Security: Manage Security Settings

Management > Security

Security :: Options

Minimum Password Length

Set rules for local user accounts regarding the length of passwords.

Require Complex Passwords

Set rules for local user accounts regarding the complexity of passwords.

Default Password Expiration

Set rules for local user accounts regarding how often passwords expire.

Enable Password Reset

Allow users with configured email addresses to reset passwords. The link provided in password reset emails are valid until one of the following events occurs:

  • 24 hours has elapsed.
  • The link is clicked, and the password is successfully reset.
  • The system sends another link to the email address.

Enable Saved Logins

Allow or disallow the representative console to remember a user’s credentials.

Account Lockout After

Set the number of times an incorrect password can be entered before the account is locked out.

Account Lockout Duration

Set how long a locked-out user must wait before being allowed to reattempt login. Alternatively, require an admin to unlock the account.

Terminate Session If Account Is In Use

If a user tries to log into the representative console with an account already in use, a checked Terminate Session box disconnects the previous connection in order to allow the new login.

Log Out Idle Representative After

Set the length of time after which an inactive user is logged out of the representative console to free the license for another user.

Enable Logout Notification on Idle Timeout

Set if a user should receive a prompt before being logged out due to inactivity. The first notification occurs 30 seconds before logout and the second when logout has occurred.

Remove Representative from Session After Inactivity

This option effectively pushes a user out of a session after the period of inactivity you select. This helps Bomgar customers meet compliance initiatives with inactivity requirements. The user is notified 1 minute prior to removal and may reset the timeout.

A user is considered active in a session if any files are being transferred, whether through the file transfer tab or the chat interface, or if they click the mouse or press a key in the session tab. Mouse movement by itself does not count as activity. As soon as activity stops, the inactivity timer begins.

Allow Mobile Bomgar Representative Console and Bomgar Web Rep Console to Connect

Give users the option of accessing remote systems through the Bomgar representative console app for iOS and Android, as well as through the web rep console, a browser-based representative console.

Maximum Session Key Timeout

Maximum Session Key Timeout sets the longest time for which a session key may remain valid. From the representative console, a user can set the lifetime of each generated session key up to but no longer than the time defined on this page. If the customer does not use the session key within the allotted time, the key will expire, and the user will need to issue a new session key in order to run a session.

Display Thumbnail View in the Bomgar Representative Console

When supporting a customer with multiple monitors, Show Multi-Display Thumbnail View in the Bomgar Representative Console allows the user to see thumbnail images of all available displays. These thumbnail images are not recorded in session recordings. Uncheck this box to show rectangles rather than thumbnails.

Allow Representatives to Take Remote Screenshot

You can allow users to capture screenshots of the remote desktop from the representative console.

Allow Representatives to Control the Customer Client Window

Allow Representatives to Control the Customer Client Window helps strengthen security by preventing users from interacting with the customer client while screen sharing. Users may still move or minimize the client but may not type in the chat area or interact with links or buttons without this permission enabled.

Clipboard Synchronization Mode

Clipboard Synchronization Mode determines how users are allowed to synchronize clipboards within a screen sharing session. The available settings are as follows:

  • Not Allowed – The user cannot access or modify the remote computer's clipboard.
  • Allowed to Manually Send Clipboard From Rep to Customer – The user can click a button to copy the contents of the local clipboard to the remote computer's clipboard.
  • Allowed to Manually Send Clipboard in Either Direction – The user can click a button to copy the contents of the local clipboard to the remote computer's clipboard or can copy the contents of the remote clipboard to their local clipboard.
  • Automatically Send Clipboard Changes in Both Directions – The contents of both the local and remote clipboards automatically remain the same.

You MUST restart the software on the status page for this setting to take effect.

Force Public Site to Use SSL (https)

Additional security can be obtained with Force Public Site to Use SSL (https). Using HTTPS forces the internet connection to your public support portal to be SSL-encrypted, adding an additional layer of security to prevent unauthorized users from accessing accounts.

Block External Resources, Inline Scripts, and Inline Styles on the Public Site

Prevent your public site from loading external resources, running inline scripts, or displaying inline styles. This option is effected by sending the Content-Security-Policy (CSP) HTTP header with a value of default-src 'self'.

The CSP header tells the browser to ignore resources such as images, fonts, stylesheets, scripts, frames, and other subresources from outside its own origin domain. It also ignores inline scripts and styles, whether included in the head or body of the page. This also affects inline scripts and styles added dynamically at runtime from JavaScript.

Any resources you wish to use must be uploaded to the appliance at Public Portals > File Store. You should not enable this option if you have customized your public site template to use inline scripts, inline styles, or resources external to your Bomgar site.

SSL Certificate Validation

You can require SSL Certificate Validation to force Bomgar software – including representative consoles, customer clients, presentation clients, and Jump Clients – to verify that the certificate chain is trusted, that the certificate has not expired, and that the certificate name matches the Bomgar Appliance hostname. If the certificate chain cannot be properly validated, the connection is not allowed.

If certificate verification has been disabled and is then enabled, all consoles and clients automatically upgrade the next time they connect. Note that LDAP connection agents are not automatically upgraded but must be reinstalled for this setting to take effect.

When SSL Certificate Validation is enabled, security checks in addition to Bomgar’s built-in security are performed to validate the SSL certificate chain being used to secure communications. It is highly recommended that you do enable SSL validation. If certificate validation is disabled, a warning message appears on your administrative interface. You can hide this message for thirty days.

Note: To enable SSL certificate validation, you must provide your SSL certificate to Bomgar so that the certificate can be embedded within your Bomgar software.

Days to Keep Logging Information

In Days to Keep Logging Information, you can set how long logging information should be stored on the appliance. This information includes the session reporting data and recordings. The maximum duration for which session reporting data and recordings can be retained on a Bomgar Appliance is 90 days. This is the default value in a new installation. It is possible that session recordings for some sessions within the retention time frame are not available. This could be caused by disk space constraints or the Days to Keep Logging Information setting.

The Bomgar Appliance runs a maintenance script every day that ensures disk usage does not exceed 90%. Should this be exceeded, the script begins deleting session recordings based on a formula until the disk usage is less than 90%. If the Days to Keep Logging Information setting was recently changed, the new setting may take up to 24 hours to go into effect. If data or recordings must be retained beyond the configured limit, Bomgar recommends using the Integration Client or the Reporting API.

Allow Reboot With Cached Login Credentials

Enable or disable representatives to request customers to enter login credentials to be used during a reboot by clicking Allow Reboot With Cached Login Credentials.

Inter-appliance Communication Pre-shared Key

Note: This feature is available only to customers who own an on-premises Bomgar Appliance. Bomgar Cloud customers do not have access to this feature.

Enter a password in the Inter-appliance Communication Pre-shared Key field to establish a trusted relationship between two appliances. Matching keys are required for two or more appliances to be configured for features such as failover or clustering. The key must contain at least 6 characters and contain at least one uppercase letter, one lowercase letter, one number, and one special character.

Enable Streamlined Session Start

Attempt to start sessions using ClickOnce or Java. If this option is unchecked, the customer client must be manually downloaded and run.

Security :: Network Restrictions

Determine which IP networks should be able to access /login and /api on your Bomgar Appliance. If you enable network restrictions, you can also enforce the networks on which representative consoles may be used.

Allow From Any Network

No network restrictions are enforced.

Allow Only the Following Networks

Only the listed IP addresses can access your Bomgar Appliance on /login or /api.

Deny Only the Following Networks

All but the listed IP addresses can access your Bomgar Appliance on /login or /api.

Restrict representative console access to the above networks

If you select Only on user's first authentication, then a user must be on an allowed network the first time they log into the representative console. At that time, a token is issued to the device so that subsequent logins to the representative console can occur from any network location.

If you select Always, then a user must be on an allowed network every time they log into the representative console.

If you select Never, then a user can access the representative console from any network location.

Security :: Port Restrictions for Administrative Web Interface

Note: This feature is available only to customers who own an on-premises Bomgar Appliance. Bomgar Cloud customers do not have access to this feature.

Set the ports through which your /login interface can be accessed.