Security: Manage Security Settings

Management > Security

Management > Security

Set rules for local user accounts regarding the length and complexity of passwords, how often passwords expire, and whether a forgotten password can be reset after correctly answering a security question. Allow or disallow the representative console to remember a user’s credentials, and set the number of times an incorrect password can be entered before the account is locked out.

If a support representative tries to log in with an account already in use, a checked Terminate Session box will disconnect the previous connection in order to allow the new login. You can also set the length of time after which an inactive representative will be logged out to free the license for another representative.

The option Remove Representative from Session After Inactivity effectively pushes a representative out of a support session after the period of inactivity you select. This helps Bomgar customers meet compliance initiatives with inactivity requirements. The representative will be notified 1 minute prior to removal and may reset the timeout.

A representative is considered active in a session if any files are being transferred, whether through the file transfer tab or the chat interface, or if he or she clicks the mouse or presses a key in the session tab. Mouse movement by itself does not count as activity. As soon as activity stops, the inactivity timer begins.

Allow Mobile Representative Consoles to Connect gives representatives the option of providing support through the Bomgar representative console app for iOS and Android.

Maximum Session Key Timeout sets the longest time for which a session key may remain valid. From the representative console, a representative can set the lifetime of each generated session key up to but no longer than the time defined on this page. If the customer does not use the session key within the allotted time, the key will expire, and the representative will need to issue a new session key in order to run a session.

Choose if the representative console should be able to open the default email program to allow representatives to send session keys and presentation invitations to customers. If this option is deselected, the Email URL and Email Invitation buttons will not be available in the representative console.

When supporting a customer with multiple monitors, Show Multi-Display Thumbnail View in the Bomgar Representative Console allows the representative to see thumbnail images of all available displays. These thumbnail images are not recorded in session recordings. Uncheck this box to show rectangles rather than thumbnails.

You can allow representatives to capture screenshots of the remote desktop from the representative console.

Allow Representatives to Control the Customer Client Window helps strengthen security by preventing representatives from interacting with the customer client while screen sharing. Representatives may still move or minimize the client but may not type in the chat area or interact with links or buttons without this permission enabled.

Clipboard Synchronization Mode determines how support representatives are allowed to synchronize clipboards within a screen sharing session. The available settings are as follows:

  • Not Allowed – The representative cannot access or modify the customer's clipboard.
  • Allowed to Manually Send Clipboard From Rep to Customer – The representative can click a button to copy the contents of the local clipboard to the remote computer's clipboard.
  • Allowed to Manually Send Clipboard in Either Direction – The representative can click a button to copy the contents of the local clipboard to the remote computers clipboard or can copy the contents of the remote clipboard to his or her local clipboard.
  • Automatically Send Clipboard Changes in Both Directions – The contents of both the local and remote clipboards automatically remain the same.

You MUST restart the software on the status page for this setting to take effect.

Additional security can be obtained with Force Public Site to Use SSL (https). Using HTTPS forces the internet connection to your public support portal to be SSL-encrypted, adding an additional layer of security to prevent unauthorized users from accessing accounts.

You can also require SSL Certificate Validation to force Bomgar software – including representative consoles, customer clients, presentation clients, and Jump Clients – to verify that the certificate chain is trusted, that the certificate has not expired, and that the certificate name matches the Bomgar Appliance hostname. If the certificate chain cannot be properly validated, the connection will not be allowed.

If certificate verification has been disabled and is then enabled, all consoles and clients will automatically upgrade the next time they connect. Note that LDAP connection agents are not automatically upgraded but must be reinstalled for this setting to take effect.

When SSL Certificate Validation is enabled, security checks in addition to Bomgar’s built-in security are performed to validate the SSL certificate chain being used to secure communications. It is highly recommended that you do enable SSL validation. If certificate validation is disabled, a warning message will appear on your administrative interface. You can hide this message for thirty days.

Note: To enable SSL certificate validation, you must provide your SSL certificate to Bomgar so that the certificate can be embedded within your Bomgar software.

In Days to Keep Logging Information, you can set how long logging information should be stored on the appliance. This information includes the session reporting data and recordings.

Enable or disable representatives to request customers to enter login credentials to be used during a reboot by clicking Allow Reboot With Cached Login Credentials.

Enter a password in the Inter-appliance Communication Pre-shared Key field to establish a trusted relationship between two appliances. Matching keys are required for two or more appliances to be configured for features such as failover or clustering. The key must contain at least 6 characters and contain at least one uppercase letter, one lowercase letter, one number, and one special character.

Note: API settings, configured on this page prior to 14.2, are now configured on the Management > API Configuration page.

Security :: Network Restrictions

Determine which IP networks should be able to access /login and /api on your Bomgar Appliance. If you enable network restrictions, you can also enforce the networks on which representative consoles may be used.

If you select Only on user's first authentication, then a representative must be on an allowed network the first time he or she logs into the representative console. At that time, a token is issued to the device so that subsequent logins to the representative console can occur from any network location.

If you select Always, then a representative must be on an allowed network every time he or she logs into the representative console.


Security :: Port Restrictions for Administrative Web Interface

Set the ports through which your /login interface can be accessed.