DocumentationAPI ReferenceRelease Notes
Log In
Documentation

Jumpoint

Suggest Edits

What is a Jumpoint?

A Jumpoint is a secure connection point used in Privileged Remote Access to facilitate access to remote systems without requiring direct public internet exposure, enabling secure, controlled remote sessions.

How is a Jumpoint useful to my organization?

A Jumpoint allows administrators to securely manage remote connections through internal networks or firewalls, ensuring protected access to remote systems while maintaining network security.

How do I access the Jumpoint page?

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Privileged Remote Access > Jump.
    The Jump page opens and the Jump Clients tab displays by default.
  3. Click the Jumpoint.
    The Jumpoint page displays.

Jumpoint management

BeyondTrust's Jump Technology enables a user to access computers on a remote network without having to pre-install software on every machine. Simply install a single Jumpoint agent at any network location to gain unattended access to every computer within that network.

Add new Jumpoint, edit, delete

Create a new Jumpoint, modify an existing Jumpoint, or remove an existing Jumpoint.

Redeploy

Uninstall an existing Jumpoint and download an installer to replace the existing Jumpoint with a new one. Jump shortcuts associated with the existing Jumpoint will use the new Jumpoint once it is installed.

ℹ️

Note

When an existing Jumpoint is replaced, its configuration is not saved. The new Jumpoint must be reconfigured.

Enable network browsing

At the bottom of the Jumpoint page is the option to Enable network browsing. If checked, a permitted user can view and select systems from the network directory tree. If unchecked, a user can access a system through a Jumpoint only by entering the system's hostname or IP address. Either way, the user must provide valid credentials to the remote system before gaining access.

Add or edit Jumpoints

Name

Create a unique name to help identify this Jumpoint. This name should help users locate this Jumpoint when they need to start a session with a computer on its same network.

Code name

Set a code name for integration purposes. If you do not set a code name, one is created automatically.

External Jump Item network ID

On the Security page Access Console settings, when Jumpoint for External Jump Item Sessions is set to Automatically Selected by External Jump Item Network ID, this value is matched against the Network ID property for external Jump Items returned by the Endpoint Credential Manager to determine which Jumpoint handles a session.

📘

Note

Network ID is equivalent to the Workgroup attribute on managed systems in Password Safe.

Jumpoint platform

Select whether this Jumpoint will be installed on a Windows or Linux platform. Once the Jumpoint has been created, this option cannot be changed.

Disabled

If checked, this Jumpoint is unavailable to make Jump connections.

Clustered

If checked, you will be able to add multiple, redundant nodes of the same Jumpoint on different host systems. This ensures that as long as at least one node remains online, the Jumpoint will be available.

Enable Shell Jump method

If you want users to be able to connect to SSH-enabled and Telnet-enabled network devices through this Jumpoint, check Enable Shell Jump Method.

Enable Protocol Tunnel Jump method

If the Enable Protocol Tunnel Jump Method option is checked, users may make connections from their systems to remote endpoints through these types of Jumpoint.

If Network Tunnel Jump is enabled on your system, then when Enable Protocol Tunnel Jump Method is checked, there is an option to enter Managed IP Addresses for Protocol Tunnel Jump. You can enter multiple IP address ranges. This allows using the Network Tunnel feature on networks without DHCP.

📘

For more information, see Protocol Tunnel Jump Shortcuts and Network Tunnel Jump Shortcuts .

RDP service account

Under RDP Service Account, select the vault account to be used by the Jumpoint to run a user-initiated client on the RDP server. This allows you to collect additional event information from an RDP session started with this Jumpoint. This account in used only if the Remote RDP Jump Item is configured to enable the Session Forensics functionality. This option is not available for Linux Jumpoints.

📘

Note

The RDP Service Account setting must not use a local admin account, and must use a domain admin account with privileges on the endpoint including access to remotely connect to the endpoint's C$ share, remotely create and start services on the endpoint machine, and access remote file systems.

📘

For more information, see Remote Desktop Protocol shortcuts .

Enable Jump Zone Proxy

If you check Enable Jump Zone Proxy, you can set up this Jumpoint to function as a proxy server, allowing it to proxy connections for Jump Items on the network that do not have a native internet connection, such as POS systems. Using a Jumpoint as a proxy routes traffic only to the B Series Appliance.

You can enable Jump Zone Proxy on either a standalone Jumpoint or a Jumpoint cluster. If you set up a Jumpoint cluster as a Jump Zone Proxy, then if an endpoint is connected to one Jump Zone Proxy and that system goes down, the endpoint can connect to another Jump Zone Proxy in the cluster. Jump Zone Proxies are not supported for Atlas deployments.

Proxy host

Optionally, under Proxy Host, you can enter the hostname of the machine on which this Jumpoint will be installed. Do not start the hostname with http://_or _https://. IP addresses are not recommended as they might change. The Jumpoint will automatically detect the hostname if one is not provided. If this is a clustered Jumpoint, this field does not appear, and the Jumpoint will automatically detect the hostname on install. If the hostname changes, you may have to redeploy any Jump Items that use this Jumpoint as a proxy.

ℹ️

Note

The proxy host and port should be set carefully since any Jump Item deployed using this Jumpoint as a proxy server uses the settings available to it at the time of deployment and are not updated should the host or port change. If the host or port is changed, the Jump Item must be redeployed.

In order for a Jumpoint to function as a Jump Zone Proxy, its host system cannot reside behind a proxy. The Jumpoint must be able to access the internet without having to supply proxy information for its own connection.

Proxy port

Under Proxy Port, enter the port through which Jump Items will connect to this Jumpoint. If the port changes, you may have to redeploy any Jump Items that use this Jumpoint as a proxy.

ℹ️

Note

It is a best practice to make an exception in the Windows firewall for the port on which the proxy server listens for the process to accept connections.

Allow HTTP GET

Check Allow HTTP GET to enable HTTP connections to proxy to the B Series Appliance. This is needed only if you want to use a browser to access /login or /console from behind the proxy.

Network restrictions

Under Restriction Type, select No access restrictions to allow Jump Item connections from any IP address. You can limit allowed connections by selecting Deny access only for the following IP addresses or Allow access only from the following IP addresses, then entering network address prefixes, one per line. Netmasks are optional, and they can be given in either dotted-decimal or integer bitmask format. Entries that omit a netmask are assumed to be single IP addresses.

Group policies

This displays a listing of the group policies which allow users access to this Jumpoint.

Allowed users

New member name

Search for users to add to this Jumpoint.  Users must be added to the Jumpoint in order to create Jump Items using that Jumpoint or to initiate ad hoc sessions through that Jumpoint. Users are not required to be added to the Jumpoint to start a session with a pre-existing Jump Item using that Jumpoint, so long as they have access granted through Jump Group membership.

In the table below, view existing Jumpoint users. You can filter the view by entering a string in the Filter by Name text box. You can also delete the user from the Jumpoint.

To add a group of users to a Jumpoint, go to Users & Security > Group Policies and assign that group to one or more Jumpoints.

ℹ️

Note

You may see some users whose Delete options are disabled. This occurs when a user is added via group policy.

You can click the group policy link to modify the policy as a whole. Any changes made to the group policy apply to all members of that policy.

You also can add the individual to the Jumpoint, overriding their settings as defined elsewhere.

Updated 2 months ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.