Jump Policies: Set Schedules, Notifications, and Approvals for Jump Items

Jump

Jump Policies

Jump Policies are used to control when certain Jump Items can be accessed by implementing schedules, sending email notifications when a Jump Item is accessed, or requiring approval or user entry of a ticket system ID before a Jump Item may be accessed.

Add New Jump Policy, Edit, Delete

Create a new policy, modify an existing policy, or remove an existing policy.

Add or Edit a Policy

Display Name

Create a unique name to help identify this policy. This name should help users identify this policy when assigning it to Jump Items.

Code Name

Set a code name for integration purposes. If you do not set a code name, PRA creates one automatically.

Description

Add a brief description to summarize the purpose of this policy.

Jump Schedule

Enabled

Set a schedule to define when Jump Items under this policy can be accessed. Set the time zone you want to use for this schedule, and then add one or more schedule entries. For each entry, set the start day and time and the end day and time.

If, for instance, the time is set to start at 8 am and end at 5 pm, a user can start a session using this Jump Item at any time during this window but may continue to work past the set end time. Attempting to re-access this Jump Item after 5 pm, however, results in a notification indicating that the schedule does not permit a session to start. If necessary, the user may choose to override the schedule restriction and start the session anyway.

Force session to end when schedule does not permit access

If stricter access control is required, check Force session to end. This forces the session to disconnect at the scheduled end time. In this case, the user receives recurring notifications beginning 15 minutes prior to being disconnected.

Jump Notification

Notify recipients when a session starts

If this option is checked, a notification email is sent to the designated recipients whenever a session is started with any Jump Item that uses this Jump Policy. When a user attempts to start a session with a Jump Item that uses this policy, a prompt states that a notification email will be sent and asks if the user would like to start the session anyway.

Notify recipients when a session ends

If this option is checked, a notification email is sent to the designated recipients whenever a session ends for any Jump Item that uses this Jump Policy. When a user attempts to start a session with a Jump Item that uses this policy, a prompt states that a notification email will be sent at the end of the session and asks if the user would like to start the session anyway.

Email Address(es)

Enter one or more email addresses to which emails should be sent. Separate addresses with a space.This feature requires a valid SMTP configuration for your B Series Appliance, set up on the /login > Management > Email Configuration page.

Display Name

Enter the name of the email recipient. This name appears on the prompt the user receives prior to a session with a Jump Item that uses this policy.

Locale

If more than one language is enabled on this site, set the language in which to send emails.

Jump Approval

Require a ticket ID before a session starts

If this option is checked, the user must enter a valid ticket ID before an access session can begin. When a user attempts to access an endpoint with this Jump Policy applied, the user must enter a ticket ID from your existing ITSM or ticket ID approval process before access is granted. Configure the ITSM or ticket system integration from the Jump Policies :: Ticket Systemsection.

Require approval before a session starts

If this option is checked, an approval email is sent to the designated recipients whenever a session is attempted with any Jump Item that uses this Jump Policy. When a user attempts to start a session with a Jump Item that uses this policy, a dialog prompts the user to enter a request reason and the time and duration for the request.

Maximum Access Duration

Set the maximum length of time for which a user can request access to a Jump Item that uses this policy. The user can request a shorter length of access but no longer than that set here.

Access Approval Applies To

When approval has been granted to a Jump Item, that Jump Item becomes available either to any user who can see and request access to that Jump Item or only to the user who requested access.

Email Address(es)

Display Name

Enter the name of the email recipient. This name appears on the prompt the user receives prior to a session with a Jump Item that uses this policy.

Locale

If more than one language is enabled on this site, set the language in which to send emails.

Disable Recordings

If this option is checked, sessions started with this Jump Policy will not be recorded, even if recordings are enabled on the Configuration > Options page. This affects screen sharing, user recordings for protocol tunnel Jump, and command shell recordings.

Email Notification Template

Subject

Customize the subject of this email. Click the link below the Body field to view the macros that can used to customize the text in your emails for your purposes.

Body

Customize the body of this email. Click the link below the Body field to view the macros that can used to customize the text in your emails for your purposes.

Email Approval Template

Subject

Customize the subject of this email. Click the link below the Body field to view the macros that can used to customize the text in your emails for your purposes.

Body

Customize the body of this email. Click the link below the Body field to view the macros that can used to customize the text in your emails for your purposes.

Ticket System

Ticket System URL

In Ticket System URL, enter the URL for your external ticket system. The B Series Appliance sends an outbound request to your external ticketing system. The URL must be formatted for either HTTP or HTTPS. If an HTTPS URL is entered, the site certificate must be verified for a valid connection. If a Jump Policy requiring a ticket ID exists, a ticket system URL must be entered or you will receive a warning message.

Upload a certificate for HTTPS connections

Click Choose a certificate to upload the certificate for the HTTPS ticket system connection to the B Series Appliance. If your certificate is uploaded, the B Series Appliance uses it when it contacts the external system. If you do not upload a certificate and the Ignore SSL certificate errors box below this setting is checked, the B Series Appliance optionally falls back to use the built-in certificate store when sending the request.

User Prompt

In User Prompt, enter the dialog text you want access console users to see when they are requested to enter the ticket ID required for access.

Treat the Ticket ID as sensitive information

If this box is checked, the ticket ID is considered sensitive information and asterisks are shown instead of text. You must use an HTTPS Ticket System URL. If an address with HTTP is entered, an error message appears to remind you HTTPS is required.

When this feature is enabled you cannot bypass issues with SSL certificates by checking the Ignore SSL certificate errors box. This means you must have a valid SSL certificate in place. If you try to check the Ignore SSL certificate errors box, a message appears stating that you cannot ignore SSL certificate errors.

When the Ticket ID is sensitive, the following rules apply:

Both the desktop and the web access consoles show asterisks instead of text.
The ticket is not logged anywhere by the access console or on the B Series Appliance.

For more information, please see Create Jump Policies to Control Access to Jump Items.

Ignore SSL certificate errors

If checked, the B Series Appliance does not include the certificate validation information when it is contacting the external ticket system. Leave this box unchecked if you are uploading a certificate for secure HTTPS connection.