What is Zero Trust?

Zero trust is an authentication service in GoTo that offers enhanced security when remote controlling a device, deploying unattended devices, and running PowerShell scripts on your devices.

Remember: Zero trust is different from multi-factor authentication.

How does zero trust work?

Watch this video:

In a nutshell, an agent in GoTo creates a signature key that uniquely identifies that person in an account. This key is not stored anywhere - other than the agent's memory. When the agent wants to perform a sensitive task, such as deploy unattended access or run PowerShell scripts on remote devices, their identity requires extra verification using this signature key. This extra security layer protects your organization as well as your agents, even when working from outside your protected office infrastructure.

How does this signature key block unwanted third parties from accessing my devices?

Your signature key is not just another password. When you deploy the GoTo application on a remote computer, your key creates a link between you and the device. This signature key uniquely identifies you. It essentially signs (encrypts) every command that you send to your deployed remote devices that, in turn, can be 100% sure that it is you who sent those commands.

Remember: Credentials that allow you to access a device are not stored in GoTo. Without these credentials, potential hackers can't take over or run PowerShell commands on your remote devices. You will still need the signature key when you create a group into the account.

What if I have access to multiple GoTo Resolve accounts?

A signature key is specific to one user in one account. When you are a member of multiple GoTo accounts, or companies, you have to create a signature key in each company.

Note: As an admin, you can view whether users of your organization have set up zero trust keys. See How do I view the zero trust status of users in GoTo Admin?

What if I want to try features before I set up zero trust?

Users with a Free subscription can postpone setting up zero trust for up to 30 days. During this period, after users deploy five devices or an admin creates the first signature key in the organization, Free users will have to create their own signature key.The purpose of delaying setting up zero trust is to allow Free users to get oriented with GoTo before they start using this product. During orientation, GoTo uses its own signature key to provide zero trust authentication. For maximum security, Free users are recommended to use their own signature key.

Frequently Asked Questions

Can users with paid licenses postpone setting up zero trust authentication?

No. Postponement is available for users with a Free license only.

Can a member user delay setting up a signature key after an admin creates a signature key?

No. As soon as an admin sets up zero trust and creates the first signature key in the company, every other user - regardless of their role - has to set up their own signature key.

If I can delay setting up a signature key, does that impact the security of GoTo in any way?

Not at all. Even without your own signature key, you are protected by GoTo's own key. When you perform a sensitive task, like creating an alert, your will still be identified as the user who performed that action. The purpose of delaying setting up zero trust is to allow Free users to get oriented with GoTo before they start using this product.

For how long can users with a Free subscription perform sensitive tasks without their own signature key?

Until one of the following occurs:

The user has a Free subscription for 30 days
The user has deployed five devices
An admin user has created the first signature key in the organization

Article last updated: 22 February, 2023