Multi-Factor authentication for SAS/Connect and PostgreSQL

SAS/Connect (a.k.a. PC-SAS)

• If a user already has Duo Push enabled, the user will receive a push request when logging in to SAS/Connect and will need to acknowledge that push to proceed with using SAS/Connect. While waiting for this to happen, the SAS/Connect screen will be paused at this message:
  

NOTE: Remote sign-on to SASTCPD commencing (SAS Release 9.04.01M6P110718).
NOTE: SASPROPREITARY encryption is being used to protect network traffic.

The push will be sent multiple times (3), and if not acknowledged, the user will see this message:

ERROR: A communication subsystem partner link setup request failure has occurred.
ERROR: Communication request rejected by partner: security verification failure. ERROR: Remote sign-on to SASTCPD canceled.

• If a user does not have push MFA enabled: The user will need to connect to the MFA-enabled WRDS website or MFA-enabled SSH on the same IP address that the user intends to connect with SAS/Connect.   After doing so, the user will be able to connect to SAS/Connect.  After this has been completed, the user will then be able to connect to SAS/Connect.  If the user has connected to either the website or SSH in the most recent 12 hours, their MFA will also still be valid.

PostgreSQL Access

• If a user already has Duo Push enabled: the user will receive a push request when attempting to connect to PostgreSQL and will need to acknowledge that push to proceed with using PostgreSQL. This includes using the WRDS Python module, connecting from Stata, and R from external hosts.   Accessing PostgreSQL via SSH from wrds-cloud will not need to use MFA.
• If a user does not have push MFA enabled: The user will need to connect to the MFA-enabled WRDS website or MFA-enabled SSH on the same IP address that the user intends to connect with PostgreSQL.  After this has been completed, the user will then be able to connect to PostgreSQL.  This username/IP combination will be valid for 30 days after a successful MFA.

Top of Section