Smart consent bypass requires Windows Agent version 2.18, which is currently in beta.
Smart consent bypass lets a ControlUp user bypass the active user consent requirement for remote control sessions when specific conditions are met.
To bypass consent, ALL of the following conditions must be true:
- The ControlUp user must have the permission Allow Smart Consent Bypass.
- Smart consent bypass must be enabled for the device in Extended Settings. These settings are targeted based on device tags, so you can enable this setting for only specific devices. This setting is disabled by default.
- The remote device must have been idle for at least 15 minutes (configurable).
- The end user does not respond to a consent request prompt for at least 60 seconds (configurable).
Example scenario
A physician reports an urgent issue on a device, but has to walk away and can't be present to grant consent. With smart consent bypass, a ControlUp user can remote control the device while the physician is away and fix the problem.
When the physician is actively using the device, the smart consent bypass conditions are no longer met. The same ControlUp user is unable to remote control the device unless consent is granted, maintaining session privacy.
Enabling and configuring smart consent bypass
Smart consent bypass can be enabled and configured per device using the following Extended Settings:
- Remote Control Consent Bypass Enabled - Allows smart consent bypass on the device.
- User Idle Timeout - Sets the minimum inactivity duration before a user is considered idle, and therefore eligible for smart consent bypass.
- Remote Control Consent Bypass Timeout - Sets the duration that the consent prompt appears to the end user before consent is bypassed and the remote control session automatically starts.
- Remote Control Consent Bypass Notification Message - The message displayed on the remote device after the remote session has ended. You can use the following variables in the message:
%REQUESTOR_USERNAME%- Displays the email address of the ControlUp user who started the remote session.%ACTION%- Displays “Control” for a remote control session or “View” for a remote shadow session.%SESSION_ID%- Windows Session ID of the targeted session.
How it works in detail
-
You launch a remote control session on a device and request consent.
-
ControlUp checks if you have permission to use smart consent bypass AND if smart consent bypass is enabled on the remote device. If both are true, then this session is eligible to bypass consent.
-
ControlUp checks if the remote user has passed the idle threshold (default 15 minutes). If the remote user has already passed the idle threshold, then the session is eligible to bypass consent.
-
A consent request prompt is displayed to the remote user. If the user does not respond to the request within the consent timeout duration (default 60 seconds), then consent is bypassed and the session starts.
- The consent prompt includes a countdown timer until the session automatically starts.
- If the end user comes back and becomes active before the consent timeout duration, smart consent bypass is immediately cancelled and the session waits for the end user to respond.
-
When the remote session is over, a message appears on the remote device informing the remote user that a remote control session took place. The message is configurable.
From the ControlUp user's perspective
When you start a remote control session on a device that has been idle and is eligible for smart consent bypass, the remote session interface displays "Connecting..." while the consent prompt is displayed on the remote device. The session automatically starts if the consent prompt times out.
There is no indicator in the remote session interface to tell you whether the device is idle and waiting for the consent timeout, or whether an active user is being prompted for consent.