The following describes how to establish a terminal connection (SSH, TELNET, or TN3270) to a server.
To establish a terminal connection (SSH, TELNET, or TN3270) to a server
-
Connect to the server.
To encode additional data as part of the username, you can use the @ as a field separator, for example:
ssh token_id=id@user@server
Replace id with your actual token ID.
-
If One Identity Safeguard for Privileged Sessions (SPS) prompts you for further information (for example, a one-time password), enter the requested information.
-
Authenticate on the server.
-
If authentication is successful, you can access the server.
The following describes how to establish a Remote Desktop (RDP) connection to a server when the AA plugin is configured.
To establish an RDP connection to a server when the AA plugin is configured
-
Open your Remote Desktop client application.
-
If you have to provide additional information to authenticate on the server, you must enter this information in your Remote Desktop client application into the User name field, before the regular content (for example, your username) of the field.
To encode additional data, you can use the following special characters:
For example, to add a token ID before your username, use the following format:
domain\token_id~12345%Administrator
Note how domain information is provided. If your server is in a domain, make sure that you specify the domain in this format: putting it in front, followed by a backslash (\).
-
Connect to the server.
-
If One Identity Safeguard for Privileged Sessions (SPS) prompts you for further information (for example, a one-time password), enter the requested information.
-
Authenticate on the server.
-
If authentication is successful, you can access the server.
The plugin framework provided by One Identity Safeguard for Privileged Sessions (SPS) can also be used to integrate SPS to external ticketing (or issue tracking) systems, allowing you to request a ticket ID from the user before authenticating on the target server. That way, SPS can verify that the user has a valid reason to access the server — and optionally terminate the connection if he does not. Requesting a ticket ID currently supports the following protocols:
-
Remote Desktop (RDP)
-
Secure Shell (SSH)
-
TELNET
-
TN3270
-
To request a plugin that interoperates with your ticketing system, contact our Support Team.
-
For details on configuring SPS to use a plugin, see Using a custom Authentication and Authorization plugin to authenticate on the target hosts in the Administration Guide.
Detailed information about this topic
The following describes how to establish a terminal connection (SSH, TELNET, or TN3270) to a server that requires you to enter a ticket ID.
To establish a terminal connection (SSH, TELNET, or TN3270) to a server that requires you to enter a ticket ID
-
Connect to the server.
You have the option to use the ID of the ticket you are working on as part of the username (replace id with the ticket ID):
ssh ticket_id=id@user@server
NOTE: Your plugin may use a different name for the key ticket_id shown in the example. Plugins work with key-value pairs and the names of keys are entirely up to individual plugins.
-
If you did not provide a ticket ID, One Identity Safeguard for Privileged Sessions (SPS) now prompts you to enter it.
-
Authenticate on the server.
-
If the authentication is successful, you can access the server.