Jump Items: Mass Import Jump Shortcuts and Manage Jump Item Settings
Jump
Jump Items
Jump Shortcuts Mass Import Wizard
Through a Jumpoint, Jump shortcuts can be created to:
- Start a standard access session.
- Start a Remote Desktop Protocol session with Windows or Linux systems.
- Jump to a web site on a remote browser.
- Shell Jump to an SSH-enabled or Telnet-enabled network device.
- Connect to a VNC server.
- Make a TCP connection through a Protocol Tunnel Jump.
Linux Jumpoints can only be used for RDP, SSH/Telnet, Protocol Tunneling, Web Jump, and VNC sessions, allowing for credential injection from user or Vault, as well as RemoteApp functionality and Shell Jump filtering. Clustered Jumpoints can only add new nodes of the same OS. You cannot mix Windows and Linux nodes.
When creating a large number of Jump shortcuts, it may be easier to import them via a spreadsheet than to add them one by one in the access console.
For more information, please see Use a Jump Shortcut to Jump to a Remote System.
Download Template
From the dropdown in the Jump Shortcuts Mass Import Wizard section of the /login interface, select the type of Jump Item you wish to add, and then click Download Template. Using the text in the CSV template as column headers, add the information for each Jump shortcut you wish to import. If any required fields are missing, import fails. Optional fields can be filled in or left blank.
Import Jump Shortcuts
Once you have completed filling out the template, use Import Jump Shortcuts to upload the CSV file containing the Jump Item information. The maximum file size allowed to be uploaded at one time is 5 MB. Only one type of Jump Item can be included in each CSV file.The CSV file should use the format described in the tables below.
Local Jump Shortcut
| Field | Description |
|---|---|
| Hostname |
The hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters. |
| Name |
The name of the endpoint to be accessed by this Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters. |
| Jump Group |
The code name of the Jump Group with which this Jump Item should be associated. When using the import method, a Jump Item cannot be associated with a personal list of Jump Items. |
| Tag (optional) |
You can organize your Jump Items into categories by adding a tag. This string has a maximum of 1024 characters. |
| Comments (optional) |
You can add comments to your Jump Items. This string has a maximum of 1024 characters. |
| Jump Policy (optional) |
The code name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item. |
| Session Policy (optional) |
The code name of a session policy. You can specify a session policy to manage the permissions available on this Jump Item. |
| Endpoint Agreement Policy (optional) |
The value accept automatically accepts the endpoint agreement if it times out and allows the session the start. The value reject automatically rejects the endpoint agreement and stops the session from starting. The value no_prompt does not show an endpoint agreement even if the feature is configured. This field has no effect if the global endpoint agreement is not enabled. |
For more information about the global setting, please see Jump Items: Mass Import Jump Shortcuts and Manage Jump Item Settings.
Remote Jump Shortcut
| Field | Description |
|---|---|
| Hostname |
The hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters. |
| Jumpoint |
The code name of the Jumpoint through which the endpoint is accessed. |
| Name |
The name of the endpoint to be accessed by this Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters. |
| Jump Group |
The code name of the Jump Group with which this Jump Item should be associated. When using the import method, a Jump Item cannot be associated with a personal list of Jump Items. |
| Tag (optional) |
You can organize your Jump Items into categories by adding a tag. This string has a maximum of 1024 characters. |
| Comments (optional) |
You can add comments to your Jump Items. This string has a maximum of 1024 characters. |
| Jump Policy (optional) |
The code name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item. |
| Session Policy (optional) |
The code name of a session policy. You can specify a session policy to manage the permissions available on this Jump Item. |
| Endpoint Agreement Policy (optional) |
The value accept automatically accepts the endpoint agreement if it times out and allows the session the start. The value reject automatically rejects the endpoint agreement and stops the session from starting. The value no_prompt does not show an endpoint agreement even if the feature is configured. This field has no effect if the global endpoint agreement is not enabled. |
For more information about the global setting, please see Jump Items: Mass Import Jump Shortcuts and Manage Jump Item Settings.
Remote VNC Jump Shortcut
| Field | Description |
|---|---|
| Hostname |
The hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters. |
| Jumpoint |
The code name of the Jumpoint through which the endpoint is accessed. |
| Port (optional) |
A valid port number from 100 to 65535. Defaults to 5900. |
| Name |
The name of the endpoint to be accessed by this Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters. |
| Jump Group |
The code name of the Jump Group with which this Jump Item should be associated. When using the import method, a Jump Item cannot be associated with a personal list of Jump Items. |
| Tag (optional) |
You can organize your Jump Items into categories by adding a tag. This string has a maximum of 1024 characters. |
| Comments (optional) |
You can add comments to your Jump Items. This string has a maximum of 1024 characters. |
| Jump Policy (optional) |
The code name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item. |
| Session Policy (optional) |
The code name of a session policy. You can specify a session policy to manage the permissions available on this Jump Item. |
Remote RDP Jump Shortcut
| Field | Description |
|---|---|
| Hostname |
The hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters. |
| Jumpoint |
The code name of the Jumpoint through which the endpoint is accessed. |
| Username (optional) |
The username to sign in as. |
| Domain (optional) |
The domain the endpoint is on. |
| Quality (optional) |
The quality at which to view the remote system. Can be low (2-bit gray scale for the lowest bandwidth consumption), best_perf (default - 8-bit color for fast performance), perf_and_qual (16-bit for medium quality image and performance), best_qual (32-bit for the highest image resolution), or video_opt (VP9 codec for more fluid video). This cannot be changed during the remote desktop protocol (RDP) session. |
| Console Session |
1: Starts a console session. |
| Ignore Untrusted Certificate (optional) |
1: Ignores certificate warnings. |
| SecureApp Type | The SecureApp launch method. Can be "none", "remote_app" (to use RDP's built-in RemoteApp functionality), "remote_desktop_agent" (to use BeyondTrust's Remote Desktop Agent), or "remote_desktop_agent_credentials" (to use BeyondTrust's Remote Desktop Agent with Credential Injection). If "remote_desktop_agent" or "remote_desktop_agent_credentials" are chosen then the BeyondTrust Remote Desktop Agent must be installed on the remote system.> |
| RemoteApp Name | The RemoteApp program name. This string has a maximum of 520 characters. |
| RemoteApp Parameters | A space-separated list of parameters to pass to the RemoteApp. Parameters with spaces can be quoted using double-quotes. This string has a maximum of 16000 characters. |
| Remote Executable Parameters | A space-separated list of parameters to pass to the remote executable that will be launched using the BeyondTrust Remote Desktop Agent. Parameters with spaces can be quoted using double-quotes. This can only be used if the SecureApp Type uses the BeyondTrust Remote Desktop Agent. |
| Remote Executable Parameters | A space-separated list of parameters to pass to the remote executable that will be launched using the BeyondTrust Remote Desktop Agent. Parameters with spaces can be quoted using double-quotes. This can only be used if the SecureApp Type uses the BeyondTrust Remote Desktop Agent. |
| Target System | The name of the target system being accessed by the remote application. This value is used to limit the list of injected credentials to only those that are valid on the target system. This value can only be used if the SecureApp Type uses the BeyondTrust Remote Desktop Agent with Credential injection. |
| Credential Type | The type of credentials that will be injected into the remote executable. This value will depend on the password vault from which credentials are retrieved. This value can only be used if the SecureApp Type uses the BeyondTrust Remote Desktop Agent with Credential injection. |
| Name |
The name of the endpoint to be accessed by this Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters. |
| Jump Group |
The code name of the Jump Group with which this Jump Item should be associated. When using the import method, a Jump Item cannot be associated with a personal list of Jump Items. |
| Tag (optional) |
You can organize your Jump Items into categories by adding a tag. This string has a maximum of 1024 characters. |
| Comments (optional) |
You can add comments to your Jump Items. This string has a maximum of 1024 characters. |
| Jump Policy (optional) |
The code name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item. |
| Session Policy (optional) |
The code name of a session policy. You can specify a session policy to manage the permissions available on this Jump Item. |
Shell Jump Shortcut
| Field | Description |
|---|---|
| Hostname |
The hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters. |
| Jumpoint |
The code name of the Jumpoint through which the endpoint is accessed. |
| Username (optional) |
The username to sign in as. |
| Protocol |
Can be either ssh or telnet. |
| Port (optional) |
A valid port number from 1 to 65535. Defaults to 22 if the protocol is ssh or 23 if the protocol is telnet. |
| Terminal Type (optional) |
Can be either xterm (default) or VT100. |
| Keep-Alive (optional) |
The number of seconds between each packet sent to keep an idle session from ending. Can be any number from 0 to 300. 0 disables keep-alive (default). |
| Name |
The name of the endpoint to be accessed by this Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters. |
| Jump Group |
The code name of the Jump Group with which this Jump Item should be associated. When using the import method, a Jump Item cannot be associated with a personal list of Jump Items. |
| Tag (optional) |
You can organize your Jump Items into categories by adding a tag. This string has a maximum of 1024 characters. |
| Comments (optional) |
You can add comments to your Jump Items. This string has a maximum of 1024 characters. |
| Jump Policy (optional) |
The code name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item. |
| Session Policy (optional) |
The code name of a session policy. You can specify a session policy to manage the permissions available on this Jump Item. |
Protocol Tunnel Jump Shortcut
| Field | Description |
|---|---|
| Tunnel Type | The type of tunnel: TCP, SQL Server, Kuberbnetes Cluster, or Network (if enabled). |
| Hostname |
The hostname of the endpoint to be accessed by this Jump Item. This string has a maximum of 128 characters. |
| Jumpoint |
The code name of the Jumpoint through which the endpoint is accessed. |
| TCP Tunnels (for TCP Tunnel) |
The list of one or more tunnel definitions. A tunnel definition is a mapping of a TCP port on the local user's system to a TCP port on the remote endpoint. Any connection made to the local port causes a connection to be made to the remote port, allowing data to be tunnelled between local and remote systems. Multiple mappings should be separated by a semicolon. auto->22;3306->3306 In the example above, a randomly assigned local port maps to remote port 22, and local port 3306 maps to remote port 3306. |
| Username and Database (for SQL Server Tunnel) | The username and database. Authentication is supported using Windows authentication and SQL login. |
| URL and CA Certificates (for Kubenetes Cluster Tunnel) |
The base URL for the Kubernetes cluster. The maximum length is 256 characters. For the certificates, a PEM-formatted certificate or chain of certificates used to validate the cluster URL. The maximum length is 12,288 characters. |
| Filter Rules (for Network Tunnel) |
|
| Local Address (optional) |
The address from which the connection should be made. This can be any address within the 127.x.x.x subrange. The default address is 127.0.0.1. |
| Name |
The name of the endpoint to be accessed by this Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters. |
| Jump Group |
The code name of the Jump Group with which this Jump Item should be associated. When using the import method, a Jump Item cannot be associated with a personal list of Jump Items. |
| Tag (optional) |
You can organize your Jump Items into categories by adding a tag. This string has a maximum of 1024 characters. |
| Comments (optional) |
You can add comments to your Jump Items. This string has a maximum of 1024 characters. |
| Jump Policy (optional) |
The code name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item. |
| Session Policy (optional) |
The code name of a session policy. You can specify a session policy to manage the permissions available on this Jump Item. |
Web Jump Shortcut
| Field | Description |
|---|---|
| Name |
The name of the endpoint to be accessed by this Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters. |
| Jumpoint |
The code name of the Jumpoint through which the endpoint is accessed. |
| Jump Group |
The code name of the Jump Group with which this Jump Item should be associated. When using the import method, a Jump Item cannot be associated with a personal list of Jump Items. |
| Tag (optional) |
You can organize your Jump Items into categories by adding a tag. This string has a maximum of 1024 characters. |
| Comments (optional) |
You can add comments to your Jump Items. This string has a maximum of 1024 characters. |
| Jump Policy (optional) |
The code name of a Jump Policy. You can specify a Jump Policy to manage access to this Jump Item. |
| Session Policy (optional) |
The code name of a session policy. You can specify a session policy to manage the permissions available on this Jump Item. |
| URL |
The URL of the web site. The URL must begin with either http or https. |
| Verify Certificate (optional) |
1: The site certificate is validated before the session starts; if issues are found, the session will not start. |
| Username Format | passthru: Pass the username through directly from the credential provider. username_only: If the username is in UPN (Username@Domain) or DLLN (DOMAIN\Username) format then the domain is removed. Only the username is injected. |
| Username Field Hint | A CSS style query selector that identifies the username field to help with the initial credential injection. If this value is provided and a matching element is not found, then the credential injection will fail. |
| Password Field Hint | A CSS style query selector that identifies the password field to help with the initial credential injection. If this value is provided and a matching element is not found, then the credential injection will fail. |
| Submit Button Hint | A CSS style query selector that identifies the submit button to help with the initial credential injection. If this value is provided and a matching element is not found, then the credential injection will fail. |
| Auth Timeout | The length of time the web jump client should wait for authentication to succeed before timing out. Valid values are 1, 2, 3, 5, 10, 15, 30 |
For more information, please see Use a Jump Shortcut to Jump to a Remote System.
Endpoint User Agreement
Enable Endpoint User Consent Configuration for Applicable Jump Items
Enable a dropdown in the access console which allows endpoint user agreement options to be configured for individual Jump Items.
Title
Customize the title of the agreement.The end-user sees this in the title bar of the prompt.You can localize this text for any languages you have enabled. To revert to the default text, delete the text from the field and then save the blank field.
Text
Provide the text for the agreement. You can localize this text for any languages you have enabled. To revert to the default text, delete the text from the field and then save the blank field.
Acceptance Timeout
If the user does not accept the agreement within the set Acceptance Timeout, the agreement is either accepted or rejected as determined by the Jump Item properties.
Automatic Behavior
Choose Auto Accept or Auto Reject. The Auto Accept option automatically accepts the endpoint agreement if it times out and allows the session to start. The Auto Reject option automatically rejects the endpoint agreement and stops the session from starting.
Jump Item Settings
Simultaneous Jumps
For Jump Client, Local Jump, Remote Jump, Remote VNC, and Shell Jump
Set this option to Join Existing Session to provide a way for multiple users to gain access to the same Jump Item without an invitation to join an active session by another user. The first user to access the Jump Item maintains ownership of the session. Users in a shared Jump session see each other and can chat.
If Join Existing Session is selected, there is an option to apply the setting to copies of Jump Clients.
- If checked, a user can join a session that was started from another copy of a Jump Client in a different Group. Session permissions are based on the original Jump Client that started the session.
- If not checked, a user cannot join a session that was started from another copy of a Jump Client, unless it is the same Jump Group.
Set this option to Disallow Jump to ensure only one user can Jump to a Jump Item at a time. Only an invitation by the user who originated the session can allow for a second user to access the session.
This setting applies to the following Jump Item types: Jump Client, Local Jump, Remote Jump, Remote VNC, and Shell Jump.
For Remote RDP
Set this option to Start New Session to provide a way for multiple users to gain access to the same Jump Item without an invitation to join an active session by another user. For Remote RDP, multiple users may gain access to a Jump Item, but each starts an independent session.
Set this option to Disallow Jump to ensure only one user at a time can Jump to a Jump Item. Only an invitation by the user who originated the session can allow for a second user to access the session.
This setting applies to Remote RDP Jump Item types only.
External Tools
Allow Users to Open Remote RDP Jump Shortcuts with an External Tool
When enabled, you can use your own RDP tool for Remote RDP Jump shortcuts.
Allow Users to Open Shell Jump Shortcut with an External Tool
When enabled, you can use your own tool to open Shell Jump shortcuts.
These features must be enabled, per user, in the access console. For more information, please see Change Settings and Preferences in the Access Console.
Shell Jump Filtering
Recognized Shell Prompts
Enter regular expressions, one per line, that will match against the command shell prompts found on your endpoint systems. A regular expression should only attempt to match the final line of a multi-line prompt.
Shell Prompt Matching Validation
Enter an existing endpoint's shell prompt, and the output will indicate whether it matches any regular expression in the list. This functionality will let you test your regular expressions without starting a session.
