Configure the Bomgar Vault Instance for the Bomgar Remote Support Integration
Once you have configured all of the necessary parts in Bomgar Remote Support (RS), you must now configure your Vault instance.
Create the Remote Support User in Vault
The administrative user you selected or created in Bomgar Remote Support must also be a user within Bomgar Vault. In Bomgar Vault, users are granted permissions to perform certain actions on a credential, such as create, delete, modify, and check out, via credential policies (Credentials > Credential Policies). In order for a representative to perform credential injection through the rep console in Bomgar RS using a credential stored in Bomgar Vault, the representative must have permission to check out that specific credential in Bomgar Vault. This is why the user must exist in both instances. To create a user in Bomgar Vault, follow the steps below.
- Go to Administration > Users.
- Click New User.
- Type in the username as seen in Bomgar RS.
- Type in the complete name of the user.
- Verify that the user's status is Active.
- Click New Auth Method.
- Select the authentication method that is relevant for both RS and Vault from the dropdown.
- Click Accept.
Note: To learn more about authentication methods, please see the Authentication Settings for Bomgar Vault.
- Next, click on the Roles tab.
- Click once on the role or roles to assign to the user.
- Click the > arrow to assign the role to the user.
Note: To learn more about authentication methods, please see the User Security Roles.
Note: It is not required for you to have user groups configured for the integration. However, it is highly recommended that you create user groups for your Vault instance to make managing users simpler. To learn more about user groups, please see Create User Groups.
From the list, click once on the user group or groups you wish your user to be assigned to.
- Click the > arrow to assign the group to your user.
- Next, click on the Contact method tab.
In the Contact Info field, enter the user's email address as seen in Bomgar RS.
- Click Add.
- Click Save to save your user in Bomgar Vault.
Create the Remote Support Jump Client as an Endpoint in Bomgar Vault
Note: If you are a Vault Go! user, you do not need to configure endpoints in your instance.
Note: If you are using a shared credential for the integration or only shared credentials in your environment, this section does not apply.
The Jump Client you configured in Bomgar RS must be created as an endpoint in Bomgar Vault. When credential injection is performed in the rep console, the ECM looks at the user requesting access to the credentials as well as the endpoint being accessed in Bomgar Vault and returns credentials that are specific to both that user and that endpoint. To create an endpoint in Bomgar Vault, follow these steps.
- Go to Endpoints > Endpoints.
- Click New Endpoint.
- Type in the name of the endpoint as seen in Bomgar RS.
The endpoint name must match exactly the endpoint listed in RS. If your RS endpoint shows NetBIOS, use NetBIOS. If it uses the fully qualified name, use the the fully qualified name.
- Include a description of the endpoint.
- Select the endpoint type from the dropdown.
Note: Depending on the endpoint type selected, you may be required to complete more information for the endpoint, such as SSL requirements or service information.
- Choose the network where the endpoint resides.
- Include the IP address of the endpoint.
Note: If you have endpoint groups configured in Bomgar Vault, you may assign the endpoint to an endpoint group. To learn more about endpoint groups, please see Create Endpoint Groups .
- Click Accept.
Create a Credential for the Endpoint in Bomgar Vault
Once the RS user and endpoint have been configured in Bomgar Vault, it is important to create a credential that can log into the endpoint. When configured in Bomgar Vault, the credential appears in the list of options that can be used for credential injection on the endpoint in the rep console. To create the credential in Bomgar Vault, follow these steps.
- Go to Credentials > Credentials.
- Click New Credential.
- Under the Basic Information section, choose the credential type.
- Select a credential policy for your credential.
Note: Default credential policies are available for selection based on the credential type you select. If you wish to add your own custom credential policies, please see Create Credential Policies. If you receive a message stating, "You do not have permission on any credential policy," follow the steps provided in the next section.
- Select a directory from the dropdown.
- Select Restricted as the access type.
Note: If you are a Vault Go! customer or are using a shared credential for the integration, the endpoint information discussed in this section does not apply to you.
- Click Add Endpoints.
- From the Unassigned list, select the endpoint you just created.
- Click the > arrow.
- Click Accept.
- Type a description explaining the purpose of the credential.
- Enter the username and password for the credential.
- Retype the password to confirm it.
- Click Create.
Note: If you click the Advanced button, you can configure more options for your credential, such permissions, automation rules, and check out policies. However, to initially create and test the RS and Vault integration, this is not required.
Create Integration in Bomgar Vault
Like in Bomgar RS, you must also configure an integration account in Bomgar Vault. This account is important because it provides you with the authentication credential or shared key you need to enable Vault's connection to the ECM. To create an integration account, follow the steps below.
- Go to Administration > Settings > Integrations.
- Click New Integration.
Note: Only Name, Authentication credential, Status, Justification, and Justification for skipping workflow approval are required fields to establish a new integration account.
- Enter a name for the integration.
- If desired, type a description for the account.
- Make sure Active is selected as the status.
- Select Application Authentication.
- Enter a authentication credential for the integration.
Note: The authentication credential can be a new or existing credential. It is only for establishing Vault's connection to the ECM.
- Make a note of the credential in an easy to access place.
- Enter IP addresses that are allowed for this integration, such as the Vault server. Click Add IP Address.
- Select a checkout reason.
- Select a valid checkout request time.
- Enter a justification for checking out credentials using this integration.
- Enter a justification for skipping workflow approval when checking out credentials using this integration.
- Click Accept.