This section contains the options related to authentication.
[auth] prompt=Press Enter for push notification or type one-time password: disable_echo=yes
Type: | string |
Required: | no |
Default: | Press Enter for push notification or type one-time password: |
Description: SPS displays this text to the user in a terminal connection to request an OTP interactively. The text is displayed only if the user uses an OTP-like factor, and does not send the OTP in the connection request.
Type: | boolean (yes|no) |
Required: | no |
Default: | no |
Description: For better security, you can hide the characters (OTP or password) that the user types after the prompt. To hide the characters (replace them with asterisks), set disable_echo to yes.
This section contains the options related to limiting parallel sessions.
Type: | integer |
Required: | no |
Default: | 0 |
Description: To limit the number of parallel sessions the gateway user can start from a given client IP address, configure limit. For an unlimited number of sessions, type 0.
This section contains the settings that determine how soon after performing a 2FA/MFA authentication the user must repeat the authentication when opening a new session.
After the first
In other words, after opening the first session and authenticating on
Type: | integer [in seconds] |
Required: | yes, if you want caching |
Default: | N/A |
Description: The time in seconds after which the SPS plugin requires a new
Type: | integer [in seconds] |
Required: | yes, if you want caching |
Default: | N/A |
Description: The time in seconds after which the SPS plugin requires a new
Type: | integer [number of] |
Description: The cache can be used conn_limit times without multi-factor authentication. If the number of logins exceeds this number, the plugin will request multi-factor authentication again. If this parameter is not set, the number of logins from cache are unlimited.
Having to perform multi-factor authentication to a remote server every time the user opens a session can be tedious and inconvenient for the users, and can impact their productivity. SPS offers the following methods to solve this problem:
In SPS, the Connection policy determines the type of authentication required to access a server. If you do not need multi-factor authentication for accessing specific servers, configure your Connection policies accordingly.
If the user opens a new session within a short period, they can do so without having to perform multi-factor authentication. After this configurable grace period expires, the user must perform multi-factor authentication to open the next session. For details, see [authentication_cache].
The [whitelist source=user_list] and [whitelist source=ldap_server_group] sections allow configuring authentication whitelists and blacklists based on a User List policy or an LDAP Server policy. These two sections are independent, therefore any of the two can be configured and, for example, can create break-glass access for specific users to allow them to bypass
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center