# Getting Started Guide



# Getting Started Guide for JumpServer PoC

### Adding Devices

#### 1. Preparation

Prepare two devices (for SSH and RDP) and one database to test the product features.

For example:

<table border="1" id="bkmrk-ip-%D0%98%D0%BC%D1%8F-%D1%85%D0%BE%D1%81%D1%82%D0%B0-%D0%9F%D0%BE%D1%80%D1%82-%D0%A2%D0%B8" style="border-collapse: collapse; width: 100%;"><colgroup> <col style="width: 25%;"></col> <col style="width: 25%;"></col> <col style="width: 25%;"></col> <col style="width: 25%;"></col> </colgroup><tbody><tr><td>**IP/Host Name**</td><td>**Port**</td><td>**Type**</td><td>**Account**</td></tr><tr><td>afidc.afi.local</td><td>3389</td><td>Windows</td><td>testadmin</td></tr><tr><td>10.10.53.210</td><td>22</td><td>Linux</td><td>sergg</td></tr><tr><td>10.10.53.3</td><td>3306</td><td>MySQL</td><td>user</td></tr></tbody></table>

If you need to gather information about the **Windows** device, change local account passwords, create new accounts, or perform other tasks, you must configure [**SSH for Windows**](https://kb.afi-d.ru/books/dokumentaciia-jumpserver/page/ustanovka-openssh-na-windows-dlya-upravleniya-uz-windows).   
For RDP connections, this is **not required**.

##### 2. Editing the Asset Tree

Go to the **Console - Assets - Assets** section and open the **Asset Tree** tab. Right-click in this section to open the asset tree editing menu.

[![Tree editing screenshot](https://kb.afi-d.ru/uploads/images/gallery/2024-05/scaled-1680-/MFCRGywIlsrq4ypG-be7199a3341e91590f301ada25482fd0.png)](https://kb.afi-d.ru/uploads/images/gallery/2024-05/MFCRGywIlsrq4ypG-be7199a3341e91590f301ada25482fd0.png)

You can create folders (**Nodes**) and subfolders for your devices (use the **Create node** option). Devices can be sorted into these folders.

- A device can belong to multiple folders simultaneously.
- These folders can be used to manage access policies, for example, granting access to all devices in a specific folder.

##### 3. Adding Assets to the System

Add a Linux-based device. Windows, MySQL, and other devices are added similarly.

Click the **Create** button, select the device type **Linux** (under **Host**), and fill in the fields:

- **Name:** Any meaningful name
- **IP/Host:** The IP address or DNS name of the device
- **Platform:** Linux
- **Node:** Folder(s) where the device will be placed

Adjust port numbers if non-standard ports are used.

[![Device creation screenshot](https://kb.afi-d.ru/uploads/images/gallery/2024-05/scaled-1680-/DPOVprvmGN82cKUZ-8414350cdf0f42cf04a132c61197c49e.png)](https://kb.afi-d.ru/uploads/images/gallery/2024-05/DPOVprvmGN82cKUZ-8414350cdf0f42cf04a132c61197c49e.png)

##### 4. Configuring Device Access Permissions

Go to **Console - Policies - Authorization** and click the **Create** button. Fill in the required access parameters:

[![1.png](https://kb.afi-d.ru/uploads/images/gallery/2025-02/NrNUhmYpTFubeFCE-1.png)](https://kb.afi-d.ru/uploads/images/gallery/2024-05/hw72JExNsDqXur87-122ba10f29c18f91c16aead8a2857403.png)

**Name:** A meaningful name for the access group  
**Users:** The PAM user(s) who will gain access to the devices  
**Groups:** User group(s) that will gain access  
**Assets:** The device(s) to which access is granted  
**Nodes:** Folder(s) containing the devices to which access is granted  
**Account:**

- **All accounts:** Allow connections with any existing account for each device
- **Specified accounts:** Specify particular accounts for connection
- **Virtual accounts:** enable additional auth options
- **Manual account:** Allow manual login credentials without adding the account to the system
- **Same account:** Use the same account as the user's PAM login (LDAP authorization only)
- **Anonymous account:** Connect without credentials, typically for web interfaces where users input their login credentials manually

**Protocol:** Limit the protocol used for connections  
**Actions:** Enable or disable file transfers, clipboard sharing, or session sharing permissions if supported by the connection type.

[![Policy configuration screenshot](https://kb.afi-d.ru/uploads/images/gallery/2024-05/scaled-1680-/27Qb2hQjZ53Di1iH-c882450bcb3beef016c48221249932aa.png)](https://kb.afi-d.ru/uploads/images/gallery/2024-05/27Qb2hQjZ53Di1iH-c882450bcb3beef016c48221249932aa.png)

You can enable or disable the policy and set its start and end time:

[![Policy timing screenshot](https://kb.afi-d.ru/uploads/images/gallery/2024-05/scaled-1680-/gQ8fuo5jteLdsO81-ed84d24915f1b97d9b0f533f02dde700.png)](https://kb.afi-d.ru/uploads/images/gallery/2024-05/gQ8fuo5jteLdsO81-ed84d24915f1b97d9b0f533f02dde700.png)

Click **Submit** to save the settings.

##### 5. Connecting to Devices

Go to the Web Terminal by clicking the button in the top-right corner:

[![Web terminal screenshot](https://kb.afi-d.ru/uploads/images/gallery/2024-05/scaled-1680-/0Af2Yq81btmnw1l6-d6115252cb372d1e5f50f50ab94cc55c.png)](https://kb.afi-d.ru/uploads/images/gallery/2024-05/0Af2Yq81btmnw1l6-d6115252cb372d1e5f50f50ab94cc55c.png)

In the terminal, users see only the devices they are permitted to access. Click on the desired device in the list to select the account and connection type:

[![Account selection screenshot](https://kb.afi-d.ru/uploads/images/gallery/2024-05/scaled-1680-/0f36cPtqdiY0iamG-352c1318e71f968bdd38c323e89042aa.png)](https://kb.afi-d.ru/uploads/images/gallery/2024-05/0f36cPtqdiY0iamG-352c1318e71f968bdd38c323e89042aa.png)

Without additional configuration, you can connect via the web interface using **SSH, RDP**, and **SFTP**, as well as to **MySQL** via **Web CLI** or **Web GUI**. Other connection types, such as Kubernetes, web interfaces, RemoteApp applications, and databases using dedicated clients, will be covered in other articles.