Jump Items

What are Jump Items?

Jump Items are individual systems or devices (that is, and endpoint connection) that are made available for remote access within a Jump Group that enable administrators to organize and control access to remote systems in a secure manner.

How are Jump Items useful to my organization?

Jump Items allow support representatives to securely access and troubleshoot remote systems, ensuring efficient issue resolution while maintaining control over which systems can be accessed and when.

How do I access the Jump Items page?

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.

  2. From the main menu, click Privileged Remote Access > Jump.
    The Jump page opens and the Jump Clients tab displays by default.

  3. Click the Jump Items.
    The Jump Items page displays.

The Jump Items page

An image of the Jump Shortcuts Mass Import Wizard interface in a Privileged Remote Access application. The interface includes options to download a template for importing jump shortcuts and to upload a completed CSV file.
  1. Left menu: Easy access to all pages in Privilege Remote Access, including Status, Consoles & Downloads, My Account, Configuration, Jump, Vault, Console Settings, Users & Security, Reports, Management, and Appliance pages.
  2. Status: Opens the Status page.
  3. Header: Change your tenant site, manage your profile, and access documentation.
  1. Mass Import Wizard: Downloads a template for specified Jump Items.
  2. .Configuration Help: Parameter values on the different types of Jump Items.

Jump Shortcuts Mass Import Wizard

You can use the Jump Shortcuts Mass Import Wizard to create Jump Shortcuts for anyone of the following sessions:

  • Remote VNC
  • Remote RDP
  • Shell Jump (Secure Shell (SSH) or Telnet enabled network devices)
  • Protocol Tunnel Jump

❗️

Important

Linux Jumpoints can only be used for RDP, SSH/Telnet, and VNC sessions. Linux Jumpoints do allow for credential injection from user or Vault, as well as RemoteApp functionality and Shell Jump filtering. Clustered Jumpoints can only add new nodes of the same operating system.

You cannot mix Windows and Linux nodes.

When you create a large number of Jump shortcuts, it may be easier to import them via a spreadsheet than to add them one by one in the representative console.

Download a template suitable for importing Jump Shortcuts

To do this, use the templates via the Jump Shortcuts Mass Import Wizard and follow these steps:

  1. From the Download a Template Suitable for Importing Jump Shortcuts section, click the dropdown and select the type of Jump Item you wish to add:
    • Remote VNC
    • Remote RDP
    • Shell Jump (SSH or Telnet enabled network devices)
    • Protocol Tunnel Jump
  2. Click Download Template.
    A comma-separated file (*.csv) is downloaded.
  3. Use the text in the CSV template as column headers and add the information for each Jump shortcut you wish to import. Optional fields can be filled in or left blank.

Upload Jump Shortcuts mass import template

Once you have completed filling out the template, click Import Jump Shortcuts to upload the CSV file containing the Jump Item information. The CSV file should use the format described in the tables below.

📘

Note

The maximum file sized allowed to be uploaded at one time is 5 megabytes (MB). Only one type of Jump Item can be included in each CSV file.

Jump Shortcut Help

Remote VNC Jump Shortcut help
ParameterAPI ValueRequiredDefault ValueDescription
Hostnameremote_vnc_hostnameYesThe hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters.
JumpointjumpointYesThe name of the Jumpoint through which the endpoint is accessed.
PortportNo5900A valid port number from 100 to 65535.
NamenameYesEnter a Name for the Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters.
Jump GroupgroupYesThe name of the Jump Group with which this Jump Item should be associated.
TagtagNoYou can organize your Jump Items into categories by adding a tag. This string has a maximum of 64 characters.
CommentscommentsNoYou can add comments to your Jump Items. This string has a maximum of 1024 characters.
Jump Policyjump_policyNoThe name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item.
Session Policysession_policyNoThe name of a Session Policy. You can specify a Session Policy to manage the permissions available on this Jump Item.
Remote RDP Jump Shortcut help
ParameterAPI ValueRequiredDefault ValueDescription
Hostnameremote_rdp_hostnameYesThe hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters.
JumpointjumpointYesThe name of the Jumpoint through which the endpoint is accessed.
Usernamerdp_usernameNoThe username to sign in as.
DomaindomainNoThe name of the domain the endpoint is on.
QualityqualityNobest_performanceThe quality at which to view the remote system. You can use the following settings:

  • Low - (2-bit gray scale for the lowest bandwidth consumption)

  • Best_perf - (default - 8-bit color for fast performance)

  • Perf_and_qual - (16-bit for medium quality image and performance)

  • Best_qual - (32-bit for the highest image resolution)

  • Video_opt - (VP9 codec for more fluid video)
.
This cannot be changed during the remote desktop protocol (RDP) session.


Console Session consoleNo0The console settings are:

  • 1 - Starts a console session.

  • 0 - Starts a new session (default).



Ignore Untrusted Certificateignore_untrustedNo0The certificate settings are:

  • 1- Ignores certificate warnings.

  • 0 - Shows a warning if the server's certificate cannot be verified.



SecureApp Typesecure_app_typeNoNoneThe SecureApp launch method. The settings are:

  • "None"

  • "Remote_app" (to use RDP's built-in RemoteApp functionality)

  • "Remote_desktop_agent" (to use BeyondTrust's Remote Desktop Agent)

  • "Remote_desktop_agent_credentials" (to use BeyondTrust's Remote Desktop Agent with Credential Injection).


ℹ️ Note

If remote_desktop_agent or remote_desktop_agent_credentials are chosen, then the Remote Desktop Agent must be installed on the remote system.



RemoteApp Nameremote_app_nameNoThe name of the RemoteApp program. This string has a maximum of 520 characters.
RemoteApp Parametersremote_app_paramsNoA space-separated list of parameters to pass to the RemoteApp. Parameters with spaces can be quoted using double-quotes. This string has a maximum of 16,000 characters.
Remote Executable Pathremote_exe_pathNoThe path to the remote executable that is run using the Remote Desktop Agent. This can only be used if the SecureApp Type uses the Remote Desktop Agent value.
Target Systemtarget_systemNoThe name of the target system being accessed by the remote application. This value is used to limit the list of injected credentials to only those that are valid on the target system. This value can only be used if the SecureApp Type uses the Remote Desktop Agent with Credential injection value.
Credential Typecredential_typeNoThe type of credentials that is injected into the remote executable. This value depends on the password vault from which credentials are retrieved. This value can only be used if the SecureApp Type uses the Remote Desktop Agent with Credential injection value.
NamenameYesThe name of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters.
Jump GroupgroupYesThe name of the Jump Group with which this Jump Item should be associated.
When the import method is used, a Jump Item cannot be associated with a personal list of Jump Items.
TagtagNoYou can organize your Jump Items into categories by adding a tag. This string has a maximum of 1024 characters.
CommentscommentsNoYou can add comments to your Jump Items. This string has a maximum of 1024 characters.
Jump Policyjump_policyNoThe name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item.
Session Forensicssession_forensicsNo0You can enable or disable session forensics by using these settings:

  • 1 - Enables RDP with Session Forensics functionality.

  • 0 - Uses normal RDP functionality.(default value)



Session Policysession_policyNoThe name of a Session Policy. You can specify a Session Policy to manage the permissions available on this Jump Item.
Shell Jump Shortcut help
ParameterAPI ValueRequiredDefault ValueDescription
Hostnameshelljump_hostnameYesThe hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters.
JumpointjumpointYesThe name of the Jumpoint through which the endpoint is accessed.
UsernamejumpointNoThe username to sign in as.
ProtocolprotocolYesThe values are SSH or Telnet.
PortportNoSSH: 22, Telnet: 23A valid port number from 1 to 65535. The values are:

  • 22 - if the protocol is SSH

  • 23 - if the protocol is Telnet.



Terminal TypeterminalNoxtermThe values are xterm (default) or VT100.
Keep-Alivekeep_aliveNoThe number of seconds between each packet sent to keep an idle session from ending. This is any number from 0 to 300. The value of 0 disables keep-alive (default).
NamenameYesEnter a Name for the Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters.
Jump GroupgroupYesThe name of the Jump Group with which this Jump Item should be associated.

When the import method is used, a Jump Item cannot be associated with a personal list of Jump Items.
TagtagNoYou can organize your Jump Items into categories by adding a tag. This string has a maximum of 1024 characters.
CommentscommentsNoYou can add comments to your Jump Items. This string has a maximum of 1024 characters.
Jump Policyjump_policyNoThe name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item.
Session Policysession_policyNoThe name of a session policy. You can specify a session policy to manage the permissions available on this Jump Item.
Protocol Tunnel Jump Shortcut help
ParameterAPI ValueRequiredDefault
Value
Description
Hostnameprotocol_tunnel_hostnameYesThe hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters.
JumpointjumpoijntYesThe name of the Jumpoint through which the endpoint is accessed.
NamenameYesEnter a Name for the Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters.
Jump GroupgroupYesThe name of the Jump Group with which this Jump Item should be associated.

When the import method is used, a Jump Item cannot be associated with a personal list of Jump Items.
Tunnel Typetunnel_typeNotcpThe type of tunnel which is one of IP, K8S, MSSQL, MySQL, PSQL, or TCP.
Tunnelstcp_tunnelsNoA tunnel definition is a mapping of a TCP port on the local user's system to a TCP port on the remote system specified by the hostname.

It is a list of one or more tunnel definitions and is required when the tunnel type is TCP.

Any connection made to the local port causes a connection to be made to the remote port, allowing data to be tunneled between local and remote systems. Multiple mappings should be separated by a semicolon.

For example, auto->22;3306->3306.

In this example, a randomly chosen local port maps to remote port 22, and local port 3306 maps to remote port 3306.
Filter Rulesfilter_rulesNoA filter rule is required to contain an IP address rule, and may contain an optional port rule and optional Internet Assigned Numbers Authority (IANA) protocol keyword (default is ANY), each separated by a space in the order of: <IP rule, port rule, protocol number>. Multiple rules should be separated by a semicolon.

This setting is required when the tunnel type is IP.

  • An IP rule is either a range in the form of two IPv4 addresses separated by a dash, a list in the form of 1 or more IPv4 addresses separated by a comma, or CIDR notation IP address.


  • A port rule is either a range of port numbers (from 1 to 65535) in the form of two ports separated by a dash or a list in the form of 1 or more ports separated by a comma.


For example:
192.168.12.0/24 9000 TCP;192.168.1.10-192.168.1.20 8000-8005 UDP;192.168.2.10,192.168.2.20 ANY;10.10.10.10 ICMP;127.0.0.1 90,9000 TCP
UsernameusernameNoThe username which is required when the tunnel type is mssql. This string has a maximum of 128 characters.
DatabasedatabaseNoThe database name which is used when the tunnel type is mssql. This string has a maximum of 128 characters.
Local Addresslocal_addressNo127.0.0.1The local address on which the system is listening for connections to the defined tunnels. The value must be within the 127.0.0.0/24 subnet.
TagstagNoYou can organize your Jump Items into categories by adding a tag. This string has a maximum of 64 characters.
CommentscommentsNoYou can add comments to your Jump Items. This string has a maximum of 1024 characters.
Jump Policyjump_policyNoThe name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item.
Session Policy session_policyNoThe name of a session policy. You can specify a session policy to manage the permissions available on this Jump Item.
URLurlNoThe url which is used for Kubernetes tunnel jump items. This string has a maximum of 256 characters.
CA Certificatesca_certificatesNoThe certificate which is used for Kubernetes tunnel jump items. This string has a maximum of 12,288 characters.

Endpoint User Agreement

To accept the Endpoint Agreement, do the following steps:

  1. Click the Enable Endpoint User Consent Configuration for Applicable Jump Items checkbox.
  2. Add a Title and Text, then click Save.
  3. Add a Timeout value. The default value is 60 seconds.
An image of the Endpoint User Agreement configuration screen. The screen includes options to enable Endpoint User Consent Configuration for Applicable Jump Items, input fields for Title and Text, and an Acceptance Timeout setting with a default value of 60 seconds












📘

Note

The Endpoint Agreement only applies to Jump Clients and Remote Jump Shortcuts and Local Jump Shortcuts.

Jump Item settings

Simultaneous Jumps

  1. Simultaneous Jumps provide a way for multiple users to gain access to the same jump item without having to be invited to join an active support session by another user.

By using the For Jump Client, Local Jump, Remote Jump, Remote VNC field, you can create new sessions. The options you can choose are the following:

Value NameDescription
Join Existing SessionProvides a way for multiple users to gain access to the same Jump Item without an invitation to join an active session by another user. The first user to access the Jump Item maintains ownership of the session. Users in a shared Jump session see each other and can chat. Users can join a session that was started from another copy of a Jump Client in a different Jump Group. Session permissions are based on the original Jump Client that started the session.

Once the first user is in a session, subsequent users will be able to enter the session. The first user will receive a notification that another user has joined the session, but the first user will not have an opportunity to deny access before other user joins.

If this setting is not selected, a user cannot join a session that was started from another copy of a Jump Client, unless it is the same Jump Group.
Disallow JumpEnsures only one user can Jump to a Jump Item at a time. Only an invitation by the user who originated the session can allow for a second user to access the session.
  1. From the For Remote RDP field, you can create new sessions which jump to a specific RDP Jump item. The options you can choose are the following:
Value NameDescription
Start a New SessionProvides a way for multiple users to gain access to the same Jump Item without an invitation to join an active session by another user. For RDP, a new independent session will start for each user which jumps to a specific RDP Jump Item, and the RDP configuration on the endpoint will control any further behavior regarding simultaneous RDP connections.
Disallow JumpEnsures only one user at a time can Jump to a Jump Item. Only an invitation by the user who originated the session can allow for a second user to access the session.
  1. From the External Tools section, select the appropriate checkboxes to use external tools (that is, bring your own tools (BYOT)) with a Remote RDP or Shell sessions. If selected, this enables a user to run the local RDP client vs the one embedded in the Access console.
An image of the Jump Item Settings configuration page. The settings include options for Simultaneous Jumps, and specific configurations for Jump Client, Local Jump, Remote Jump, and Remote VNC (set to "Disallow Jump"), as well as Remote RDP (set to "Start New Session"). The page also includes External Tools settings with checkboxes for allowing users to open Remote RDP Jump Shortcuts and Shell Sessions using an external tool.

Shell Jump Filtering

The Shell feature restricts which commands can be executed. It works in conjunction with the values that are configured for an individual on the Command Shell section of the Users & Security > Users page. For groups of users, you can set up session policies on the Users & Security > Session Policies page.

Shell Prompt Matching Validation

A part of the Shell feature is being able to tell when your shell is at a prompt, so regex pattern is used that matches a shell prompt, and a default one that works almost anywhere is given.

Shell Filtering interface with two sections. The first section, labeled "Recognized Shell Prompts," has a text box containing the regular expression .*[>#%\$] and a "Save" button. The second section, labeled "Shell Prompt Matching Validation," has an empty text box and a "Check" button.

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.