Agents in Admin or Super Admin role with a signature key can approve or reject other agents' requests for a key.
Every agent in a company can have their own unique signature key to perform sensitive tasks, such as remote controlling devices. This also means that it bears great responsibility to manage signature keys.
Remember:
- The first agent who creates a key does not need approval.
Remember: As best practice, it is strongly recommended that an agent in with admin or super admin role should create the first key. This is important because only users in admin or super admin roles can approve subsequent signature key requests.
- Credentials that allow you to access a device are not stored in GoTo Resolve. Without these credentials, potential hackers can't take over or run PowerShell commands on your remote devices.
For information on changing user roles, see How do I change a user's role in GoTo Admin?
Here's how admins can approve a signature key request:
- In the Console, select your profile icon in the top-right corner.
- Select Manage zero trust.
- Under Pending keys, find the agent whose request you want to approve.
Admin's view of the zero trust page
- Depending on whether you want the selected agent to use zero trust, select Approve or Reject.
When you reject a user's request, they can still create a new signature key request from scratch.
- When you approve a signature key, ask the agent for their verification code that they received when creating a new signature key. Verify that you've asked the requester for their verification code and that it matches the code displayed.
Important: As an approver, it is your responsibility to decide who you allow to perform sensitive tasks in GoTo Resolve.
- Click Approve request.
- Type your signature key and click Proceed.
- Optional: To select how often to be prompted for your signature key in your current browser, click Prompt frequency and select the option that best suits you:
- Upon each sensitive task - Type your key every time you perform a sensitive task. This is the default setting.
- Once a day - Type your key once every 24 hours. For example, if you type your key at noon, then you can perform sensitive tasks until noon the following day without typing your key again.
- Once a week - You can use your key to perform sensitive tasks for one week, that is for 168 hours.
Remember:
- Frequency settings apply to your current browser only. When you sign in to the Console in two separate browsers, your frequency settings will differ.
- Upon log out or when you change your signature key, your frequency setting defaults to prompting for a key every time you perform a sensitive task, regardless of which frequency option you chose.
Results: The agent receives an email when the key is approved.