Allow Users to Pin Jump Clients
Permission to deploy, remove, and modify Jump Items always grants the user permission to download and install Jump Clients prior to support as described in Deploy Jump Clients During a Support Session or Prior to Support. However, this does not necessarily mean that the user has permission to pin Jump Clients during a support session. To pin a Jump Client during a support session, the user must have the permission Jump Clients Pinning/Unpinning. This permission can be defined in any of the three following locations in /login:
If you need to assign the permission to only one or two users, do so from the Users page.
If you need to assign the permission to one or two groups of users, do so from the Group Policies page.
If you need to assign the permission to three or more groups of users, to specific Jump Clients, or to one or more of your public portals, do so from the Session Policies page.
Regardless of where you set this permission, the configuration works the same. Locate the Jump Clients Pinning/Unpinning permission and select Allow.
Selecting Deny prevents pinning/unpinning of Jump Clients. Selecting Not Defined falls back to a lower priority session policy or the global session policy.
If you allow this permission for a specific user on the Users page, then that user can pin/unpin any session they start.
If you allow this permission for a specific Group Policy, then any members of that group can pin/unpin any session they start.
However, if you allow this permission for a specific Session Policy, no change occurs until you assign this policy to one or more users, group policies, Jump Items, or public portals.
Assign a Session Policy to a User or Group
To assign a session policy to a user account, group policy, or public portal, set the Availability of the session policy to allow Users.
Making the pin/unpin permission available to rep invite is meaningless. External representatives cannot have ownership of sessions, and only the owner of a session can pin/unpin Jump Clients.
To assign a session policy to a useror group policy, edit the user or group, scroll down to the Attended and Unattended Session Permissions section, and select the session policy you want from the dropdown.
Assign a Session Policy to a Public Portal
Public portals allow you to assign additional DNS hostnames to your Secure Remote Access Appliance and specify a different look and feel for each one, along with different behavior and permissions. You can define public portals on the /login > Public Portals > Public Sites page.
If you allow pinning/unpinning for a public portal, then all sessions started through that portal allow the representative to pin/unpin, regardless of any permissions assigned to the representative's user account or group policy.
To assign a session policy to a public portal:
Assign a Session Policy to a Jump Item
To assign a session policy to a Jump Item, set the Availability of the session policy to allow Jump Items. While Jump Items include more than just Jump Clients, the pin/unpin permission applies only to Jump Clients.
When a session policy which allows pinning/unpinning is assigned to a Jump Client, then any user who starts a session with that Jump Client can unpin it, even if that user is denied permission to unpin Jump Clients in all other sessions.
To assign a session policy to a Jump Client, the user must have permission to change the session policies associated with Jump Items.
When a user has this permission, they can right-click any Jump Client they are allowed to modify, click Properties, and assign a session policy to the Jump Client using the Customer Present Session Policy and Customer Not Present Session Policy dropdowns.
The way customer presence is determined is set by Use screen state to detect customer presence on the /login > Jump > Jump Clients page under Jump Client Settings. If checked, the customer is determined to be present only if a user is logged in, the screen is not locked, and a screen saver is not running. If unchecked, the customer is considered present if a user is logged in, regardless of screen state.
Troubleshoot Settings with the Session Policy Simulator
If a specific user is unable to pin/unpin Jump Clients during a session, you can use the session policy simulator to troubleshoot the issue.
If the simulator indicates that the user should be able to pin/unpin for a given session, and yet in practice this is not the case, then verify that the user has permission to modify Jump Clients: