Bomgar

From Swivel Knowledgebase
Revision as of 17:03, 20 August 2015 by Rallen (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Introduction

This document describes the steps to configure Bomgar with Swivel as the authentication server. Swivel can provide Two Factor authentication with SMS, Token, Mobile Phone Client, It is not currently possible to embed the TURing or Pinpad within the login page/client but these can be provided instead by Taskbar or User Portal for strong Single Channel Authentication.


Prerequisites

Bomgar Account

Bomgar Documentation

Swivel 3.x, 3.5 or higher for RADIUS groups

To use the Single Channel Image such as the TURing Image, the Swivel server must be made accessible and the security string provided through the Taskbar, User Portal or other web page, usually through a NAT.


Baseline

Bomgar Product Version 14.2.2, Product Build 51805, API Version 1.12.0

Swivel 3.10.1


Architecture

The Bomgar software makes authentication requests against the Swivel server by RADIUS.


Swivel Configuration

Configuring the RADIUS server

On the Swivel Administration console configure the RADIUS Server and NAS, see RADIUS Configuration


Configuring Two Stage Authentication

The Bomgar client software supports Two Stage Authentication. It is suggested to initially configure just with an OTC and if Two stage authentication is required, configure this once everything has been tested and proven to be working.

See Challenge and Response How to Guide


Enabling Session creation with username

To allow the TURing image, Pinpad and other single channel images, under Server/Single Channel set Allow session request by username to Yes.


Setting up Swivel Dual Channel Transports

Used for SMS, see Transport Configuration


Bomgar Configuration

The following document provided by Bomgar outlines the integration setting on Bomgar: Bomgar RADIUS Integration.


Test the RADIUS authentication

The Bomgar configuration has a test tool, and at this stage it should be possible to authenticate by SMS, hardware Token, Mobile Phone Client and Taskbar to verify that the RADIUS authentication is working for users. Either using the test tool or through the the web login page, and enter Username and if being used, the password. From the Swivel Administration console select User Administration and the required user then View Strings, and select an appropriate authentication string or OTC for the user. At the OTP prompt enter the required OTC. Check the Swivel logs for a RADIUS success or rejected message. If no RADIUS message is seen, check that the Swivel RADIUS server is started and that the correct ports are being used, and is contactable.

If this works then the client software login can be tested.

Bomgar Client login

Bomgar Representative Client login.png


Bomgar client login uisng Two Stage Authentication

Bomgar Representative Client login Two Stage.png


Optional

Testing

Additional Configuration Options

Troubleshooting

Known Issues and Limitations

None


Additional Information

For assistance in Swivel installation and configuration please firstly contact your reseller and then email Swivel Secure support at support@swivelsecure.com