立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Sessions 6.5.0 - Okta Multi-Factor Authentication - Tutorial

[credential_store]

This section contains settings related to storing sensitive information of the plugin.

Declaration
[credential_store]
name=<name-of-credential-store-policy-that-hosts-sensitive-data>
name
Type: string
Required: no
Default: N/A

Description: The name of a local Credential Store policy configured on SPS. You can use this Credential Store to store sensitive information of the plugin in a secure way (for example, the api_key value in the [okta] section).

For details, see Store sensitive plugin data securely.

[logging]

This section contains logging-related settings.

Declaration
[logging]
log_level=info
log_level
Type: integer or string
Required: no
Default: info

Description: The logging verbosity of the plugin. The plugin sends the generated log messages to the SPS syslog system. You can check the log messages in the Basic settings > Troubleshooting > View log files section of the SPS web interface. To show only the messages generated by the plugins, filter on the plugin: string.

The possible values are:

  • debug

  • info

  • warning

  • error

  • critical

For details, see Python logging API's log levels: Logging Levels.

[https_proxy]

This section contains HTTPS proxy-related settings.

Declaration
[https_proxy]
server=<proxy-server-name-or-ip>
port=3128
server
Type: string
Required: no
Default: N/A

Description: The name or IP address of the HTTPS proxy server.

name
Type: integer
Required: no
Default: 3128

Description: The port number of the HTTPS proxy server.

[question_1]

NOTE:

To configure this optional section, contact our Support Team.

To request additional information from the user (for example, ticket number), define one or more [question_] section (for example, [question_1], [question_2]). The user input will be stored under the value of key in the questions section of the session cookie.

Description: Used for communication between plugins. This is an interactive request/response right after authentication in order to supply data to Credential Store plugins. The question is transferred to the session cookie and all hooks of all plugins receive it.

For example, if you have an external authenticator app, you do not have to wait for the question to be prompted but can authenticate with a one-time password:

ssh otp=123456@root@scb

Name subsequent questions with the appropriate number (for example, [question_1], [question_2], and so on).

For details, see "Performing authentication with AA plugin in terminal connections" in the Administration Guide and "Performing authentication with AA plugin in Remote Desktop connections" in the Administration Guide.

prompt
Type: string
Required: yes
Default: N/A

Description: The question itself in text format.

key
Type: string
Required: yes
Default: N/A

Description: The name of the name-value pair.

disable_echo
Type: boolean (yes|no)
Required: no
Default: no

Description: Whether the answer to the question is visible (yes), or replaced with asterisks (no).

相关文档