to set the public portal through which a Bomgar Button should connect. Because session policies may be applied to public portals, changing the portal may affect the permissions allowed in the session.

Jump Technology

Allowed Jump Methods: Allowed to start sessions through Jump Clients which use any of the following Jump methods

Enables the user to Jump to computers using Jump Clients, Local Jump on the local network, Remote Jump via a Jumpoint, RDP via a Jumpoint, Shell Jump via a Jumpoint, and/or Intel vPro via a Jumpoint.

Allowed to set passwords on Jump Clients

Enables the user to password-protect Jump Clients. Users with permission to modify all Jump Clients, regardless of team membership, can override passwords on individual Jump Clients.

Allowed to modify, remove and start sessions from Jump Clients without entering a password

Enables the user to access password-protected Jump Clients without needing to know the password.

Jump Client Permissions: Allowed to start sessions from all Jump Clients within the system

Enables the user to Jump to remote computers in all team and embassy Jump groups.

Allowed to deploy, remove and modify Jump Clients in the following Jump Groups

Enables the representative to pin sessions, set groups, and add comments to Jump Clients for team and team members' queues. This setting affects deploying Jump Clients from both the web interface and the representative console. To deploy a Jump Client from within a session, the Jump Clients Pinning/Unpinning session permission must also be allowed.

Allowed to change the Public Portal associated with Jump Clients

Enables the user to set the public portal through which a Jump Client should connect. Because session policies may be applied to public portals, changing the portal may affect the permissions allowed in the session.

Allowed to change the Session Policies associated with Jump Clients

Enables the user to set the session policy a Jump Client should use. Changing the session policy may affect the permissions allowed in the session.

Representative Console

Idle Timeout

Set how long the representative can be idle before being logged out of the representative console. This permission can use the site-wide setting or can override that setting.

Full Support License Pool

Choose the license pool to which this representative should belong. When this representative logs into the representative console, a license is consumed from the designated license pool. If None is selected, the representative will be able to log into the representative console only if one or more licenses are left unassigned to license pools and are available.

Attended and Unattended Session Permissions

Set the prompting and permission rules that should apply to this user's sessions. Choose an existing session policy or define custom permissions for this user. If Not Defined, the global default policy will be used. These permissions may be overridden by a higher policy.

Use the same permissions for Unattended sessions

To use the same permissions for both attended and unattended sessions, check Use the same permissions for Unattended sessions. Uncheck this box to define attended and unattended permissions separately. You can also copy the permissions from one to the other.

Description

View the description of a pre-defined session permission policy.

Support Tool Prompting

Prompting Rules

Choose to ask the customer permission to use any of the support features below. Select No Prompting to never prompt, Always Prompt to always prompt, or Prompt for Some Tools to choose which permissions to prompt for. If Prompt for Some Tools is chosen, a Prompt Customer option will appear beside each tool with the options to Never prompt or to Always prompt. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Allowed to prompt once

If Screen Sharing is set to View and Control and prompting is enabled, this option appears. Check the box to make the screen sharing prompt request access to all tools during the session, with no further prompts.

Prompting Options

Set how long to wait for a response to a prompt before defaulting to the answer of Deny or Allow. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Screen Sharing

Screen Sharing

Enable the user to view or control the remote screen. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Application Sharing Prompt Behavior

Set if a request for screen sharing should always or never prompt the customer to select applications to share, or if the user can choose whether to prompt for application sharing or not. Selecting Always or Rep Decides also allows you to predefine application sharing restrictions.

Application Sharing Restrictions

Limit access to specified applications on the remote system with either Allow only the listed executables or Deny only the listed executables. You may also choose to allow or deny desktop access.

Note: This feature applies only to Windows and Linux operating systems and does not include Remote Desktop Protocol (RDP) sessions.

Add New Executables

If application sharing restrictions are enforced, an Add New Executables button appears. Clicking this button opens a dialog that allows you to specify executables to deny or allow, as appropriate to your objectives.

After you have added executables, one or two tables display the file names or hashes you have selected for restriction. An editable comment field allows administrative notes.

Enter file names or SHA-256 hashes, one per line

When restricting executables, manually enter the executable file names or hashes you wish to allow or deny. Click on Add Executable(s) when you are finished to add the chosen files to your configuration.

You may enter up to 25 files per dialog. If you need to add more, click Add Executable(s) and then reopen the dialog.

Browse for one or more files

When restricting executables, select this option to browse your system and choose executable files to automatically derive their names or hashes. If you select files from your local platform and system in this manner, use caution to ensure that the files are indeed executable files. No browser level verification is performed.

Choose either Use file name or Use file hash to have the browser derive the executable file names or hashes automatically. Click Add Executable(s) when you are finished to add the chosen files to your configuration.

You may enter up to 25 files per dialog. If you need to add more, click Add Executable(s) and then reopen the dialog.

Note: This option is available only in modern browsers, not in legacy browsers.

Allowed Customer Restrictions

Set if the user can suspend the remote system's mouse and keyboard input. The user may also prevent the remote desktop from being displayed.

Allowed to show his/her screen to the customer

Enables the user to share his or her screen with the customer during a support session.

Allowed to login using credentials from an Endpoint Credential Manager

Enable connection of a user to your Endpoint Credential Manager to use credentials from your existing password stores or vaults.

Use of the Endpoint Credential Manager requires a separate services agreement with Bomgar. Once a services agreement is in place, you may download the required middleware from the Bomgar self-service center.

Note: This is only available in sessions started from an elevated Jump Client on Windows®.

Browser Sharing

Enables the user to browse the same web page the customer is viewing without having control or seeing other applications. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Annotations

Enables the user to use annotation tools to draw on the remote system's screen. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

File Transfer

File Transfer

Enables the user to upload files to the remote system, download files from the remote system, or both. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Accessible paths on customer's filesystem

Allow the user to transfer files to or from any directories on the remote system or only specified directories.

Accessible paths on representative's filesystem

Allow the user to transfer files to or from any directories on his or her local system or only specified directories.

Command Shell

Command Shell

Enables the user to issue commands on the remote computer through a virtual command line interface. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

System Information

System Info

Enables the user to see system information about the remote computer. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Allowed to use system information actions

Enables the user to interact with processes and programs on the remote system without requiring screen sharing. Kill processes; start, stop, pause, resume, and restart services; and uninstall programs.

Registry Access

Registry Access

Enables the user to interact with the registry on a remote Windows system without requiring screen sharing. View, add, delete and edit keys, search and import/export keys.

Other Tools

Canned Scripts

Enables the user to run canned scripts that have been created for his or her teams. Note that when the user is in view-only screen sharing, the customer receives a prompt to allow the script to run. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Elevation

Enables the user to attempt to elevate the customer client to run with administrative rights on the remote system. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Bomgar Button Deployment

Enables the user to deploy or remove a Bomgar Button while in a session. Locations available for deployment depend on the Bomgar Button settings above. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Jump Clients Pinning/Unpinning

Enables the user to pin or unpin a Jump Client while in a session. Locations available for deployment depend on the Jump Client settings above. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Chat

Chat

Enables the user to chat with the remote customer. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Allowed to push URLs to the customer's web browser

Enables the user to enter a URL into the chat area and then click the Push URL button to automatically open a web browser to that address on the remote computer.

Allowed to send files using the chat interface

Enables the user to send files via the chat interface.

Skills

Designates the skills assigned to this user. When using skills match for Equilibrium, sessions will be assigned to the user best skilled to handle a particular issue.

Login Schedule

Restrict representative login to the following schedule

Set a schedule to define when users can log into the representative console. Set the time zone you want to use for this schedule, and then add one or more schedule entries. For each entry, set the start day and time and the end day and time.

If, for instance, the time is set to start at 8 am and end at 5 pm, a user can log in at any time during this window but may continue to work past the set end time. He or she will not, however, be allowed to log back in after 5 pm.

Force logout when the schedule does not permit login

If stricter access control is required, check this option. This forces the user to log out at the scheduled end time. In this case, the user receives recurring notifications beginning 15 minutes prior to being disconnected. When the user is logged out, any owned sessions will follow the session fallback rules.