Kerberos Keytab: Manage the Kerberos Keytab

Users & Security > Kerberos Keytab

Kerberos Keytab Management

Bomgar supports single sign-on functionality using the Kerberos authentication protocol. This enables users to authenticate to the Bomgar Appliance without having to enter their credentials. Kerberos authentication applies both to the /login web interface and to the representative console.

To integrate Kerberos with your Bomgar Appliance, you must have a Kerberos implementation either currently deployed or in the process of being deployed. Specific requirements are as follows:

  • You must have a working Key Distribution Center (KDC) in place.
  • Clocks must be synchronized across all clients, the KDC, and the Bomgar Appliance. Using a Network Time Protocol server (NTP) is an easy way to ensure this.
  • You must have a Service Principal Name (SPN) created on the KDC for your Bomgar Appliance.

Export the keytab for this SPN from your KDC and upload it to the Bomgar Appliance via the Import Keytab section of this page. Once the keytab is uploaded, the Configured Principals section will list all of the available SPNs for each uploaded keytab.

You can now configure a Kerberos security provider from the Security Providers page and define which user principals may authenticate to the Bomgar Appliance via Kerberos.