Request Remote Support Access

Remote Support iconRemote Support (BeyondTrust)

Remote Support empowers IT Staff to quickly and securely connect to endpoints, anywhere.

Request Remote Support Access

Agreement

University of Nebraska Information Technology Services (hereinafter referred to as "NU ITS") will provide BeyondTrust as a reliable and secure Remote Support tool for Information Technology staff (hereinafter referred to as "Representatives").

Representatives will follow all policies and guidelines for the acceptable use of BeyondTrust Remote Support to ensure that University users and devices are supported effectively and efficiently, without compromising the privacy or confidentiality of client data.

To obtain access to BeyondTrust Remote Support read and agree to the terms listed below. NU ITS will then contact your supervisor to approve your access request.

Governing Policies

Representatives affiliated with the University of Nebraska Central Administration, Kearney, Lincoln, Medical Center, or Omaha shall adhere to any policy set forth by the University in regards to computers and electronic information systems. This includes, but is not limited to, the following:

If the policy in this document at any time conflicts with University of Nebraska Medicine policy, the policy, as set forth by the governing institution, shall supersede policy as outlined in this document.

Remote Support Portals

General Support – help.nebraska.edu

The general support portal is used for everyday remote support sessions. General sessions are recorded for training and quality control purposes. Session recordings and logs will be retained for 90 days.

Confidential Support – help-confidential.nebraska.edu

The confidential support portal is used for remote support sessions that will involve confidential or regulated information. Confidential sessions are not recorded, only basic session activity will be logged for training and quality control purposes. Session logs will be retained for 90 days.

BeyondTrust Remote Support Sessions

Attended Sessions

Attended sessions are initiated by a local user that navigates to one of two online portals: help.nebraska.edu or help-confidential.nebraska.edu. At the support portal, a user selects the name of their IT Support Representative or the user types in a pre-shared session key. This method of remote support requires a user to download and install a temporary Jump Client. The user must accept a Remote Support EULA before support can start. The user is in full control of the support session and can terminate it at any time. After the session is complete, the temporary Jump Client automatically uninstalls.

Unattended Sessions

A Remote Support Representative initiates an unattended session through the console on endpoints that have a pre-installed Jump Client. This method of remote support does not require a user to install anything or take any action to begin remote support. The user will be presented with a Remote Support EULA in the chat window that appears when a support session starts. A local user is in full control of the support session and can terminate it at any time. Only University issued endpoints may have permanently installed Jump Clients.

Private Access Role

This role is for accessing Unattended private institutional endpoints or one-time Attended endpoints.

A private institutional endpoint is defined as any desktop, laptop, or tablet that is assigned to a single user for their private use. Examples of private institutional endpoints are those assigned to individual Faculty, Staff, and Students.

A pre-installed Jump Client on private institutional endpoints makes remote assistance quick and easy for users by enabling a Representative to initiate a remote session after being contacted by a user for assistance. Users must be present to accept the remote session and elevate representative access. The user is in full control of the support session and can terminate it at any time.

All Private Unattended Jump Clients reside within common Jump Groups in the Remote Support Representative Console.

Open Access Role

This role is for accessing non-private institutional endpoints.

A non-private institutional endpoint is defined as any desktop, laptop, tablet, or server that is not assigned to a single user and does not contain private user data. Examples of non-private institutional endpoints include research or business workstations, lab computers, appliances, kiosks, digital signs, and servers.

A pre-installed Jump Client on non-private institutional endpoints allows Representatives to openly connect to and control these endpoints without local user presence. This role is useful for managing end-user endpoints that do not contain private or confidential information or administering servers. Open Unattended Jump Clients will not be configured to use the Confidential Portal.

Open Unattended Jump Clients are divided into separate private Jump Groups based on Representative privileges for specific IT support teams. Only one Open Unattended Jump Group will be allocated per IT support team.

Auditor

This access role allows a representative to view all session recordings and logs for a specific Remote Support representative team. A representative team is comprised of all representatives that have access to a specific Jump Group. This role is leveraged by team supervisors, service managers, security staff, or internal auditors. If you need assistance in determining which team to request access to, please contact a Remote Support Administrator.

RDP & VNC

All access roles include the ability for a Representative to create and store personal RDP & VNC connections for direct access to authenticated endpoints. These sessions are recorded for training and quality control purposes. Session recordings and logs will be retained for 90 days.

Acceptable Use of Remote Support

  • Remote Support may only be used by University employees in IT support and administration roles. Remote Support is not available for end users or technicians to gain remote access to their office computers.
  • BeyondTrust jump clients may only be installed on institutional endpoints.
  • Open Unattended Jump Clients will not be installed on private institutional endpoints, such as those issued to faculty, staff, and students. Open Unattended Jump Clients are reserved for use on non-private institutional endpoints such as workstations, labs, appliances, kiosks, digital signs, or servers. Exceptions will only be granted if the impacted College/Department has completed an Open Unattended Authorization for Private Endpoints MOU.
  • Before starting a remote session with a user, it is the responsibility of the representative to ask the user if any confidential or regulated data will be visible. When confidential or regulated data is visible the Confidential Support portal will be used. In the event that confidential or regulated data becomes visible to a representative during a recorded remote session. The representative will immediately contact a Remote Support Administrator to request sanitization of the specific session log.
  • Personal data may not be viewed or removed from an endpoint without the consent of the user.
  • All actions taken by Representatives are logged and randomly audited for compliance. A representative can review their personal sessions at any time through the administrative web console. A supervisor or manager may request access to view all session logs for his or her representatives.
  • Remote Support licensing is provided as concurrent use. Representatives will only open the console as needed to facilitate remote support, then promptly log-off when support is complete. If a representative leaves the console idle for 15 minutes, he or she will be automatically logged out. If a representative monopolizes a concurrent license, NU ITS may request that the representative purchase and maintain a license for their use.

Representative Responsibilities

  • Understand the impact of Remote Support configuraitons, access roles, and their potential effect on end-users and endpoints. Representatives should only have access to the jump groups they need to complete their work.
  • Inform Remote Support Administrators whenever access needs to be changed. Access will not be added or removed until a supervisor, or other designated official notifies a Remote Support Administrator of the change. Representatives will be added on an individual basis after completing this web form. Representatives will not have the ability to modify their access independently.
Select “New Representative” if you are requesting Remote Support access for the first time. Select “Update Access” if you are requesting a role modification to your existing Representative account.

Remote Support TrueYou Registration

If this is your first request for Remote Support Access, proceed to https://help.nebraska.edu/login and authenticate using SAML and your TrueYou Identity with DUO Two-Factor authentication. This will register your identity in Remote Support for access elevation. If you don't know your TrueYou Identity or have not yet enabled DUO, please visit the TrueYou Identity Manager.

Representative Headshot

A current headshot is required to be a Remote Support representative. Your photo will be used in Remote Support chat sessions and posted on the Remote Support Representatives page. The photo must be a clear image of your face looking forward with a neutral expression or a natural smile, with both eyes open. The photo should be framed using the example below. Photos with filters or avatar substitutions will not be accepted.

Example Headshot Photo

Headshot Example

Recommended Image Size: 600 x 600 pixels at 72 pixels/inch

Recommended Filename: LastName_FirstName.png

Headshot *
Do not use spaces in the image filename.
Files must be less than 1 MB.
Allowed file types: jpg jpeg png.

Supervisor Contact Information

Your supervisor will be contacted to confirm Remote Support Access.

Representative Information

Required information to configure your Remote Support Access.

BeyondTrust Access

If you need assistance completing this form please contact a Remote Support Administrator, Nick Merchen or Greg Paff.

Please select your University Affiliation. This choice determines what Optional BeyondTrust Access Roles are available to you. All Representatives will have access to Attended Jump Clients and either the NU or MC Private Unattended Jump Clients.

If your role involves auditing or remote support of non-private institutional endpoints such as research or business workstations, lab computers, appliances, kiosks, digital signs, or servers, please check the relevant Optional BeyondTrust Access Roles.

Optional BeyondTrust Access Roles
A detailed definition of BeyondTrust Access Roles is listed above.
Specify NU ITS Open Unattended Group(s)
Specify NU ITS Private Open Unattended Access
Access to the NU - ITS-CS Private Open group is limited to Client Services, Technical Consultant II positions and their managers.
Specify NU Kearney, Lincoln, or Omaha Open Unattended Group(s)
Specify MC Open Unattended Group(s)
Please specify an unlisted Open Unattended group or request a new group.
Please specify an unlisted Open Unattended group or request a new group.
Please specify an unlisted Open Unattended group or request a new group.
Example questions to answer for justification: Why have you requested access to the Open Unattended group(s) you have selected? How is this access related to your job function? How will it improve the support you provide? (This information will be shared with your supervisor to approve access.)
Which Bomgar teams are you requesting auditor access to? (Auditor access is reserved for Team Supervisors, Service Managers, Security, or Internal Audit)

BeyondTrust Assistance

Would you like assistance with mass deployment of the Jump Client to devices that you support? *
Would you like to participate in Remote Support Representative training? *
Additional Information about this Request

Agreement for Remote Support Access

Any violation of the Remote Support access polices and terms will result in the immediate suspension of access to Remote Support and the Representative's supervisor will be notified. NU ITS will provide notice if any terms in this agreement are amended.

Check to Agree *