Network Setup Examples

Network Setup Example 1: Kerberos KDC

For this example:

  • The Bomgar Appliance may or may not be located behind a corporate firewall.
  • Representatives may or may not be on the same network as the Bomgar Appliance.
  • Representatives belong as members to a Kerberos realm.
  • Representatives can communicate with their KDC (typically over port 88 UDP).

 

Configuration

  1. On the Kerberos KDC, register an SPN for your Bomgar Appliance hostname and then export the keytab for this SPN from your KDC.
  1. Log into your Bomgar Appliance's /login interface.

Users & Security > Kerberos Keytab
Kerberos Keytab

  1. Go to Users & Security > Kerberos Keytab.
  2. Under Import Keytab, browse to the exported keytab and then click Upload. You should now see this SPN under the list of Configured Principals.

 

Users & Security > Security Providers
Security Provider Configuration Page

  1. Go to Users & Security > Security Providers and click Configure New Provider.

 

Add Kerberos Server Configuration

  1. Enter a name for this security provider configuration and set the following options:
    • Server Type: Kerberos
    • Service Type: Users
  1. Click Add Provider.

 

Configure Kerberos Server

  1. Choose if you want to synchronize display names and then select the following options:
    • User Handling Mode: Allow all users
    • SPN Handling Mode: Allow all SPNs
  1. Optionally, select to remove the REALM portion from the User Principal Name when constructing the Bomgar username.
  2. You may also select a default group policy for users who authentication against this Kerberos server.
  1. Click Add Provider to save this configuration.