This document explains how proxy access with a temporary token works on the Segura® Platform.
This feature was developed for scenarios in which users need to access proxies through native clients, such as PuTTY, Remote Desktop, and DBeaver, but the environment uses modern authentication methods, such as AD, SAML, or OpenID. Because these clients do not natively support these authentication flows, the Segura® Platform provides personal temporary tokens for use as passwords in proxy sessions.
Applicability
The use of a temporary token is recommended for environments that:
- Use centralized authentication through identity providers;
- Need to maintain compatibility with local clients;
- Want to reduce the exposure of local credentials in proxy access.
This feature is available for the following proxies:
-
Terminal Proxy;
-
RDP Proxy;
-
Database Proxy.
## Functionality
The user accesses the Segura® Platform web interface and logs in with the provider configured in the environment, such as AD, SAML, or OpenID. After authentication, the user opens the user menu and generates a temporary token to use instead of the access password.
This token is personal, has limited validity, and is used as a password in native clients compatible with the available proxies.
The token duration is defined by the user at the time of generation, with a maximum limit of 8 hours. After expiration, the token is no longer accepted for authentication and a new token must be generated.
Use cases
Some examples of use:
-
SSH access through a local client without using a local password;
-
Remote access through RDP in SSO environments;
-
Database connections through native clients with temporary authentication.
## Conclusion
The use of temporary tokens in proxies expands the compatibility of the Segura® Platform with native clients, while keeping authentication integrated with the environment identity provider and reducing the need to use local credentials.