Bomgar Access Levels for Support Providers
This article applies to: Bomgar
IT staff using Bomgar will be granted access privileges appropriate for their role. There are three levels of access.
The end user must be present for the session. To begin a session, the TSP sends an invitation (via email link or by sending the user to a URL and giving them a Session Key). A "mini-client" is downloaded and run by the end user. As the session progresses, each time the TSP requires a different type of access (screen sharing, file transfer, system information, elevation of privileges, etc.) the end user will need to click on a prompt saying that they agree to this access. This is a customer-driven approach that involves the end user in the process of allowing a TSP control of the computer for troubleshooting. Support providers in CIT who are supporting end users outside of CIT will only use this type of access. When the session ends, the mini-client is automatically uninstalled.
Basic with "Jump" Ability
This level of access allows a TSP to work on a workstation in attended (interactive) mode as described above. It also permits the TSP to request permission to "pin" the mini-client to the user's computer. A pinned mini-client is called a Jump client. A TSP with these rights can start a new Bomgar support session with a pinned client without the client needing to download and run the mini-client again. In all other ways, the support session is exactly like the Basic session described above. The Jump client stays pinned until the TSP "unpins" it. After unpinning, the mini-client will be automatically uninstalled when the support session ends.
This level of access allows the TSP to begin a Bomgar support session without any involvement by the end user. This is the highest level of access and should only be granted to local TSPs who are known and trusted by end users. An unattended session requires that the jump client (described above) be present on the end user's computer. This can be done during a normal Bomgar session, through a group policy, or other mass methods determined by local IT leadership.
This type of access has the potential to be controversial in some parts of the university and should be carefully governed, as it provides the ability to TSPs to carry out access without user agreement. In the interests of reassuring end users, note that the TSP's actions are still visible on the end user’s computer, that is the dialog box and prompts still appear on the end user computer, but all prompts will be automatically affirmed. For fully unattended mode, the Bomgar "jump client" is left installed on the end user's computer, so that the TSP can start unattended support sessions as the need arises.
Once it has been determined which of these three levels of access are appropriate for a given TSP, local unit OU admins use the CornellAD tools to assign the TSPs to the appropriate group or groups.
See CornellAD Groups Associated with Bomgar for more information on the groups.