Create Jump Policies to Control Access to Jump Items

To control access to particular Jump Items, create Jump Policies. Jump Policies are used to control when certain Jump Items can be accessed by implementing schedules, sending email notifications when a Jump Item is accessed, or requiring approval or user entry of a ticket system ID before a Jump Item may be accessed. A Jump Policy can be applied to Jump Clients as well as to Jump shortcuts.

Create a Jump Policy

  1. From the /login administrative interface, go to Jump > Jump Policies.

Jump > Jump Policies

Set up a jump policy for ticket-enabled access

  1. Click Add New Jump Policy.

    Note: A Jump Policy does not take effect until you have applied it to at least one Jump Item.

 

Create a new Jump Policy

  1. Create a unique name to help identify this policy. This name should help users identify this policy when assigning it to Jump Items.
  2. Set a code name for integration purposes. If you do not set a code name, one is created automatically.
  3. Add a brief description to summarize the purpose of this policy.
  4. If you want to enforce an access schedule, check Enable. If it is disabled, then any Jump Items that use this policy can be accessed without time restrictions.

    Note: Jump schedule and Jump approval cannot both be enabled on the same policy.

    • Set a schedule to define when Jump Items under this policy can be accessed. Set the time zone you want to use for this schedule, and then add one or more schedule entries. For each entry, set the start day and time and the end day and time.
    • If, for instance, the time is set to start at 8 am and end at 5 pm, a user can start a session using this Jump Item at any time during this window but may continue to work past the set end time. They will not, however, be allowed to re-access this Jump Item after 5 pm.
    • If stricter access control is required, check Force session to end. This forces the session to disconnect at the scheduled end time. In this case, the user receives recurring notifications beginning 15 minutes prior to being disconnected.
  5. You may choose to trigger an email notification whenever a session starts or ends with a Jump Item that uses this policy.
    • Check Notify recipients when a session starts to send an email at the beginning of a session. When a user attempts to start a session with a Jump Item that uses this policy, a prompt states that a notification email will be sent and asks if the user would like to start the session anyway.
    • Check Notify recipients when a session ends to send an email at the end of a session. When a user attempts to start a session with a Jump Item that uses this policy, a prompt states that a notification email will be sent at the end of the session and asks if the user would like to start the session anyway.
    • Enter one or more email addresses to which emails should be sent. Separate addresses with a space. This feature requires a valid SMTP configuration for your appliance, set up on the /login > Management > Email Configuration page.
    • Enter the name of the email recipient. This name appears on the prompt the user receives prior to a session with a Jump Item that uses this policy.
    • If more than one language is enabled on this site, set the language in which to send emails.
  6. If you check Require a ticket ID before a session starts, a valid ticket ID from your external ticket ID approval process must be entered by the user whenever a session is attempted with any Jump Item that uses this Jump Policy. When a user attempts to start a session with a Jump Item that uses this policy, a configurable dialog prompts the user to enter the approved ticket ID from your external ITSM or ticket ID system. For more information, see Appendix: Require a Ticket ID Workflow for Jump Item Access
  7.  If you check Require approval before a session starts, an approval email is sent to the designated recipients whenever a session is attempted with any Jump Item that uses this Jump Policy. When a user attempts to start a session with a Jump Item that uses this policy, a dialog prompts the user to enter a request reason and the time and duration for the request.

    Note: Jump schedule and Jump approval cannot both be enabled on the same policy.

    • Set the maximum length of time for which a user can request access to a Jump Item that uses this policy. The user can request a shorter length of access but no longer than that set here.
    • When approval has been granted to a Jump Item, that Jump Item becomes available either to any user who can see and request access to that Jump Item or only to the user who requested access.
    • Enter one or more email addresses to which emails should be sent. Separate addresses with a space. This feature requires a valid SMTP configuration for your appliance, set up on the /login > Management > Email Configuration page.
    • Enter the name of the email recipient. This name appears on the prompt the user receives prior to a session with a Jump Item that uses this policy.
    • If more than one language is enabled on this site, set the language in which to send emails.
  8. If you check Disable Session Recordings, sessions started with this Jump Policy are not recorded, even if recordings are enabled on the Configuration > Options page. This affects screen sharing recordings, protocol tunnel Jump recordings, and command shell recordings.
  9. When you are finished configuring this Jump Policy, click Save Jump Policy.

Jump Policies :: Email Notification Template

  1. You can modify the notification email template. Use any of the macros listed below this field in the /login page to customize the text for your purposes.

 

Jump Policies :: Email Approval Template

  1. You also can modify the approval email template. Use any of the macros listed below this field in the /login page to customize the text for your purposes.

 

  1. If you enabled the requirement of a ticket ID in the Jump Approval section, configure access to your external ticket ID system.

    In Ticket System URL, enter the URL for your external ticket system. If an HTTPS URL is entered, upload the certificate for the HTTPS ticket system connection to the appliance.

    In User Prompt, enter the dialog text you want access console users to see when they are requested to enter the ticket ID required for access.

    If your company's security policies consider ticket ID information as sensitive material, check the Treat the Ticket ID as sensitive information box.

    For more information, see Appendix: Require a Ticket ID Workflow for Jump Item Access.

After the Jump Policy has been created, you can apply it to Jump Items either from the /login interface or from the access console.