Georgia State Bomgar Guidelines
- GSU / USG Policies and Bomgar
- Bomgar Access Types
- Determining Appropriate Access Levels
- Opting Out of Unattended Access
- Bomgar Groups in AD
- Initiating and Ending Bomgar Sessions with End-Users
GSU has IT policies in place to protect both the end-user and IT support providers against breaches of privacy and to define the appropriate use of technology. These policies apply to all IT services and activities, including remote support using Bomgar. Relevant policies include:
- GSU Policy 7.20.05: Information System Ethics
- GSU Policy 7.20.16: University Information Systems Use
- USG Policy 6.1: USG Privacy Standard
IT support providers will be granted access privileges appropriate for their role and their college/school’s environment. There are three levels of access, presented here from least-privileged to most-privileged. There is also a special fourth level, reserved for reporting and oversight.
Level 1: Basic Access
The end user must be present for the remote support session, which requires the end-user to download and install the Bomgar mini-client to begin. During the session, the end user will be prompted to grant all elevated access privileges (i.e. screen sharing, file transfer, system information, etc.) to the IT support provider on a case-by-case basis. At the end of a session, the Bomgar mini-client will automatically uninstall itself from the end-user’s system.
- This level of access is recommended for IT support staff that will be primarily assisting end-users on non-GSU devices.
Level 2: Jump-Enabled Access
This is identical to “Basic” access: The end user must be present to initiate and personally grant elevated access privileges to IT support providers. The key difference is that, during a support session, the support provider can “pin” the Bomgar mini-client. This will prevent the mini-client from being deleted from the end-user’s system at the end of the remote support session, so end-user will not be required to download and install it to receive support in the future.
- This level of access is recommended for IT support staff primarily assisting GSU end-users on GSU-owned devices.
- This does not grant the IT support provider the ability to access the end-user’s device in “unattended” mode, without the end-user present.
Level 3: Unattended Access
This level of access is reserved for the most trusted IT support providers to support end-users who may need to have their computers worked on when they are not available. This level of access has the same capabilities of Level 1 and Level 2, with the important distinction that it can initiate remote support sessions without any involvement from the end-user.
Level M: Managers
While this level does not have any specific access rights of its own, it is able to perform detailed reporting within Bomgar.
Bomgar is a powerful support tool. As such, unit IT leadership is required to get written approval from their unit leadership as to what levels of access are appropriate for their IT support staff. Unit Leadership should familiarize themselves with GSU policies as described above and bear in mind that unattended access may be more appropriate in some areas than others. It is crucial that end-users be informed of the use of remote assistance technology, though the method and frequency of said communications are left to unit IT leadership.
Once it has been determined which of these three levels of access are appropriate for a given individual, IIT will assign that person to the corresponding Bomgar group or groups.
Customers with sensitive information on their workstations should be allowed to “opt out” of Unattended Access to their systems by providing their names/information to IT Leadership for their area. This will prevent the Bomgar mini-client necessary for Unattended Access from being installed on their workstation by default.
Before an IT support team can use Bomgar, IIT must create and populate four Bomgar-related AD groups in their OU. Creation of these groups and maintenance of membership is handled by the OU admins, not IIT.
These AD groups are:
|Level 1: Basic||-bomgar-no-jump|
|Level 2: Jump-Enabled||-bomgar|
|Level 3: Unattended||-bomgar-jump-unattended|
|Level M: Managers||-bomgar-managers|
It is important for IT support staff to realize that remote assistance and screen sharing is a new and possibly unsettling thing for many end-users. Because of this, it is the IT support person’s job to help the end-user understand the technology and prevent any surprises and misunderstandings.
Before Initiating a Session:
IT support staff should ask questions like:
- “Have you ever used Bomgar or another remote access tool before?”
- “Would you like me to explain a little about what we’ll be doing?”
Then the IT support person should explain the relevant points in as much detail as is helpful for this particular end-user. Examples include:
- “During a Bomgar session, I will be able to see everything that you see on your monitors.”
- “Before you accept the Bomgar invitation to share, we strongly recommend that you close any documents or applications that contain or display confidential information.”
- “We also recommend that you close all documents and applications that display personal information or anything not related to the issue at hand.”
- “You will see exactly what I am doing at all times, and any time I need to do a new kind of thing, you will be prompted to allow me that level of access.”
- “If you have any questions about what I am doing, stop and ask questions.”
Ending a Session:
While either a customer or IT Support person can end a Bomgar session, we recommend that you let the end-user end the session whenever possible. You can initiate the end of a session by saying something like this:
- “Would you like to end this session and remove this software from your computer?”
Ending a session in this way reinforces with the end-user that they have control AND that there isn’t something sneaky left behind on their computer.