Skip to main content

CornellAD Groups Associated with Bomgar Access

This article applies to: Bomgar


Before a local technical support team can use Bomgar, a local CornellAD OU admin must create and populate four Bomgar-related AD groups in their OU

If that paragraph made no sense to you, start on our About Bomgar article. You may also wish to visit our About Group Management article, which discusses the concept of groups within CornellAD, or our About CornellAD article for information on Cornell's implementation of Active Directory.

Creation of these groups and maintenance of membership is handled by the OU Admin(s) for each unit, not by the central CornellAD Admins.

Three of the four CornellAD groups control the level of access its members have to Bomgar's features. The fourth group allows some managerial functions.

An individual should be made a member of only one of the groups described here. See the exception noted under the Managers group below.

Group names include the prefix for the OU where they reside. For instance, the department of limnology might have the prefix LIM. This is the example we'll use in the descriptions in this article.

<prefix>-bomgar

Example: LIM-bomgar

Members of this group are able to initiate interactive sessions (where the end user is present) by inviting the end user to download and install the Bomgar mini-client. Typically the mini-client is removed when the support session ends, but, with the end user's permission, they can "pin" the client (which is then called the Jump Client) to the user's computer where it will remain, inactive, after the session ends. This allows the TSP to start another session at a future time without the need for the client to walk through the steps of downloading and installing the client. The end user must still be present for these future sessions, and must respond to TSP prompts asking for additional permissions.

The three remaining groups (described below) should all be made members of this group.

<prefix>-bomgar-no-jump

Example: LIM-bomgar-no-jump

TSPs who are members of the no-jump group have only one level of access: they can initiate interactive sessions beginning with the end user downloading and installing the Bomgar mini-client, and where the end user is present to respond to the TSP's requests for permissions to copy files, get system information, elevate privileges, etc. They cannot use the jump client method described above or the unattended method described below.

Make this group a member of the <prefix>-bomgar group described above.

<prefix>-bomgar-jump-unattended

Example: LIM-bomgar-jump-unattended

TSPs who are members of the jump-unattended group have the highest level of access, permitting them to initiate interactive sessions and jump sessions (as described under the first group above). They can also begin a Bomgar support session with no input from the end user, assuming the "jump client" has been installed on the end user's computer.

Make this group a member of the <prefix>-bomgar group described above.

<prefix>-bomgar-managers

Example: LIM-bomgar-managers

Members of this group have access to Bomgar reports for their entire team (other team members can only see reports of their own session activities) and have the ability to terminate sessions that have been left inactive (for example, if all our licenses are in use and one needs to be freed up for a new support session). Since the manager's group is itself a member of the basic <unit>-bomgar group, members of the manager's group have those same rights. If a manager needs the "unattended" rights described above, they should also be made a member of that group.

Make this group a member of the <prefix>-bomgar group described above.

See our CornellAD articles for information on how local OU administrators can create the required groups and add members to those groups.

About this Article

Last updated: 

Thursday, January 23, 2020 - 7:58am

Audience: 

IT Professionals

Was this page helpful?

Your feedback helps improve the site.

Comments?