立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Sessions 6.5.0 - RADIUS Multi-Factor Authentication - Tutorial

Perform multi-factor authentication with the SPS RADIUS plugin in terminal connections

The following describes how to establish a terminal connection (SSH, TELNET, or TN3270) to a server.

To establish a terminal connection (SSH, TELNET, or TN3270) to a server

  1. Connect to the server.

    If you can authenticate using an OTP or token, encode the OTP as part of the username. You can use the @ as a field separator.

    Example:
    ssh otp=YOUR-ONE-TIME-PASSWORD@user@server

    Replace YOUR-ONE-TIME-PASSWORD with your actual OTP.

  2. If SPS prompts you for further information, enter the requested information. If you need to authenticate with an OTP, but you have not supplied the OTP in your username, you will be prompted to enter the OTP.

  3. Authenticate on the server.

  4. If authentication is successful, you can access the server.

Perform multi-factor authentication with the SPS RADIUS plugin in Remote Desktop (RDP) connections

The following section describes how to establish a Remote Desktop (RDP) connection to a server when the AA plugin is configured.

To establish a RDP connection to a server when the AA plugin is configured

  1. Open your Remote Desktop client application.

  2. If you have to provide additional information to authenticate on the server, you must enter this information in your Remote Desktop client application in the User name field, before the regular content (for example, your username) of the field.

    If you can authenticate using an OTP or token, encode the OTP as part of the username. To encode additional data, you can use the following special characters:

    • % as a field separator

    • ~ as the equal sign

    • ^ as a colon (for example, to specify the port number or an IPv6 IP address)

    Example:

    For example, use the following format:

    domain\otp~YOUR-ONE-TIME-PASSWORD%Administrator

    Replace YOUR-ONE-TIME-PASSWORD with your actual OTP.

  3. Connect to the server.

    If you need to authenticate using a push notification, approve the connection in your mobile app.

  4. Authenticate on the server.

  5. If authentication is successful, you can access the server.

Perform multi-factor authentication with the SPS RADIUS plugin in Microsoft SQL Server (MSSQL) connections

The following section describes how to establish a Microsoft SQL Server (MSSQL) connection to a server when the AA plugin is configured.

To establish a MSSQL connection to a server when the AA plugin is configured

  1. Open your SQL client application.

  2. If you have to provide additional information to authenticate on the server, you must enter this information in your SQL client application in the User name field, before the regular content (for example, your username) of the field.

    If you can authenticate using an OTP or token, encode the OTP as part of the username. To encode additional data, you can use the following special characters:

    • % as a field separator

    • ~ as the equal sign

    • ^ as a colon (for example, to specify the port number or an IPv6 IP address)

    Example:

    For example, use the following format:

    domain\otp~YOUR-ONE-TIME-PASSWORD%Administrator

    Replace YOUR-ONE-TIME-PASSWORD with your actual OTP.

  3. Connect to the server.

    If you need to authenticate using a push notification, approve the connection in your mobile app.

  4. Authenticate on the server.

  5. If authentication is successful, you can access the server.

相关文档