Configure the Bomgar Remote Support Instance for the Bomgar Vault Integration

After verifying the necessary prerequisites are in place for your server environment, Bomgar Remote Support (RS), and Bomgar Vault, make sure the following items are in place for your RS instance:

  • A user with administrative access to RS
  • A new API account designated for the integration
  • A Jump Item you wish to use for credential injection

Follow the steps below to make sure your RS instance is appropriately configured.

Select a User for the Remote Support and Vault Integration

  1. Navigate to your Rs /login interface and log in (support.example.com/login).
  2. User Accounts

  3. Go to Users & Security > User Accounts.
  4. From the list, select a user that has administrative privileges or create a new user that has administrative privileges to the RS site. If you need to create a new user, please see Users: Add Account Permissions for a User or Admin .
  5.  

    Username and Email for Account

  6. Once you have selected a user, make sure you note the username and email address for that user, as you must add that same user in Bomgar Vault.
  7.  

Create a New API Account for the Remote Support and Vault Integration

You must configure a special API account for the Vault integration with RS. The client ID and client secret generated when creating the API account is essential for configuring the endpoint credential manager (ECM).

Note: The ECM is the middleware connecting Bomgar Vault to Bomgar Remote Support. It is responsible for passing and returning credentials and does not store credential information.

API Configuration

  1. Go to Management > API Configuration.
  2. Verify that Enable XML API is checked.
  3. Under API :: Accounts, click Create New API Account.
  4.  

    API Account

  5. Enter a name for the RS and Vault integration.
  6. Make sure Enabled is checked.
  7. Verify that Full Access is selected for the Command API option.
  8. Check the Allow Access box for the Endpoint Credential Manager API option.
  9. If you wish to place any network restrictions for the account, enter the network address prefixes one per line in the Network Restrictions field.

Note: If adding network restrictions for the account, make sure that you do not restrict the IP address associated with your Bomgar Vault environment.

     

    Oauth Client ID and Oauth Client Secret

  1. Copy the OAuth Client ID and OAuth Client Secret and paste in a place that you can easily access later in the integration process.
  2. Click Add API Account.

Note: If you lose or forget your client secret, you must edit the API account and generate a new client secret. Regenerating a client secret and then saving the account immediately invalidates any OAuth tokens associated with the account. Any API calls using those tokens are unable to access the API.

Review Credential Types

In Bomgar RS, you can use credential injection to acccess endpoints, to elevate, to use Run As, to use UAC, and to login. There are two types of credentials that you can configure for credential injection in Bomgar Vault.

  • Restricted: This type of credential is called Restricted because it is a requirement that you specify the endpoint and the user who can utilize the credential. This is important because you may wish only a specific credential or set of credentials to be returned when accessing a particular endpoint.
    • The endpoint and user account must be configured in both applications.
    • The user account must have permission in Bomgar Vault to use the credential.
    • The endpoint name must be the same in both applications.
  • Shared: This type of credential is called Shared because it does NOT posses an endpoint restriction.
    • The user account must be configured in both applications.
    • The user account must have permission in Bomgar Vault to use the credential.

With those credential types defined, you can choose any of the following scenarios for integration:

  • If using only restricted credentials in your environment, walk through the steps of configuring the same endpoint(s) in Bomgar Remote Support and Bomgar Vault.
  • If using only shared credentials in your environment or if you are a Vault Go! customer, skip the sections pertaining to endpoint creation in Bomgar Remote Support and Bomgar Vault.
  • If using a mixture of both shared and restrictred credentials in your environment, walk through the steps of configuring endpoints in Bomgar Remote Support and Bomgar Vault. However, keep in mind endpoint configuration and association is not required for shared credentials.

Choose a Jump Item for the Remote Support and Vault Integration

Note: If you are a Vault Go! customer, this section does not apply.

Note: If you are using a shared credential for the integration or only shared credentials in your environment, this section does not apply.

In Bomgar RS, it is optional to have a Jump Item configured and deployed on a system in which you wish to use the Bomgar RS and Bomgar Vault integration for credential injection. You can choose to use a Jump Item you have already deployed in RS or deploy a new Jump Item through the RS interface to help you walk through and test the Remote Support and Vault integration.

Select an Existing Jump Item from the Remote Support Rep Console

Note: If you are a Vault Go! customer, this section does not apply.

Note: If you are using a shared credential for the integration or only shared credentials in your environment, this section does not apply.

If you have an existing Jump Item you can review for the integration, follow these steps.

  1. Log into the RS rep console.
  2.  

    Jump Item List

  3. Locate the Jump Items list.
  4. Click on the Jump Item you wish to view the endpoint details for from the Details pane.

Note: Click on the Jump Item once. If you double-click on the Jump Item, the rep console starts a session with the Jump Item.

    Jump Item Details

  1. Review the endpoint details in the right panel, and make note of the endpoint's name and IP address in an easy to access place.

  2. Log out of the RS rep console.

 

Deploy a New Jump Item

Note: If you are a Vault Go! customer, this section does not apply.

Note: If you are using a shared credential for the integration or only shared credentials in your environment, this section does not apply.

If you are new to RS or have not deployed the Jump Item and wish to for the integration, you can deploy a new Jump Item through a few different methods. To learn more about deploying Jump Items, please see Deploy Jump Clients During a Support Session or Prior to Support . Once you have deployed your new Jump Item, follow the steps in the section above to proceed with the integration.