Monday, October 19, 2015

Using the API to Provide Remote Access to Your Clients









Using the API to Provide Remote Access to Your Clients   By Andrew Crihfield

Often times you have a client that needs access to their computer from home. The only obvious way is to give them access to the MAXfocus RMM dashboard. There are some downsides to that: by default they have the ability to remote into any computer in the dashboard.

The other less known way is to install the Take Control Viewer to their home PC and then create a Take Control link through the RMM API. This article will take you step by step through the process.

Step One: Generate your API Key

Open the dashboard and go to Settings>General Settings>API Key. If there is already and API Key there, just copy it and paste it into notepad. We are going to use Notepad to build our API link.

If there is no API Key, click on Generate and then copy it into Notepad


The first thing we need to do is to find the Dashboard API device ID. In order to do this you must first get the Client ID and Site ID.

How do I get the Client ID and Site ID?

Browse to the following URL after you have entered your API Token key
https://www.systemmonitor.us/api/?apikey= API KKEY HERE &service=list_clients

It will list all of your clients so look for the cliendid and make a note of it.

Now browse here after you have made the required changes!
https://www.systemmonitor.us/api/?apikey=API KKEY HERE&service=list_sites&clientid=CLIENTID HERE
Then use the Site ID to get the list of workstation IDs
https://www.systemmonitor.us/api/?apikey=API KKEY HERE&service=list_workstations&siteid= SITEID HERE





Now you are ready to create your Take Control Link.

https://www.systemmonitor.us/api/?apikey=API KKEY HERE&service=get_take_control_connection_url&deviceid= WORKSTATIONID HERE

Example Link: https://www.systemmonitor.us/api/?apikey=ab58a3bXXXXXXXX5b9e4bb750f7130ce&service=get_take_control_connection_url&deviceid=1880570

IMPORTANT!!!!!

One thing to note is the potential security risk of displaying your API Key. I strongly suggest that you use a URL Shortener such as https://goo.gl/ to hide the API key.



14 comments:

  1. Awesome tip. Now how do we do it with a mobile device such as an iPad?

    ReplyDelete
    Replies
    1. At this time the Take Control platform doesn't include mobile access. Please reach out to your representative - what platform would you prefer? (Besides ALL of course!)

      Delete
    2. Follow up: Now have the ability to connect to Mac!

      Delete
  2. If you shortent the entire URL, and someone guesses the URL, will they have control of the system, or do they have to have the take control viewer downloaded from your dashboard?

    ReplyDelete
    Replies
    1. You are correct., the Viewer is what gains the access, not the Url itself.

      Delete
  3. Issue I see is that if end user leaves company you can not disable as you are going directly there, unless I am missing something

    ReplyDelete
    Replies
    1. Remove/delete/reinstall the agent assigns the device a new ID; you'll have to (re)build the URL, but the old one is gone. (There are ways of doing this with out full reinstall, but they're manual on the machine.)

      An alternate method may be to host a web page (mysite.com/customerA_JohnSmith.html) that has "Click here to remote to your computer" as the only thing on the page. When John leaves, take down the page. The vast majority of end users won't copy a link or don't know how, but you can also write the HTML to keep that from happening!

      And you lock out / disable / remove User Accounts from the computer anyway, right? :)

      Delete
  4. Does this allow for the simultaneous existence of the viewer AND the host? We typically manage the home-office as well as the office.

    ReplyDelete
    Replies
    1. This article doesn't address Viewer and Host on the same machine. It doesn't impact it either. Remember, that is not a supported configuration of Take Control.

      Delete
  5. do i put the take control link in a web browser or where?

    ReplyDelete
    Replies
    1. Up to you! However you would like: email it directly to each customer, create a page or pages for each, etc.

      Delete
  6. We have many users that already have access to their devices w/another RMM and this issue is one of the big challenges in switching to LogicNow. But this proposed method/workaround has too many potential security issues and is too overhead intensive considering constant client employee turnover. Would it be possible to add device selection when creating Client Groups so we could then setup users in dashboard w/access only to their device(s)?

    ReplyDelete
  7. Hi all, does this still work after the navigatorlogin got launched ? Getting can't login errors.

    ReplyDelete
    Replies
    1. API is unrelated to User Logon, so the new methodology doesn't require any changes.

      Delete