Search External Jump Items Using Privileged Remote Access Consoles

Prerequisites and Limitations

The Password Safe and ECM integration must be fully configured before Managed Systems can be searched and accessed from PRA Consoles. The Password Safe installation must use the same user authentication method as Privileged Remote Access.

Searching and accessing Password Safe Managed Systems requires a deployed Jumpoint in PRA, as all sessions started from External Jump Items are performed using a Jumpoint. A Jumpoint must be positioned on the network to have connectivity to potentially any of the External Jump Items returned by the ECM. In the case where multiple Jumpoints are deployed on endpoints across segmented networks, the Jumpoint used may be selected automatically by matching against an External Jump Item's Network ID.

This feature is available for Managed RDP and shell systems. Web Jump is not available, but is planned for a future release.

Clustered Jumpoints can be used, and external Jump Items do not count toward the endpoint license count.

Enable External Jump Items Search

Search for External Jump Items must be enabled before use.

1. In /login, navigate to Management > Security.
2. Scroll down to Access Console section.
3. Check Allow Search for External Jump Items.
   • This setting does not take effect until the software is restarted.
   • A pop-up window provides the option to restart now by clicking Yes or to restart later by clicking No. If you click No, you can restart PRA later from the Status page in /login.
4. Select the Jumpoint for External Jump Item Sessions from the dropdown list of available Jumpoints, or leave the default selection of Automatically Selected by External Jump Item Network ID to allow PRA to determine which Jumpoint handles the session.
   • This setting is available only when Allow Search for External Jump Items is checked.
   • The External Jump Item Network ID is an attribute you must set on the Jumpoint from Jump > Jumpoint in /login. It is equivalent to the Workgroup attribute on managed systems in Password Safe. Its value is matched against the Network ID property for external Jump Items returned by the ECM to determine the Jumpoint to handle a session.
5. Optionally, enter an External Jump Item Group Name, or leave the default of External Jump Items.
   • This setting is available only when Allow Search for External Jump Items is checked.
   • This name displays as the Jump Group name when viewing Jump Items in the Access Console or the Web Access Console.
   • Click Save if you have modified the default group name.

Search for External Jump Items

Once configured and enabled, external Jumpoints can be searched in the Access Console or the Web Access Console.

1. From the console, view the list of Jump Items.
2. Select the Jump Group for external Jump Items. The name of this group is the name provided when you enabled external Jump Items search.

You can skip this step and run the search from the default My Jump Groups, as the search includes external Jump Items with other results.

3. No entries appear in this group until a search is run. Enter a search term or characters to see available endpoints found in Password Safe.
   • In the Access Console, details displayed about each Jump Item (endpoint) include the Hostname/IP, Jump Method (RDP or shell), and Comments. Click the Jump Item (endpoint) for additional information and the option to Jump.
   • In the Web Access Console, details displayed also include Status and Last Accessed. Click the i icon at the right end of the row for additional information and the option to Jump.

Jump Items may display but not be available, and show the comment Jumpoint for External Jump Items not configured. This occurs when an appropriate Jumpoint for External Jump Item Sessions has not been selected when enabling external Jump Items search.

4. Once a Jump Item (endpoint) has been accessed, it is available in the Recently Used group.