Use Cases for Jump Client Implementation

To offer you the most flexibility and control over your Jump Items, BeyondTrust includes several areas where permissions must be configured. To help you understand how you might want to set up your system, there are two use cases below.

Basic Use Case

You are a small organization without a lot of Jump Items or users to manage. You want your administrators to manage all of the Jump Item setup steps and your users to be able to Jump to only those items.

Jump Item Roles

  1. Create two Jump Item Roles, Administrator and Start Sessions Only. Ensure the following:
    • The Administrator role has all permissions enabled.
    • The Start Sessions Only role has only Start Sessions enabled.

 

Shared Jump Group

  1. Create a Shared Jump Group to contain all shared Jump Items. Personal Jump Items can also be created.

 

Group Policies

  1. Put users into two group policies, Admins and Users.

 

  1. In the Admins group, configure settings and permissions as appropriate. Include the following permissions:
    • Define Representative Permissions and enable Allowed to provide remote support.
    • Under Jump Technology, check all Allowed Jump Methods that your organization will use.
    • Under Jump Item Roles, set the Default and Personal roles to Administrator.
    • Set the Teams and System roles to Start Sessions Only.
    • Under Memberships, define Add Jump Group Memberships.
    • In the Jump Group field, search for and select Shared.
    • Set the Jump Item Role to Administrator.
    • Click Add to assign the members of this group policy to the Jump Group.
    • Save the group policy.

 

  1. In the Users group, configure settings and permissions as appropriate. Include the following permissions:
    • Define Representative Permissions and check Allowed to provide remote support.
    • Under Jump Technology, check all Allowed Jump Methods that your organization will use.
    • Under Jump Item Roles, set the Default to Start Sessions Only.
    • Set the Personal Jump Item Role to Administrator.
    • Set the Team and System roles to No Access.
    • Under Memberships, define Add Jump Group Memberships.
    • In the Jump Group field, search for and select Shared.
    • Set the Jump Item Role to Start Sessions Only.
    • Click Add to assign the members of this group policy to the Jump Group.
    • Save the group policy.

 

Jump Client Mass Deployment Wizard - Shared Jump Group

  1. Deploy Jump Items, assigning them to the Shared Jump Group.

 

  1. Now administrators can deploy and start sessions with Jump Items in the Shared Jump Group. They can also manage their personal lists of Jump Items and start sessions with all other Jump Items.

    Likewise, users can now start sessions with Jump Items in the Shared Jump Group. They can also manage their personal lists of Jump Items.

Advanced Use Case

You are a large organization with a lot of Jump Items to manage and with users to manage in three different departments. You want your administrators to manage all of the Jump Item setup steps and your users to only be able to Jump to those items. In addition to your local users, you have some third-party vendors who need occasional access. Some Jump Items must be accessible at all times, while others must be accessible only on weekdays.

Jump Item Roles - Use Cases

  1. Create two Jump Item Roles, Administrator and Start Sessions Only. Ensure the following:
    • The Administrator role has all permissions enabled.
    • The Start Sessions Only role has only Start Sessions enabled.

 

Jump Policies

  1. Create a Jump Policy, Weekdays.

 

Add Weekdays Schedule to Jump Policy

  1. In the Jump Policy, enable the Jump Schedule.
    • Click Add Schedule Entry.
    • Set the Start day and time to Monday 8:00 and the End day and time to Monday 17:00.
    • Click Add Schedule Entry and repeat the process for the remaining weekdays.
    • Save the Jump Policy.

     

 

Jump Groups Cases

  1. Create three Jump Groups: Web Servers, Directory Servers, and User Systems. Personal Jump Items can also be created.

 

Group Policies Use Case

  1. Put users into two group policies, Admins and Users.

 

  1. In the Admins group, configure settings and permissions as appropriate. Include the following permissions:
    • Define Representative Permissions and enable Allowed to provide remote support.
    • Under Jump Technology, check all Allowed Jump Methods that your organization will use.
    • Under Jump Item Roles, set the Default and Personal roles to Administrator.
    • Set the Team and System roles to Start Sessions Only.
    • Under Memberships, define Add Jump Group Memberships.
    • In the Jump Group field, search for and select Web Servers.
      • Set the Jump Item Role to Administrator.
      • Click Add to assign the members of this group policy to the Jump Group.
    • In the Jump Group field, search for and select Directory Servers.
      • Set the Jump Item Role to Administrator.
      • Click Add to assign the members of this group policy to the Jump Group.
    • In the Jump Group field, search for and select User Systems.
      • Set the Jump Item Role to Administrator.
      • Click Add to assign the members of this group policy to the Jump Group.
    • Save the group policy.

 

  1. In the Users group, configure settings and permissions as appropriate. Include the following permissions:
    • Define Representative Permissions and check Allowed to provide remote support.
    • Under Jump Technology, check all Allowed Jump Methods that your organization will use.
    • Under Jump Item Roles, set the Default to Start Sessions Only.
    • Set the Personal Jump Item Role to Administrator.
    • Set the Team and System roles to No Access.
    • Under Memberships, define Add Jump Group Memberships.
    • In the Jump Group field, search for and select Web Servers.
      • Set the Jump Item Role to Start Session Only.
      • Click Add to assign the members of this group policy to the Jump Group.
    • In the Jump Group field, search for and select Directory Servers.
      • Set the Jump Item Role to Start Session Only.
      • Click Add to assign the members of this group policy to the Jump Group.
    • In the Jump Group field, search for and select User Systems.
      • Set the Jump Item Role to Start Session Only.
      • Click Add to assign the members of this group policy to the Jump Group.
    • Set the Jump Item Role to Start Sessions Only.
    • Click Add to assign the members of this group policy to the Jump Group.
    • Save the group policy.

 

Jump Clients Mass Deployment Wizard - Web Servers Jump Group

  1. Deploy Jump Items, assigning them to the three Jump Groups as appropriate. If any particular Jump Item requires a Jump Policy schedule to be enforced, assign that as well.

 

  1. Now administrators can deploy and start sessions with Jump Items in all three Jump Groups. They can also manage their personal lists of Jump Items and start sessions with all other Jump Items.

    Likewise, local users can now start sessions with Jump Items in all three Jump Groups. They can also manage their personal lists of Jump Items.

    Finally, third-party users can start sessions with Jump Items in the Web Servers Jump Group. They cannot deploy personal Jump Items.

    Specified Jump Items can be accessed only on weekdays.