Session Policies: Set Session Permission and Prompting Rules

Users & Security > Session Policies

Session Policies

With session policies, you can customize session security permissions to fit specific scenarios. Session policies can be applied to users, public sites, and Jump Clients. For full details of how session policies work and how to implement them, see How to Use Support Session Policies.

The Session Policies section lists available policies. Click the arrow by a policy name to quickly see where that policy is being used; its availability for users, rep invites, and Jump Clients; the support tools configured; and the prompting configured.

Create New Policy, Edit, Delete

Create a new object, modify an existing object, or remove an existing object.

Copy

To expedite the creation of similar policies, click Copy to create a new policy with identical settings. You can then edit this new policy to meet your specific requirements.

Session Policy :: Add or Edit

Policy Settings

Display Name

Create a unique name to help identify this object. This name helps when assigning a session policy to users, public portals, and Jump Clients.

Code Name

Set a code name for integration purposes. If you do not set a code name, one will be created automatically.

Description

Add a brief description to summarize the purpose of this object. The description is seen when applying a policy to user accounts, group policies, embassies, embassy users, and rep invites.

Availability: Users

Choose if this policy should be available to assign to users (user accounts, embassies, and group policies).

Availability: Rep Invite

Choose if this policy should be available for users to select when inviting an external user to join a session.

Availability: Jump Clients

Choose if this policy should be available to assign to Jump Clients.

Availability: Dependencies

If this session policy is already in use, you will see the number of users, public portals, and Jump Clients using this policy.

Prompting Rules

Choose to ask the customer permission to use any of the support features below. Select No Prompting to never prompt, Always Prompt to always prompt, or Prompt for Some Tools to choose which permissions to prompt for. If Prompt for Some Tools is chosen, a Prompt Customer option will appear beside each tool with the options to Never prompt or to Always prompt. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Allowed to prompt once

If Screen Sharing is set to View and Control and prompting is enabled, this option appears. Check the box to make the screen sharing prompt request access to all tools during the session, with no further prompts.

Prompting Options

Set how long to wait for a response to a prompt before defaulting to the answer of Deny or Allow. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Support Tools

For all of the permissions that follow, you can choose to enable or disable the permission, or you can choose to set it to Not Defined. Session policies are applied to a session in a hierarchical manner, with Jump Clients taking the highest priority, then support portals, then users, and then the global default. If multiple policies apply to a session, then the policy with the highest priority will take precedence over the others. If, for example, the policy applied to a Jump Client defines a permission, then no other policies may change that permission for the session. To make a permission available for a lower policy to define, leave that permission set to Not Defined. For details and examples, see How to Use Session Policies.

Set which tools should be enabled or disabled with this policy, as well as which tools should prompt the customer for permission.

Screen Sharing

Enable the user to view or control the remote screen. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Application Sharing Prompt Behavior

Set if a request for screen sharing should always or never prompt the customer to select applications to share, or if the user can choose whether to prompt for application sharing or not. Selecting Always or Rep Decides also allows you to predefine application sharing restrictions.

Allowed Customer Restrictions

Set if the user can suspend the remote system's mouse and keyboard input. The user may also prevent the remote desktop from being displayed.

Allowed to show his/her screen to the customer

Enables the user to share his or her screen with the customer during a support session.

Browser Sharing

Enables the user to browse the same web page the customer is viewing without having control or seeing other applications. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Annotations

Enables the user to use annotation tools to draw on the remote system's screen. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

File Transfer

Enables the user to upload files to the remote system, download files from the remote system, or both. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Accessible paths on customer's filesystem

Allow the user to transfer files to or from any directories on the remote system or only specified directories.

Accessible paths on representative's filesystem

Allow the user to transfer files to or from any directories on his or her local system or only specified directories.

Command Shell

Enables the user to issue commands on the remote computer through a virtual command line interface. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

System Info

Enables the user to see system information about the remote computer. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Allowed to use system information actions

Enables the user to interact with processes and programs on the remote system without requiring screen sharing. Kill processes; start, stop, pause, resume, and restart services; and uninstall programs.

Registry Access

Enables the user to interact with the registry on a remote Windows system without requiring screen sharing. View, add, delete and edit keys, search and import/export keys.

Canned Scripts

Enables the user to run canned scripts that have been created for his or her teams. Note that when the user is in view-only screen sharing, the customer receives a prompt to allow the script to run. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Elevation

Enables the user to attempt to elevate the customer client to run with administrative rights on the remote system. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Bomgar Button Deployment

Enables the user to deploy or remove a Bomgar Button while in a session. Locations available for deployment depend on the Bomgar Button settings above. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Jump Clients Pinning/Unpinning

Enables the user to pin or unpin a Jump Client while in a session. Locations available for deployment depend on the Jump Client settings above. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Chat

Chat

Enables the user to chat with the remote customer. If Not Defined, this option will be set by the next lower priority policy. This setting may be overridden by a higher priority policy.

Allowed to push URLs to the customer's web browser

Enables the user to enter a URL into the chat area and then click the Push URL button to automatically open a web browser to that address on the remote computer.

Allowed to send files using the chat interface

Enables the user to send files via the chat interface.

Save Policy

Click Save Policy to make this policy available.

Export Policy

You can export a session policy from one site and import those permissions into a policy on another site. Edit the policy you wish to export and scroll to the bottom of the page. Click Export Policy and save the file.

Import Policy

You may import those policy settings to any other Bomgar site that supports session policy import. Create a new session policy and scroll to the bottom of the page. Browse to the policy file and then click Import Policy. Once the policy file is uploaded, the page will refresh, allowing you to make modifications. Click Save Policy to make the policy available.

Session Policy Simulator

Because layering policies can be complex, you can use the Session Policy Simulator to determine what the outcome will be. Additionally, you could use the simulator to troubleshoot why a permission is not available when you expected it to be.

Representative

Start by selecting the user performing the session. This dropdown includes user accounts, embassy user accounts, and rep invite policies.

Session Start Method

Select the session start method. This can be one of Public Portal, Bomgar Button, Jump Client, Jumpoint, or Local Jump.

Public Portal

If you selected Public Portal, choose the public portal to use for this simulation of an ad-hoc session.

Bomgar Button

If you selected Bomgar Button, search for a deployed Bomgar Button by profile, associated public portal, associated queue, computer name, or description. The associated public portal will be automatically selected above.

Jump Client

If you selected Jump Client, search for a pinned Jump Client by name, comments, Jump group, tag, or associated public portal. The associated public portal will be automatically selected above.

Customer Present

If you selected Jump Client, you can choose whether the customer should appear as present or not.

Jumpoint or Local Jump

Because local Jumps and Jumpoints are always associated with the default public portal, there are no further settings to define.

Simulate

Click Simulate. In the area below, the permissions configurable by session policy are displayed in read-only mode. You can see which permissions are allowed or denied as a result of the stacked policies, as well as which policy set each permission.