Jump Items
What are Jump Items?
Jump Items are individual systems or devices (that is, and endpoint connection) that are made available for remote access within a Jump Group that enable administrators to organize and control access to remote systems in a secure manner.
How are Jump Items useful to my organization?
Jump Items allow support representatives to securely access and troubleshoot remote systems, ensuring efficient issue resolution while maintaining control over which systems can be accessed and when.
How do I access the Jump Items page?
-
Sign into app.beyondtrust.io.
The BeyondTrust Home page displays. -
From the main menu, click Privileged Remote Access > Jump.
The Jump page opens and the Jump Clients tab displays by default. -
Click the Jump Items.
The Jump Items page displays.
The Jump Items page

- Left menu: Easy access to all pages in Privilege Remote Access, including Status, Consoles & Downloads, My Account, Configuration, Jump, Vault, Console Settings, Users & Security, Reports, Management, and Appliance pages.
- Status: Opens the Status page.
- Header: Change your tenant site, manage your profile, and access documentation.
- Mass Import Wizard: Downloads a template for specified Jump Items.
- .Configuration Help: Parameter values on the different types of Jump Items.
Jump Shortcuts Mass Import Wizard
You can use the Jump Shortcuts Mass Import Wizard to create Jump Shortcuts for anyone of the following sessions:
- Remote VNC
- Remote RDP
- Shell Jump (Secure Shell (SSH) or Telnet enabled network devices)
- Protocol Tunnel Jump
Important
Linux Jumpoints can only be used for RDP, SSH/Telnet, and VNC sessions. Linux Jumpoints do allow for credential injection from user or Vault, as well as RemoteApp functionality and Shell Jump filtering. Clustered Jumpoints can only add new nodes of the same operating system.
You cannot mix Windows and Linux nodes.
When you create a large number of Jump shortcuts, it may be easier to import them via a spreadsheet than to add them one by one in the representative console.
Download a template suitable for importing Jump Shortcuts
To do this, use the templates via the Jump Shortcuts Mass Import Wizard and follow these steps:
- From the Download a Template Suitable for Importing Jump Shortcuts section, click the dropdown and select the type of Jump Item you wish to add:
- Remote VNC
- Remote RDP
- Shell Jump (SSH or Telnet enabled network devices)
- Protocol Tunnel Jump
- Click Download Template.
A comma-separated file (*.csv) is downloaded. - Use the text in the CSV template as column headers and add the information for each Jump shortcut you wish to import. Optional fields can be filled in or left blank.
Upload Jump Shortcuts mass import template
Once you have completed filling out the template, click Import Jump Shortcuts to upload the CSV file containing the Jump Item information. The CSV file should use the format described in the tables below.
Note
The maximum file sized allowed to be uploaded at one time is 5 megabytes (MB). Only one type of Jump Item can be included in each CSV file.
Jump Shortcut Help
Remote VNC Jump Shortcut help
Parameter | API Value | Required | Default Value | Description |
---|---|---|---|---|
Hostname | remote_vnc_hostname | Yes | The hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters. | |
Jumpoint | jumpoint | Yes | The name of the Jumpoint through which the endpoint is accessed. | |
Port | port | No | 5900 | A valid port number from 100 to 65535. |
Name | name | Yes | Enter a Name for the Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters. | |
Jump Group | group | Yes | The name of the Jump Group with which this Jump Item should be associated. | |
Tag | tag | No | You can organize your Jump Items into categories by adding a tag. This string has a maximum of 64 characters. | |
Comments | comments | No | You can add comments to your Jump Items. This string has a maximum of 1024 characters. | |
Jump Policy | jump_policy | No | The name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item. | |
Session Policy | session_policy | No | The name of a Session Policy. You can specify a Session Policy to manage the permissions available on this Jump Item. |
Remote RDP Jump Shortcut help
Shell Jump Shortcut help
Parameter | API Value | Required | Default Value | Description |
---|---|---|---|---|
Hostname | shelljump_hostname | Yes | The hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters. | |
Jumpoint | jumpoint | Yes | The name of the Jumpoint through which the endpoint is accessed. | |
Username | jumpoint | No | The username to sign in as. | |
Protocol | protocol | Yes | The values are SSH or Telnet. | |
Port | port | No | SSH: 22, Telnet: 23 | A valid port number from 1 to 65535. The values are:
|
Terminal Type | terminal | No | xterm | The values are xterm (default) or VT100. |
Keep-Alive | keep_alive | No | The number of seconds between each packet sent to keep an idle session from ending. This is any number from 0 to 300. The value of 0 disables keep-alive (default). | |
Name | name | Yes | Enter a Name for the Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters. | |
Jump Group | group | Yes | The name of the Jump Group with which this Jump Item should be associated. When the import method is used, a Jump Item cannot be associated with a personal list of Jump Items. | |
Tag | tag | No | You can organize your Jump Items into categories by adding a tag. This string has a maximum of 1024 characters. | |
Comments | comments | No | You can add comments to your Jump Items. This string has a maximum of 1024 characters. | |
Jump Policy | jump_policy | No | The name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item. | |
Session Policy | session_policy | No | The name of a session policy. You can specify a session policy to manage the permissions available on this Jump Item. |
Protocol Tunnel Jump Shortcut help
Parameter | API Value | Required | Default Value | Description |
---|---|---|---|---|
Hostname | protocol_tunnel_hostname | Yes | The hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters. | |
Jumpoint | jumpoijnt | Yes | The name of the Jumpoint through which the endpoint is accessed. | |
Name | name | Yes | Enter a Name for the Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters. | |
Jump Group | group | Yes | The name of the Jump Group with which this Jump Item should be associated. When the import method is used, a Jump Item cannot be associated with a personal list of Jump Items. | |
Tunnel Type | tunnel_type | No | tcp | The type of tunnel which is one of IP, K8S, MSSQL, MySQL, PSQL, or TCP. |
Tunnels | tcp_tunnels | No | A tunnel definition is a mapping of a TCP port on the local user's system to a TCP port on the remote system specified by the hostname. It is a list of one or more tunnel definitions and is required when the tunnel type is TCP. Any connection made to the local port causes a connection to be made to the remote port, allowing data to be tunneled between local and remote systems. Multiple mappings should be separated by a semicolon. For example, auto->22;3306->3306. In this example, a randomly chosen local port maps to remote port 22, and local port 3306 maps to remote port 3306. | |
Filter Rules | filter_rules | No | A filter rule is required to contain an IP address rule, and may contain an optional port rule and optional Internet Assigned Numbers Authority (IANA) protocol keyword (default is ANY), each separated by a space in the order of: <IP rule, port rule, protocol number>. Multiple rules should be separated by a semicolon. This setting is required when the tunnel type is IP.
For example: 192.168.12.0/24 9000 TCP;192.168.1.10-192.168.1.20 8000-8005 UDP;192.168.2.10,192.168.2.20 ANY;10.10.10.10 ICMP;127.0.0.1 90,9000 TCP | |
Username | username | No | The username which is required when the tunnel type is mssql. This string has a maximum of 128 characters. | |
Database | database | No | The database name which is used when the tunnel type is mssql. This string has a maximum of 128 characters. | |
Local Address | local_address | No | 127.0.0.1 | The local address on which the system is listening for connections to the defined tunnels. The value must be within the 127.0.0.0/24 subnet. |
Tags | tag | No | You can organize your Jump Items into categories by adding a tag. This string has a maximum of 64 characters. | |
Comments | comments | No | You can add comments to your Jump Items. This string has a maximum of 1024 characters. | |
Jump Policy | jump_policy | No | The name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item. | |
Session Policy | session_policy | No | The name of a session policy. You can specify a session policy to manage the permissions available on this Jump Item. | |
URL | url | No | The url which is used for Kubernetes tunnel jump items. This string has a maximum of 256 characters. | |
CA Certificates | ca_certificates | No | The certificate which is used for Kubernetes tunnel jump items. This string has a maximum of 12,288 characters. |
Endpoint User Agreement
To accept the Endpoint Agreement, do the following steps:
- Click the Enable Endpoint User Consent Configuration for Applicable Jump Items checkbox.
- Add a Title and Text, then click Save.
- Add a Timeout value. The default value is 60 seconds.

Note
The Endpoint Agreement only applies to Jump Clients and Remote Jump Shortcuts and Local Jump Shortcuts.
Jump Item settings
Simultaneous Jumps
- Simultaneous Jumps provide a way for multiple users to gain access to the same jump item without having to be invited to join an active support session by another user.
By using the For Jump Client, Local Jump, Remote Jump, Remote VNC field, you can create new sessions. The options you can choose are the following:
Value Name | Description |
---|---|
Join Existing Session | Provides a way for multiple users to gain access to the same Jump Item without an invitation to join an active session by another user. The first user to access the Jump Item maintains ownership of the session. Users in a shared Jump session see each other and can chat. Users can join a session that was started from another copy of a Jump Client in a different Jump Group. Session permissions are based on the original Jump Client that started the session. Once the first user is in a session, subsequent users will be able to enter the session. The first user will receive a notification that another user has joined the session, but the first user will not have an opportunity to deny access before other user joins. If this setting is not selected, a user cannot join a session that was started from another copy of a Jump Client, unless it is the same Jump Group. |
Disallow Jump | Ensures only one user can Jump to a Jump Item at a time. Only an invitation by the user who originated the session can allow for a second user to access the session. |
- From the For Remote RDP field, you can create new sessions which jump to a specific RDP Jump item. The options you can choose are the following:
Value Name | Description |
---|---|
Start a New Session | Provides a way for multiple users to gain access to the same Jump Item without an invitation to join an active session by another user. For RDP, a new independent session will start for each user which jumps to a specific RDP Jump Item, and the RDP configuration on the endpoint will control any further behavior regarding simultaneous RDP connections. |
Disallow Jump | Ensures only one user at a time can Jump to a Jump Item. Only an invitation by the user who originated the session can allow for a second user to access the session. |
- From the External Tools section, select the appropriate checkboxes to use external tools (that is, bring your own tools (BYOT)) with a Remote RDP or Shell sessions. If selected, this enables a user to run the local RDP client vs the one embedded in the Access console.

Shell Jump Filtering
The Shell feature restricts which commands can be executed. It works in conjunction with the values that are configured for an individual on the Command Shell section of the Users & Security > Users page. For groups of users, you can set up session policies on the Users & Security > Session Policies page.
Shell Prompt Matching Validation
A part of the Shell feature is being able to tell when your shell is at a prompt, so regex pattern is used that matches a shell prompt, and a default one that works almost anywhere is given.
![Shell Filtering interface with two sections. The first section, labeled "Recognized Shell Prompts," has a text box containing the regular expression .*[>#%\$] and a "Save" button. The second section, labeled "Shell Prompt Matching Validation," has an empty text box and a "Check" button.](https://files.readme.io/d6e55e275ddb08fa933b2258f46bd89aad58b10c2d4a8845c1ffb41e52b70d23-PF_UX_JumpItems_ShellFiltering_Page.png)
Updated 24 days ago