Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.0.9 - Duo Multi-Factor Authentication - Tutorial


This section contains logging-related settings.

Type: integer or string
Required: no
Default: info

Description: The logging verbosity of the plugin. The plugin sends the generated log messages to the SPS syslog system. You can check the log messages in the Basic settings > Troubleshooting > View log files section of the SPS web interface. To show only the messages generated by the plugins, filter on the plugin: string.

The possible values are:

  • debug

  • info

  • warning

  • error

  • critical

For details, see Python logging API's log levels: Logging Levels.


This section contains HTTPS proxy-related settings.

Type: string
Required: no
Default: N/A

Description: The name or IP address of the HTTPS proxy server.

Type: integer
Required: no
Default: 3128

Description: The port number of the HTTPS proxy server.



To configure this optional section, contact our Support Team.

To request additional information from the user (for example, ticket number), define one or more [question_] section (for example, [question_1], [question_2]). The user input will be stored under the value of key in the questions section of the session cookie.

Description: Used for communication between plugins. This is an interactive request/response right after authentication in order to supply data to Credential Store plugins. The question is transferred to the session cookie and all hooks of all plugins receive it.

For example, if you have an external authenticator app, you do not have to wait for the question to be prompted but can authenticate with a one-time password:

ssh otp=123456@root@scb

Name subsequent questions with the appropriate number (for example, [question_1], [question_2], and so on).

For details, see "Performing authentication with AA plugin in terminal connections" in the Administration Guide and "Performing authentication with AA plugin in Remote Desktop connections" in the Administration Guide.

Type: string
Required: yes
Default: N/A

Description: The question itself in text format.

Type: string
Required: yes
Default: N/A

Description: The name of the name-value pair.

Type: boolean (yes|no)
Required: no
Default: no

Description: Whether the answer to the question is visible (yes), or replaced with asterisks (no).

Store sensitive plugin data securely

By default, the configuration of the plugin is stored on SPS in the configuration of SPS. Make sure that you store the sensitive parameters (for example, ikey and skey) of the plugin in an encrypted way.

To store sensitive plugin data securely

  1. Log in to SPS, navigate to Policies > Credential Stores and create a Local Credential Store. For details, see "Configuring local Credential Stores" in the Administration Guide.

    Instead of usernames and passwords, you will store the configuration parameters of the plugin in this Credential Store.

  2. Add the plugin parameters you want to store in an encrypted way to the Credential Store. You can store any configuration parameter of the plugin in the Credential Store, but note that if an option appears in the Credential Store, the plugin will use it. If the same parameter appears in the configuration of the plugin, it will be ignored.

    • Enter the name of the configuration section without the brackets in the Host field (for example, duo).

    • Enter the name of the plugin parameter in the Username field (for example, ikey and skey).

    • Enter the value of the plugin parameter in the Passwords field.

    • Click Commit.

  3. Navigate to the configuration of the plugin on the Policies > AA Plugin Configurations page.

  4. In the plugin configuration file, enter the name of the local Credential Store under the [credential_store] section as the value of the name parameter.

  5. Enter $ as the value of the parameter storing sensitive data.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating