Hi guys, on the recommendation of TJ Reape I’m emailing you the following suggestion regarding giving local Bomgar user accounts access to individual Jump Clients.
We are migrating from LogMeIn to your system. Within LogMeIn, we have the ability to pull up a user account, and then select on a client by client basis which machines that user can access. This is accomplished by bringing up the user account, and then within that user account’s configuration there is a list showing all clients currently active within the system, each with a checkbox next to it. If we want the user to be able to access that client, we check the box. If not, we remove the checkmark. Click save and job done.
After speaking with TJ, there appears to be no way to replicate this sort of functionality within Bomgar. Instead of being user based, rights to a machine are handled thru Jump Groups, and its within that Jump Group configuration that we add users. As you might imagine, when this scales up to suit our needs, it sounds like we will ultimately have to have every single Jump Client assigned to a unique Jump Group, and then go into each of those Jump Groups and add all the users that should have access to them. Even in just playing with this idea and only having a dozen or so Jump Groups and clients, this takes a ton of time. And the exposure for error is huge especially considering once fully migrated we'll have well over 500 jump clients deployed with more being added all the time.
The reason behind this kind of functionality for us as follows: we are an OEM that ships computers all over the world. We need to access these machines remotely. We also have distributors who need access to some of these machines but not all, and an end user that again needs access to subset of those machines. In addition, we have support staff that need access to most all machines, including our office machines, but not all. And we have vendors who will often need access to some of our office machines, as well as select end user machines. So we have this web of users with different permissions, all of which need access to various boxes spanning Jump Groups, but not access to all the clients within a given Jump Group. Clear as mud? Being able to assign jump clients to users directly solves this need to involve a Jump Group, and being able to configure this within the user setup lets us immediately see which boxes the user can access, and not. Having to assign users to Jump Groups, which then have Jump Client(s) ultimately means we'll have one jump client within a jump group, then need to edit that jump group to assign X users to it. Rinse and repeat a few hundred times and this task becomes nearly impossible within Bomgar, as I currently understand how it needs to work in your system. Also this means we cannot check an individual user to see what they can access easily, which means when we have to remove rights, we are stuck going thru every single jump group to ensure they aren't listed.
I’m happy to discuss this with you further if you think the idea has merit and need further details or have questions. Thanks for your time.