Yeah we have 2FA enabled in our SG and we are also TPN compliant. This is just for the SG integration from OP/Ayon so our users are already working within our secure environment, I think on this case the only problem would be someone from inside knowing how to use the SG API to write stuff to SG as someone else but I’m not really that concerned about that, I think I rather have them work this way than having to change their login method.
Alternatively, I think we should add support for SSO so they don’t need to login in the SG addon, but we are probably constrained by this one SSO / Active Directory integration - #12 by emiliano
On the collect_shotgrid_session plugin we are basically creating it like this (the only modification from the OP code being that we pass the proxy to the session)
proxy = os.environ.get("HTTPS_PROXY", "").lstrip("https://")
session = shotgun_api3.Shotgun(
base_url=shotgrid_url,
script_name=shotgrid_script_name,
http_proxy=proxy,
api_key=shotgrid_script_key,
sudo_as_login=login,
)