Jumpoints setup
Jump Item Roles
A Jump Item Role is a predefined set of permissions regarding Jump Item management and usage. Jump Item Roles are applied to users from the Jump > Jump Item Roles page or from the Users & Security > Group Policies page.
If more than one role is assigned to a user, then the most specific role for a user is always used. The order of specificity for Jump Item Roles, from most specific to least specific, is:
- The role assigned to the relationship between a user and a Jump Group on the Jump > Jump Item Roles page
- The role assigned to the relationship between a user and a Jump Group on the Users & Security > Group Policies page
- The Jump Item Roles configured for a user on the Users & Security > Users page or the Users & Security > Group Policies page
To create or edit a Jump Item Role, enter or update the name and description. Then set the permissions a user with this role should have:
- Under Jump Group or Personal Jump Items, determine if users can create and deploy Jump Items, move Jump Items from one Jump Group to another, or delete Jump Items.
- Check the Start Sessions box to enable users to Jump to any Jump Items they have access to.
- To allow users to edit Jump Item details, enable any of the options including:
- Start Sessions
- Edit Tag
- Edit Comments
- Edit Public Portal
- Edit Jump Policy
- Edit Session Policy
- Edit Connectivity and Authentication
- Edit Behavior and Experience.
- Click the blue info icons next to the last three options to see exactly what is affected by these fields.
Jump Policies
To control access to particular Jump Items, create Jump Policies. Jump Policies are used to control when certain Jump Items can be accessed by implementing schedules.
- From the /login administrative interface, go to Jump > Jump Policies.
- Click Add.
Note
A Jump Policy does not take effect until you have applied it to at least one Jump Item.
- Create a unique name to help identify this policy. Use a name that clearly identifies this policy when assigning it to Jump Items.
- Set a code name for integration purposes. If you do not set a code name, one is created automatically.
- Add a brief description to summarize the purpose of this policy.
- If you want to enforce an access schedule, check Enabled. If it is disabled, then any Jump Items that use this policy can be accessed without time restrictions.
- Set a schedule to define when Jump Items under this policy can be accessed. Set the time zone you want to use for this schedule, and then add one or more schedule entries. For each entry, set the start day and time and the end day and time.
- If, for instance, the time is set to start at 8 PM and end at 5 PM, a user can start a session using this Jump Item at any time during this window but may continue to work past the set end time. Attempting to re-access this Jump Item after 5 PM, however, results in a notification that the schedule does not permit a session to start. If necessary, the user may choose to override the schedule restriction and start the session anyway.
- If stricter access control is required, check Force session to end when schedule does not permit access. This forces the session to disconnect at the scheduled end time. In this case, the user receives recurring notifications beginning 15 minutes prior to being disconnected.
- Check to Require a ticket ID before a session starts.
- For additional security, the Jump Policy can require an end-user to confirm their identity using a multi-factor authentication challenge before starting or elevating a session. Check to require this.
- When you are finished configuring this Jump Policy, click Save.
After the Jump Policy has been created, you can apply it to Jump Items either from the representative console or when importing Jump Items from the /login interface.
Jump Groups
A Jump Group is a way to organize Jump Items, granting members varying levels of access to those items. Users are assigned to Jump Groups from this page or from the Users & Security > Group Policies page.
To quickly find an existing group in the list of Jump Groups, enter the name, part of the name, or a term from the comments. The list filters all groups with a name or comment containing the entered search term. The list remains filtered until the search term is removed, even if the user goes to other pages or logs out. To remove the search term, click the X to the right of the search box.
You can create or edit a Jump Group, assigning it a name, code name, and comments. The Group Policies section lists any group policies that assign users to this Jump Group.
In the Allowed Users section, you can add individual users if you prefer. Search for users to add to this Jump Group. You can set each user's Jump Item Role to make their permissions specific to Jump Items in this Jump Group, or you can use the user's default Jump Item Role as set on the Users & Security > Group Policies page or the Users & Security > Users page. A Jump Item Role is a predefined set of permissions regarding Jump Item management and usage.
Existing Jump Group users are shown in a table, along with their assigned role and how the role was granted. You can filter the view by entering a string in the Filter by name text box. You can also edit a user's settings or delete a user from the Jump Group.
To add groups of users to a Jump Group, go to Users & Security > Group Policies and assign that group to one or more Jump Groups.
Note
Edit and delete functionality may be disabled for some users. This occurs either when a user is added via group policy or when a user's system Jump Item Role is set to anything other than No Access.
You can click the group policy link to modify the policy as a whole. Any changes made to the group policy apply to all members of that group policy.
You can click the user link to modify the user's system Jump Item role. Any changes to the user's system Jump Item role apply to all other Jump Groups in which the user is an unassigned member.
You also can add the individual to the group, overriding their settings as defined elsewhere.
Updated 5 days ago