Use a Web Jump to Access Web Services

With the proliferation of infrastructure components that have moved to web-based interfaces for configuration, IT administrators are faced with an increasingly complex security management situation. With privileged access to web-based resources, it is a challenge to control, audit, and enforce proper authentication without negatively affecting business productivity. IT administrators need a way to effectively control and audit resources managed via web interfaces, including:

  • Externally hosted IaaS (Infrastructure as a Service) servers such as Amazon AWS, Microsoft Azure, IBM Softlayer, and Rackspace.
  • Internally hosted servers managed by hypervisor software such as VM Ware vSphere, Citrix XenServer, and Microsoft Hyper-V.
  • Modern core network infrastructure that leverage web-based configuration interfaces.

The identity and access management capabilities vary significantly between IaaS, hypervisor providers, and core infrastructure systems, and many do not offer native multifactor authentication support, thereby missing that additional layer of security. These inconsistencies across systems create opportunities for business vulnerabilities, such as misuse of accounts and access, leading to leaks of sensitive data.

Create a Web Jump Shortcut

Note: Before creating Web Jump shortcuts, ensure that your user account has the ability to access Web Jumps by navigating to Users & Security > User Settings > Jump Technology.

Note: Web Jump Items are available for use only from the desktop access console.

Create Jump Shortcut

To create a Web Jump shortcut, click the Create button in the Jump interface. From the dropdown, select Web Jump. Web Jump shortcuts appear in the Jump interface along with Jump Clients and other types of Jump Item shortcuts.

Organize and manage existing Jump Items by selecting one or more Jump Items and clicking Properties.

Note: To view the properties of multiple Jump Items, the items selected must be all the same type (e.g., all Jump Clients, all Remote Jumps, etc.).To review properties of other types of Jump Items, please see the appropriate section in this guide.

Create New Web Jump Shortcut

Enter a Name for the Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters.

From the Jumpoint dropdown, select the network that hosts the computer you wish to access.

Type the URL for the website you wish to access.

Check Verify Certificate if you want the site certificate to be validated before the connection is made. If this box is checked and issues are found with the certificate, the session does not start.

IMPORTANT!

You should uncheck Verify Certificate only if you are Jumping to a site that you trust but that uses a self-signed certificate.

Move Jump Items from one Jump Group to another using the Jump Group dropdown. The ability to move Jump Items to or from different Jump Groups depends upon your account permissions.

 

Further organize Jump Items by entering the name of a new or existing Tag. Even though the selected Jump Items are grouped together under the tag, they are still listed under the Jump Group in which each is pinned. To move a Jump Item back into its top-level Jump Group, leave this field blank.

Jump Items include a Comments field for a name or description, which makes sorting, searching, and identifying Jump Items faster and easier.

To set when users are allowed to access this Jump Item, if a notification of access should be sent, and/or if permission or a ticket ID from your external ticketing system is required to use this Jump Item, choose a Jump Policy. These policies are configured by your administrator in the /login interface.

Choose a Session Policy to assign to this Jump Item. The session policy assigned to this Jump Item has the highest priority when setting session permissions. The ability to set a session policy depends on your account permissions.

 

Use a Web Jump Shortcut

To use a Jump shortcut to start a session, simply select the shortcut from the Jump interface and click the Jump button.

Once a connection is made to the website, click the screen sharing button. The website's login interface becomes available. If you click a link to download a file from the website, a prompt appears in your chat window asking you to accept or decline the download. If you accept, a window opens on your computer allowing you to choose a download location. Uploading files to the website works similarly, opening a window to allow you to choose which file to upload.

Web Jump to Website

Note: Popups open in the same window, redirecting the current page. Once you have completed the task on the popup, click the back button to return to the previous page.

Use Credential Injection

When integrating Bomgar PA with a password vault system like Bomgar Vault, you can seamlessly access your website accounts without viewing the login screen or entering any credentials using credential injection.

Note: For more information about Bomgar Vault, please see https://www.bomgar.com/vault.

The following list of URLs are certified to work with Web Jump Items and credential injection:

Web Service Supported URLs
Amazon Web Services (AWS) console.aws.amazon.com
Windows Azure

ADFS Account:

  • account.windowsazure.com/domain.com
  • manage.windowsazure.com/domain.com
  • manage.windowsazure.com/?whr=domain.com

Microsoft Account:

  • manage.windowsazure.com/hotmail.com
  • manage.windowsazure.com/?whr=hotmail.com
  • account.windowsazure.com/profile/
VMware Web Client

VMware Management Portal

  • https://vc.eng.example.com/vsphere-client/

vCloud Air Web Portal

  • https://vca.vmware.com/
Twitter twitter.com/login
Facebook facebook.com/login
LinkedIn https://www.linkedin.com/
Foursquare https://foursquare.com/login
Myspace https://myspace.com/signin
Google https://accounts.google.com/
Yahoo https://login.yahoo.com
Live https://login.live.com
Microsoft Outlook https://outlook.com/domain.com
Salesforce https://login.salesforce.com/
Onelogin https://app.onelogin.com
PingOne https://admin.pingone.com
Okta https://domain.okta.com
Rackspace https://app.rackspace.com
Joyent https://my.joyentcloud.com/
CenturyLink https://eam.centurylink.com/
Workspace https://workspace.cloud.com/

Note: For seamless credential injection on a VMware console, some configuration is required.

  1. Go to the computer hosting the Jumpoint.
  2. Download and install the client integration plugin from the VMware URL specified above.
  3. Using admin permissions, open Windows services (services.msc) on the Jumpoint host.
  4. Right-click on the Bomgar Jumpoint and select Properties.
  5. On the Log On tab under Local System account, check Allow service to interact with desktop.
  6. Click OK.
  7. On the user's local system - the one where the access console is installed - start a Web Jump with the VMware URL specified above.
  8. Select Use Windows Credentials.
  9. This causes a prompt on the Jumpoint host system to allow services to interact with an external program. Give the service permission.
  10. A VMware credential injection prompt is displayed. Uncheck the box asking if you want the prompt to be displayed whenever the program is called. Click Accept.
  11. You can now start Web Jumps to the VMware console using Windows credentials without a prompt.