Bomgar Privileged Access Smart Cards

Similar documents
Smart Cards for Remote Authentication 3. Prerequisites 3. Install the Smart Card Driver 4

Security Provider Integration SAML Single Sign-On

Privileged Access Management Android Access Console 2.2.2

How to Use Session Policies

Bomgar Connect ios Rep Console 2.2.7

Security Provider Integration Kerberos Server

Security Provider Integration SAML Single Sign-On

Salesforce Integration Use Case

Bomgar Connect Android Rep Console 2.2.9

Remote Support Web Rep Console

Bomgar Connect Android Rep Console 2.2.6

Privileged Access Access Console User Guide 17.1

Bomgar PA Integration with ServiceNow

Supporting Apple ios Devices

Privileged Access Access Console User Guide 18.1

Remote Support Jump Client Guide: Unattended Access to Systems in Any Network 3. Recommended Steps for Implementing Bomgar Jump Technology 4

Android Rep Console

JIRA Integration Guide

Bomgar Appliance Upgrade Guide

Privileged Access Management Administrative Guide 15.1

Security Provider Integration RADIUS Server

Privileged Access Management User Guide 15.1

Bomgar Remote Support Representative Guide 16.1

Bomgar Connect Support Apple ios Devices

Bomgar Remote Support 18.2 Features Compatibility

Two-Factor Authentication Guide Bomgar Remote Support

Privileged Access Management User Guide 15.3

Bomgar SNMP Reference Guide

Privileged Access Administrative Interface 17.1

Privileged Access Access Console User Guide 18.2

Privileged Access Appliance Hardware Installation

Security Provider Integration Kerberos Authentication

Bomgar Remote Support 18.1 Features Compatibility

Bomgar Cloud Support Admin 15.2

Security Provider Integration: SAML Single Sign-On

Security in Bomgar Remote Support

Privileged Access Middleware Engine Installation and Configuration

Microsoft Dynamics CRM Integration with Bomgar Remote Support

Real-Time Dashboard Integration Bomgar Remote Support

Bomgar Remote Support Administrative Guide 16.2

Privileged Access Jump Client Guide

Remote Support Jumpoint Guide: Unattended Access to Computers in a Network 4. Recommended Steps to Implement Bomgar Jump Technology 5

Bomgar Remote Support Representative Guide 17.1

Remote Support Appliance Installation

Supporting Android Devices

Appliance Upgrade Guide

RED IM Integration with Bomgar Privileged Access

Administrative Guide Standard Licensing

Supporting ios Devices

BOMGAR.COM BOMGAR VS. TEAMVIEWER UPDATED: 2/28/2017

The Privileged Access Appliance in the Network

Bomgar Remote Support Representative Guide 18.2

Syslog Message Reference Bomgar Support 16.1

Privileged Remote Access Access Console User Guide 18.3

Privileged Identity App Launcher and Session Recording

Administrative Guide Standard Licensing

Remote Support 19.1 Web Rep Console

Atlas Technology White Paper

Privileged Access Integration Client Guide

Bomgar Remote Support Administrative Guide 17.1

How to Customize Support Portals

Bomgar SIEM Tool Plugin Installation and Administration

Bomgar Vault Server Installation Guide

Integrate HEAT Software with Bomgar Remote Support

The Bomgar Appliance in the Network

Privileged Remote Access Two-Factor Authentication

Microsoft Dynamics CRM Integration with Remote Support

Atlas Technology Deployment Guide

Bomgar Remote Support Integration with BMC Remedy

Bomgar Cloud Support Admin 18.2

Integration Client Guide

Security Provider Integration LDAP Server

Privileged Remote Access 18.3 Access Console User Guide

Security in the Privileged Remote Access Appliance

Privileged Remote Access Jumpoint Guide

API Programmer's Guide Bomgar PA

Supporting Android Devices

Privileged Remote Access Jump Client Guide

How to Customize Support Portals

Bomgar Support 15.1 Evaluation Comparison

Security Provider Integration: Kerberos Server

Bomgar Remote Support 16.1 Available Features

Remote Support 18.2 Representative Guide

BOMGAR.COM BOMGAR VS. WEBEX UPDATED: 2/28/2017

Aventail Connect Client with Smart Tunneling

Failover Configuration Bomgar Privileged Access

Bomgar Remote Support 15.2 Available Features

Pulse Secure Desktop Client

API Programmer's Guide Bomgar PA

Configuring Failover

Secure Access & SWIFT Customer Security Controls Framework

Software Development Kit for ios and Android

Understand & Prepare for EU GDPR Requirements

Remote Support Security Provider Integration: RADIUS Server

Bomgar Discovery Report

Bomgar Remote Support 18.1 Available Features

HEAT Software Integration with Remote Support

BMC Remedy Integration with Remote Support

Virtual Appliance Setup Guide

Preo Printelligence Unattended Installation Guide

Transcription:

Bomgar Privileged Access Smart Cards 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners. TC:9/12/2018

Table of Contents Smart Cards for Remote Authentication in the Access Console 3 Prerequisites 3 Install the Smart Card Drivers 4 Install a Jump Client or Jumpoint for Elevated Privileged Access Session Start 5 Jumpoint Installation 5 Jump Client Installation 5 Use a Virtualized Smart Card 6 Use Case 1: Log Into the Remote Endpoint Using Smart Card Credentials 7 Use Case 2: Run As the Smart Card User 8 CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 2

Smart Cards for Remote Authentication in the Access Console During an access session, a user may need to operate with administrative rights in order to access the remote computer. In environments where security implementations require smart card use for authentication, Bomgar enables the user to pass administrative credentials to the remote computer from a smart card resident on the user's local system. Prerequisites To use Bomgar smart card support through a Jump Client, the following prerequisites must be met: Your Bomgar Appliance must be running software version 15.1 or higher. The user's computer must have a Bomgar virtual smart card driver installed. Each endpoint computer must have a Bomgar virtual smart card driver installed. Each endpoint computer must be running Windows Vista or above. Each endpoint computer must be accessible by a Bomgar Jump Client running in elevated mode. Bomgar smart card support can be used with Jump Items when the following prerequisites are met: Your Bomgar Appliance must be running software version 15.1 or higher. The user's computer must have a Bomgar virtual smart card driver installed. Each endpoint computer must be running Windows Vista or above. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 3

Install the Smart Card Drivers 1. Go to /login > My Account :: Bomgar Virtual Smart Card. 2. Download the user installation package and the endpoint installation package for the appropriate versions of Windows. 3. Install the user virtual smart card driver. Distribute the user driver installer to all users within your company who require remote smart card functionality. The driver can be installed manually or via a software deployment tool. Once the driver is installed, it creates a service: Bomgar VSC User Service. 4. Install the endpoint virtual smart card driver. (If a Jump Item is used to access the remote system, the endpoint virtual smart card driver does NOT have to be pre-installed.) Distribute the endpoint driver installer to all remote computers to which you will need to pass smart card credentials. The driver can be installed manually or via a software deployment tool. Once the driver is installed, it creates a service: Bomgar VSC Endpoint Service. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 4

Install a Jump Client or Jumpoint for Elevated Privileged Access Session Start When attempting to operate with the credentials on a smart card, the user is prompted to enter a PIN. This UAC prompt is inaccessible to the user if the endpoint client is not already running in elevated mode. It is therefore necessary to access the remote endpoint in one of two ways: A Jump Client running as a system service A Jumpoint or local network Jump, using administrative credentials Accessing the remote endpoint in elevated mode allows the user to interact with UAC prompts in order to enter the smart card PIN. Jumpoint Installation To install a Jumpoint, see Jumpoint: Set Up Unattended Access to a Network at www.bomgar.com/docs/privileged-access/gettingstarted/admin/jumpoint.htm. No special setup is required. Jump Client Installation To install a Jump Client in preparation for using smart card support, you must set certain options as described below. 1. From the /login interface of your Bomgar Appliance, go to Jump > Jump Clients. 2. Configure the Jump Client settings as needed. For details, see Jump Clients: Manage Settings and Install Jump Clients for Unattended Access at www.bomgar.com/docs/privilegedaccess/getting-started/admin/jump-clients.htm. The connection type can be either active or passive. Be sure to check Attempt an Elevated Install if the Client Supports It as well as Prompt for Elevation Credentials if Needed. 3. Click Create. 4. From this page, you may email the Jump Client installer to one or more remote users. 5. Alternatively, select a platform and download the Jump Client installer to your local system. You may then distribute this installer to multiple systems for manual installation, or you may distribute it via a software deployment tool. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 5

Use a Virtualized Smart Card To use smart card credentials on a remote system, you must Jump to that system using a Jump Client, and the Jump Client must be running in service mode. The appropriate virtual smart card drivers must be installed on both your local system and the remote system, with their services running. Alternatively, a system can be accessed using a Jump Item. Using a Jump Item does not require the virtual smart card driver to be pre-installed on the remote system. In this scenario, Bomgar installs the driver as part of the Jump to the endpoint being accessed. Note: The endpoint smart card driver is installed during a Jump Item push ONLY when the user performing the Jump has the user smart card driver installed on their local system. Begin a screen sharing session, and then click the Smart Card button to access a dropdown of available smart card readers on your system. 1 Select the reader you would like to share with the remote computer. Once the reader has been virtualized on the remote system, a message indicating that you have shared this reader is logged in the chat window. The smart card in the selected reader is now available to use on the remote computer, just as if it were physically present on the system being supported. The smart card dropdown menu displays the name(s) of the available smart card readers and smart cards, along with an icon indicating the availability of each card reader or presence of each card: Black icon - Card not present Blue icon - Card present Gray icon - Reader and card not available Once you have shared a reader, it remains selected and available for use throughout the session, as long as you do not log out the current user. If you do log out the current user on the remote computer, the shared reader is deselected and must be re-selected if you need it later in the session. When screen sharing, use a virtual smart card to perform administrative actions. You can run programs in another user context, or even log in as a different user. Also, if the virtual smart card feature is available in a session which is not elevated and a smart card reader has been shared into the session, then certificates stored on the inserted smart card can be selected and used for elevation. Note: Elevation performed using this feature takes slightly longer due to the extra transactions required to the virtual smart card reader. Note: A smart card reader can be attached to only one active session at a time. From the Smart Card dropdown, you can deselect a virtualized reader to free it for use in another session. 1 If the smart card button does not appear in the screen sharing tool bar, make sure the user smart card service is running on your local computer. If the smart card button is present but disabled, make sure the endpoint smart card service is running on the remote computer. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 6

Use Case 1: Log Into the Remote Endpoint Using Smart Card Credentials After Jumping to a remote endpoint, you may find that the computer is locked. Alternatively, you may need to perform administrative functions not permitted in the current user context. Go to the remote login screen, logging out the current user if necessary. Click the Smart Card button and select a smart card reader to virtualize on the remote system. The smart card now appears as a user login option. Click the smart card user, enter the PIN, and log in. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 7

Use Case 2: Run As the Smart Card User While accessing or troubleshooting a remote system, you may need to run a specific application with privileges not available in the current user context. Within a screen sharing session, click the Smart Card button and select a smart card reader to virtualize on the remote system. Right-click the desired application and choose Run As. From the UAC prompt that appears, select the smart card and enter the PIN to run the application in the smart card user context. Note: Smart card credentials cannot be used to run elevated tasks from the Special Actions menu. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback