Jump Policies: Set Schedules, Notifications, and Approvals for Jump Items
Jump
Jump Policies
Jump Policies
Jump Policies are used to control when certain Jump Items can be accessed by implementing schedules, sending email notifications when a Jump Item is accessed, or requiring approval or user entry of a ticket system ID before a Jump Item may be accessed.
Add New Jump Policy, Edit, Delete
Create a new policy, modify an existing policy, or remove an existing policy.
Add or Edit a Policy
Display Name
Create a unique name to help identify this policy. This name should help users identify this policy when assigning it to Jump Items.
Code Name
Set a code name for integration purposes. If you do not set a code name, PRA creates one automatically.
Description
Add a brief description to summarize the purpose of this policy.
Jump Schedule
Enabled
Set a schedule to define when Jump Items under this policy can be accessed. Set the time zone you want to use for this schedule, and then add one or more schedule entries. For each entry, set the start day and time and the end day and time.
If, for instance, the time is set to start at 8 am and end at 5 pm, a user can start a session using this Jump Item at any time during this window but may continue to work past the set end time. Attempting to re-access this Jump Item after 5 pm, however, results in a notification indicating that the schedule does not permit a session to start. If necessary, the user may choose to override the schedule restriction and start the session anyway.
Force session to end when schedule does not permit access
If stricter access control is required, check Force session to end. This forces the session to disconnect at the scheduled end time. In this case, the user receives recurring notifications beginning 15 minutes prior to being disconnected.
Jump Notification
Notify recipients when a session starts
If this option is checked, a notification email is sent to the designated recipients whenever a session is started with any Jump Item that uses this Jump Policy. When a user attempts to start a session with a Jump Item that uses this policy, a prompt states that a notification email will be sent and asks if the user would like to start the session anyway.
Notify recipients when a session ends
If this option is checked, a notification email is sent to the designated recipients whenever a session ends for any Jump Item that uses this Jump Policy. When a user attempts to start a session with a Jump Item that uses this policy, a prompt states that a notification email will be sent at the end of the session and asks if the user would like to start the session anyway.
Email Address(es)
Enter one or more email addresses to which emails should be sent. Separate addresses with a space.This feature requires a valid SMTP configuration for your B Series Appliance, set up on the /login > Management > Email Configuration page.
Display Name
Enter the name of the email recipient. This name appears on the prompt the user receives prior to a session with a Jump Item that uses this policy.
Locale
If more than one language is enabled on this site, set the language in which to send emails.
Jump Approval
Require a ticket ID before a session starts
If this option is checked, the user must enter a valid ticket ID before an access session can begin. When a user attempts to access an endpoint with this Jump Policy applied, the user must enter a ticket ID from your existing ITSM or ticket ID approval process before access is granted. Configure the ITSM or ticket system integration from the Jump Policies :: Ticket Systemsection.
Require approval before a session starts
If this option is checked, an approval email is sent to the designated recipients whenever a session is attempted with any Jump Item that uses this Jump Policy. When a user attempts to start a session with a Jump Item that uses this policy, a dialog prompts the user to enter a request reason and the time and duration for the request.
Maximum Access Duration
Set the maximum length of time for which a user can request access to a Jump Item that uses this policy. The user can request a shorter length of access but no longer than that set here.
Access Approval Applies To
When approval has been granted to a Jump Item, that Jump Item becomes available either to any user who can see and request access to that Jump Item or only to the user who requested access.
Email Address(es)
Enter one or more email addresses to which emails should be sent. Separate addresses with a space.This feature requires a valid SMTP configuration for your B Series Appliance, set up on the /login > Management > Email Configuration page.
Display Name
Enter the name of the email recipient. This name appears on the prompt the user receives prior to a session with a Jump Item that uses this policy.
Locale
If more than one language is enabled on this site, set the language in which to send emails.
Disable Recordings
Disable Recordings
If this option is checked, sessions started with this Jump Policy will not be recorded, even if recordings are enabled on the Configuration > Options page. This affects screen sharing, user recordings for protocol tunnel Jump, and command shell recordings.
Email Notification Template
Subject
Customize the subject of this email. Click the link below the Body field to view the macros that can used to customize the text in your emails for your purposes.
Body
Customize the body of this email. Click the link below the Body field to view the macros that can used to customize the text in your emails for your purposes.
Email Approval Template
Subject
Customize the subject of this email. Click the link below the Body field to view the macros that can used to customize the text in your emails for your purposes.
Body
Customize the body of this email. Click the link below the Body field to view the macros that can used to customize the text in your emails for your purposes.
Ticket System
Ticket System URL
In Ticket System URL, enter the URL for your external ticket system. The B Series Appliance sends an outbound request to your external ticketing system. The URL must be formatted for either HTTP or HTTPS. If an HTTPS URL is entered, the site certificate must be verified for a valid connection. If a Jump Policy requiring a ticket ID exists, a ticket system URL must be entered or you will receive a warning message.
Upload a certificate for HTTPS connections
Click Choose a certificate to upload the certificate for the HTTPS ticket system connection to the B Series Appliance. If your certificate is uploaded, the B Series Appliance uses it when it contacts the external system. If you do not upload a certificate and the Ignore SSL certificate errors box below this setting is checked, the B Series Appliance optionally falls back to use the built-in certificate store when sending the request.
User Prompt
In User Prompt, enter the dialog text you want access console users to see when they are requested to enter the ticket ID required for access.
Treat the Ticket ID as sensitive information
If this box is checked, the ticket ID is considered sensitive information and asterisks are shown instead of text. You must use an HTTPS Ticket System URL. If an address with HTTP is entered, an error message appears to remind you HTTPS is required.
When this feature is enabled you cannot bypass issues with SSL certificates by checking the Ignore SSL certificate errors box. This means you must have a valid SSL certificate in place. If you try to check the Ignore SSL certificate errors box, a message appears stating that you cannot ignore SSL certificate errors.
When the Ticket ID is sensitive, the following rules apply:
- Both the desktop and the web access consoles show asterisks instead of text.
- The ticket is not logged anywhere by the access console or on the B Series Appliance.
For more information, please see Create Jump Policies to Control Access to Jump Items.
Ignore SSL certificate errors
If checked, the B Series Appliance does not include the certificate validation information when it is contacting the external ticket system. Leave this box unchecked if you are uploading a certificate for secure HTTPS connection.