Start an Access Session through a Jump Client

Once a Jump Client has been installed on a remote computer, permitted users can use the Jump Client to initiate a session with that computer, even if the computer is unattended.

From the Access Console

Your Jump Clients are listed in the Jump Interface.

Note: In addition to Jump Clients, you may also see Jump shortcuts for Remote Jumps, Local Jumps, RDP sessions, VNC sessions, and Shell Jumps. Collectively, Jump Clients and Jump shortcuts are referred to as Jump Items. For more information about Jump shortcuts, see the Jumpoint Guide.

Search Jump Clients

Jump Items are listed in Jump Groups. If you are assigned to one or more Jump Groups, you can access the Jump Items in those groups, with the permissions assigned by your admin.

Your personal list of Jump Items is primarily for your individual use, although your team leads, team managers, and users with permission to see all Jump Items may have access to your personal list of Jump Items. Similarly, if you are a team manager or lead with appropriate permissions, you may see team members' personal lists of Jump Items. Additionally, you may have permission to access Jump Items in Jump Groups you do not belong to and personal Jump Items for non-team members.

If a Jump Group contains tagged Jump Items, an arrow appears to the left of the Jump Group name. Click the arrow to show or hide the tags.

In addition to browsing for Jump Items, you can search based on multiple fields. Enter a string in the search field and then press Enter. To change the fields you are searching, click on the magnifying glass and check or uncheck any of the available fields. Searchable fields include comments, console user, domain, group, Jump method, last accessed date, name, private IP, public IP, status, tag, and workgroup.

To view additional statistics about a Jump Item, select the Jump Item. Available statistics appear in the right pane.

To start a session, double-click the Jump Item or select the Jump Item and click the Jump button from:

  • above the Jump interface
  • the right-click menu of the Jump Item
  • the top of the Jump Item statistics pane

If a Jump Policy is applied to the Jump Item, that policy affects how and/or when a Jump Item may be accessed.

Schedule

Jump Policy Schedule

If a Jump Policy enforces a schedule for this Jump Item, an attempt to access the Jump Item outside of its permitted schedule prevents the Jump from occurring. A prompt informs you of the policy restrictions and provides the date and time when this Jump Item is next available for access.

 

Notification

Jump Policy Notification

If a Jump Policy is configured to send a notification on session start and/or end, then an attempt to access a Jump Item alerts you that an email will be sent. You can choose to proceed with the Jump and send a notification, or you can cancel the Jump.

 

Ticket ID

Jump Authorization Request

If a Jump Policy requires entry of a ticket ID from your external ITSM or ticket ID system before the Jump can be performed, a dialog opens. In the dialog, enter the ticket ID you need, authorizing access to this Jump Item.

 

Authorization

Jump Authorization Approval

If a Jump Policy requires authorization before the Jump can be performed, a dialog opens. In the dialog, enter the reason you need to access this Jump Item. Then enter the date and time at which you wish authorization to begin, as well as how long you require access to the Jump Item. Both the request reason and the request time are visible to the approver and help them decide whether to approve or deny access.

 

Jump Authorization Approval

When you click OK, an email is sent to the addresses defined as approvers for this policy. This email contains a URL where an approver can see the request, add comments, and either approve or deny the request.

If a request was approved by one person, a second can access the URL to override approval and deny the request. If a request was denied, then any other approvers accessing the site can see the details but cannot override the denied status. If a user has already joined an approved session, that access cannot be denied. Although other approvers can see the email address of the person who approved or denied the request, the requester cannot. Based on the Jump Policy settings, an approved request grants access either to any user who can see and request access to that Jump Client or only to the user who requested access.

In the Jump interface, the Jump Item's details pane displays the status of any authorization requests as either pending, approved, approved only for a different user, or denied. When an approver responds to a request, a pop-up notification appears on the requester's screen alerting them that access has been either approved or denied. If the requester has a configured email address, an email notification is also sent to the requester.

 

Join Session Notification

When a user Jumps to a Jump Item which has been approved for access, a notification alerts the user to any comments left by the approver.

When approval has been granted to a Jump Item, that Jump Item becomes available either to any user who can see and request access to that Jump Item or only to the user who requested access. This is determined by the Jump Policy.

Note: While multiple requests may be sent for different times, the requested access times cannot overlap. If a request is denied, then a second request may be sent for the same time.

Attempt to Wake Up Jump Client

Depending on the permissions set by your administrator, you may also be able to wake up a selected Jump Client by broadcasting Wake-on-LAN (WOL) packets through another Jump Client on the same network. Once a WOL is attempted, the option becomes unavailable for 30 seconds before a subsequent attempt can be made. WOL must be enabled on the target computer and its network for this function to work. The default gateway information of the Jump Client is used to determine if other Jump Clients reside on the same network. When sending a WOL packet, the user has an advanced option to provide a password for WOL environments that require a secure WOL password.

If you no longer need access to a remote system, select the Jump Item and click Remove, or right-click on the Jump Item and select Remove from the menu. You may select multiple Jump Items to remove them all at the same time.

Note: If the remote user manually uninstalls a Jump Client, the deleted item is either marked as uninstalled or completely removed from the Jump Items list in the access console. If the Jump Client cannot contact the Bomgar Appliance at the time it is uninstalled, the affected item remains in its offline state. This setting is available at /login > Jump > Jump Clients. If a Jump Client goes offline and does not reconnect to the Bomgar Appliance for 180 days, it is automatically uninstalled from the target computer and is removed from the Jump interface.

Jump Client Properties

Organize and manage existing Jump Items by selecting one or more Jump Items and clicking Properties.

Note: To view the properties of multiple Jump Items, the items selected must be all the same type (e.g., all Jump Clients, all Remote Jumps, etc.).

  • Change a Jump Client's mode from the Connection Type dropdown. Active Jump Clients send statistics to the Bomgar Appliance on a defined interval. Passive Jump Clients send statistics to the Bomgar Appliance once a day or upon a manual check in.

    Note: This feature is available only to customers who own an on-premises Bomgar Appliance. Bomgar Cloud customers do not have access to this feature.

    Based on the options your administrator sets, these statistics may include the remote computer’s logged-in console user, operating system, uptime, CPU, disk usage, and a screen shot from the last update.

  • Move Jump Items from one Jump Group to another using the Jump Group dropdown. The ability to move Jump Items to or from different Jump Groups depends upon your account permissions.
  • Further organize Jump Items by entering the name of a new or existing Tag. Even though the selected Jump Items are grouped together under the tag, they are still listed under the Jump Group in which each is pinned. To move a Jump Item back into its top-level Jump Group, leave this field blank.
  • Jump Items include a Comments field for a name or description, which makes sorting, searching, and identifying Jump Items faster and easier.
  • To set when users are allowed to access this Jump Item, if a notification of access should be sent, and/or if permission or a ticket ID from your external ticketing system is required to use this Jump Item, choose a Jump Policy. These policies are configured by your administrator in the /login interface.
  • Choose a Session Policy to assign to this Jump Item. The session policy assigned to this Jump Item has the highest priority when setting session permissions. The ability to set a session policy depends on your account permissions.

 

From the API

By integrating with the Bomgar API, you may programmatically connect to a Jump Item directly from your systems management tool or ticketing system. To start a session with a Jump Item from an external program, you will need to use a Bomgar Console Script (BRCS). A BRCS contains a sequence of commands to be executed by the access console. Double-click a BRCS file to have it automatically executed by the access console, or incorporate it into an external application to send commands to the access console from that application.

One method of creating a BRCS is through the client scripting API. This API is located on your Bomgar Appliance at https://access.example.com/api/client_script, where access.example.com is your Bomgar site hostname.

Note: By default, access to the API is SSL-encrypted; however, you can choose to allow HTTP access by checking the Allow HTTP Access to XML API option on the Management > API Configuration page of the /login administrative interface. It is highly recommended that HTTP remain disallowed as a security best practice.

This option has been deprecated as of 16.1 and does not appear to new users. For users upgrading from a version prior to 16.1, the option is still available if you continue to use the deprecated method of authenticating to the API with a user account. If you switch to the preferred method of authenticating with an API account, all API traffic must occur over HTTPS.

Optional Parameters for the start_jump_item_session Command

jump.method

If specified, only Jump Items using the designated Jump method are included in the results. Acceptable values for this field are push (remote push), local_push, pinned (Jump Client), rdp, vnc, and shelljump.

credential_id

If specified, only a Jump Item with that specific credential ID associated is returned.

This field has a maximum length of 255 characters.

Note: The credential ID is specific to information provided in Bomgar Vault and is used to start sessions with the Bomgar Vault and Bomgar Privileged Access integration.

search_string

Identifies the search criteria used to select and return specific Jump Items as results.

Note: This parameter is required only if no of the client fields below are specified.

client.comments

If specified, only Jump Items with the given comments are included in the results.

This field has a maximum length of 255 characters. Search is partial and case-insensitive.

client.hostname

If specified, only Jump Items with the given hostname are included in the results.

This field has a maximum length of 255 characters. Search is partial and case-insensitive.

client.private_ip

If specified, only Jump Clients with the given private IP address are included in the results. This search field applies only to pinned clients.

This field has a maximum length of 255 characters. Search is partial and case-insensitive.

client.public_ip

If specified, only Jump Clients with the given public IP address are included in the results. This search field applies only to pinned clients.

This field has a maximum length of 255 characters. Search is partial and case-insensitive.

client.tag

If specified, only Jump Items with the given tag are included in the results.

This field has a maximum length of 255 characters. Search is partial and case-insensitive.

session.custom.[custom field]=[string]

The code name and value of any custom fields. These fields must first be configured in /login > Management > API Configuration.

Each attribute must be specified as a different parameter. Each custom field has a maximum length of 1024 characters. The maximum total size of all combined custom fields, including the external key, must be limited to 10KB.

IMPORTANT!

At least one client.* parameter must be specified. If multiple client.* parameters are specified, then only clients matching all criteria are returned.

Query Examples: start_jump_item_session

Start a session with a Jump Item whose hostname contains "ABCDEF02" https://access.example.com/api/client_script?type=rep&operation=generate&action=start_jump_item_session&client.hostname=ABCDEF02
Start a session with a Jump Item whose comments contain "maintenance" and whose tag contains "server" https://access.example.com/api/client_script?type=rep&operation=generate&action=start_jump_item_session&client.comments=maintenance&client.tag=server
Start a session with a pinned Jump Client whose private IP address begins with "10.10.24" and associate custom attributes with the session

https://access.example.com/api/client_script?type=rep&operation=generate&action=start_jump_item_session&client.private_ip=10.10.24&jump.method=pinned&session.custom.custom_field1=Custom%20Value&session.custom.custom_field2=123

Note: If more than one Jump Item matches the search criteria, then a dialog opens, giving the user the option to select the appropriate Jump Item.

Sending one of the above requests to the API prompts the user to download a BRCS file. After downloading the file, the user can run it to automatically open the access console and start a session with a Jump Item.

In addition to generating a script from the API, you can run a BRCS via the command prompt. From the command prompt, go to the directory which contains the access console. Enter the name of your Bomgar access console (e.g., bomgar-acc.exe), followed by one of two commands:

  • --run-script [BRCS command]
  • --run-script-file [path to BRCS file]

Examples:

  • bomgar-acc-x64.exe --run-script "action=start_jump_item_session&client.hostname=ABCDEF02"
  • bomgar-acc-x64.exe --run-script-file my_script_file.brcs-beta60

Jump Client Access from Script

All Jump Items which this user is permitted to access are searched. If the search results in only one Jump Item, the session starts immediately. If multiple Jump Items are returned, select one of the Jump Items listed in the selection window and click OK.

For more information about Bomgar Access Console Scripting, see the API Guide.

 

Note: Jump Items can be set to allow multiple users to simultaneously access the same Jump Item. If set to Join Existing Session, other users are able to join a session already underway. The original owner of the session receives a note indicating another user has joined the session, but is not allowed to deny them access. For more information on simultaneous Jumps, please see Jump Item Settings.

Note: If you would like to learn about Jump Items for mobile devices, view Use Jump Items to Access Endpoints from the Android Access Console for Android devices and Use Jump Items to Access Endpoints from the iOS Access Console for iOS devices.