Use Web Jump to Access Web Services
With the proliferation of infrastructure components that have moved to web-based interfaces for configuration, IT administrators are faced with an increasingly complex security management situation. With privileged access to web-based resources, it is a challenge to control, audit, and enforce proper authentication without negatively affecting business productivity. IT administrators need a way to effectively control and audit resources managed via web interfaces, including:
- Externally hosted IaaS (Infrastructure as a Service) servers such as Amazon AWS, Microsoft Azure, IBM Softlayer, and Rackspace.
- Internally hosted servers managed by hypervisor software such as VM Ware vSphere, Citrix XenServer, and Microsoft Hyper-V.
- Modern core network infrastructure that leverage web-based configuration interfaces.
The identity and access management capabilities vary significantly between IaaS, hypervisor providers, and core infrastructure systems, and many do not offer native multifactor authentication support, thereby missing that additional layer of security. These inconsistencies across systems create opportunities for business vulnerabilities, such as misuse of accounts and access, leading to leaks of sensitive data. BeyondTrust Web Jump is the extra layer of security for authenticating to these systems.
Web Jump does not support Flash. Be sure to consult your hypervisor documentation and update it to a version that supports HTML5.
The Web Jump Item is an add-on for Privileged Remote Access that requires additional purchase.
Create a Web Jump Shortcut
Before creating Web Jump shortcuts, ensure that your user account has the ability to access Web Jumps by navigating to Users & Security > User Settings > Jump Technology.
Web Jump Items are available for use only from the desktop access console.
To create a Web Jump shortcut, click the Create button in the Jump interface. From the dropdown, select Web Jump. Web Jump shortcuts appear in the Jump interface along with Jump Clients and other types of Jump Item shortcuts.
Organize and manage existing Jump Items by selecting one or more Jump Items and clicking Properties.
To view the properties of multiple Jump Items, the items selected must be all the same type (e.g., all Jump Clients, all Remote Jumps, etc.).To review properties of other types of Jump Items, please see the appropriate section in this guide.
Enter a Name for the Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters.
From the Jumpoint dropdown, select the network that hosts the computer you wish to access.
Type the URL for the web site you wish to access.
Check Verify Certificate if you want the site certificate to be validated before the connection is made. If this box is checked and issues are found with the certificate, the session does not start.
You should uncheck Verify Certificate only if you are Jumping to a site that you trust but that uses a self-signed certificate.
Move Jump Items from one Jump Group to another using the Jump Group dropdown. The ability to move Jump Items to or from different Jump Groups depends upon your account permissions.
Further organize Jump Items by entering the name of a new or existing Tag. Even though the selected Jump Items are grouped together under the tag, they are still listed under the Jump Group in which each is pinned. To move a Jump Item back into its top-level Jump Group, leave this field blank.
Jump Items include a Comments field for a name or description, which makes sorting, searching, and identifying Jump Items faster and easier.
To set when users are allowed to access this Jump Item, if a notification of access should be sent, and/or if permission or a ticket ID from your external ticketing system is required to use this Jump Item, choose a Jump Policy. These policies are configured by your administrator in the /login interface.
Choose a Session Policy to assign to this Jump Item. The session policy assigned to this Jump Item has the highest priority when setting session permissions. The ability to set a session policy depends on your account permissions.
Use a Web Jump Shortcut
To use a Jump shortcut to start a session, simply select the shortcut from the Jump interface and click the Jump button.
Once a connection is made to the web site, click the screen sharing button. The web site's login interface becomes available. If you click a link to download a file from the web site, a prompt appears in your chat window asking you to accept or decline the download. If you accept, a window opens on your computer allowing you to choose a download location. Uploading files to the web site works similarly, opening a window to allow you to choose which file to upload.
Popups open in the same window, redirecting the current page. Once you have completed the task on the popup, click the back button to return to the previous page.
Use Credential Injection
When integrating BeyondTrust PRA with a password vault system, you can seamlessly access your web site accounts without viewing the login screen or entering any credentials using credential injection.
Web Jump supports multi-step authentication, in which the username and password are not requested on the same browser page. Web Jump also supports scenarios in which a user connects to an unauthenticated portion of a website, but then attempts to enter an area using basic authentication.
For seamless credential injection on a VMware console, some configuration is required.
- Go to the computer hosting the Jumpoint.
- Download and install the client integration plugin from the VMware URL specified above.
- Using admin permissions, open Windows services (services.msc) on the Jumpoint host.
- Right-click on the BeyondTrust Jumpoint and select Properties.
- On the Log On tab under Local System account, check Allow service to interact with desktop.
- Click OK.
- On the user's local system - the one where the access console is installed - start a Web Jump with the VMware URL specified above.
- Select Use Windows Credentials.
- This causes a prompt on the Jumpoint host system to allow services to interact with an external program. Give the service permission.
- A VMware credential injection prompt is displayed. Uncheck the box asking if you want the prompt to be displayed whenever the program is called. Click Accept.
- You can now start Web Jumps to the VMware console using Windows credentials without a prompt.