New/Edit System

Use these settings to add a system to be authenticated with the IBM i agent. The system needs to have been added to Insite (see "Product Connections" in the Insite User Guide), and have Powertech Multi-Factor Authentication installed.

The settings on this page allow Powertech Multi-Factor Authentication administrators to configure the action to perform (allow or deny) for IBM i user profiles on the system that are not allocated to an Powertech Multi-Factor Authentication user.

Upon signing on to a system secured by Powertech Multi-Factor Authentication with a user profile not attached to an Powertech Multi-Factor Authentication user, Powertech Multi-Factor Authentication first consults the settings on this screen to determine whether to allow or deny the user access. If 'Use Agent Defaults' is set to On, or the user profile is otherwise allowed by the settings on this screen, Powertech Multi-Factor Authentication defers to the settings on the Edit Default System screen.

In other words, here, Powertech Multi-Factor Authentication administrators can allow or deny access to specific user profiles as exceptions to the default action specified on the Edit Default System screen.

This page also allows administrators to change the default authentication status (enabled or disabled) for each exit point.

How to Get There

In the Navigation Pane, choose Agents, then IBM i Agent, then click Add.

Options

System; Select System (New System only)

Click Select System to open the Select System screen, where you can choose the system to be added.

Default Unassigned Profile Action

Choose Deny users access to reject login attempts by IBM i user profiles not connected to an Powertech Multi-Factor Authentication user. Choose Allow users access to grant access to user profiles not connected to an Powertech Multi-Factor Authentication user. Unassigned users that have been granted access will inherit the user settings of the Default Group. The Default Group is listed on the Users screen. Choose Inherit user access to use the setting defined in the Edit Default System page.

Unassigned Profile Action

Use Agent Defaults; On • Off

Choose On to use the Unassigned Profile Action settings defined in the Edit Default System page. Choose Off to use the Unassigned Profile Action settings defined on this page for this system.

Authentication Suppression

This parameter controls authentication suppression for an individual system. Authentication suppression reduces the number of times authentication is required.

Use Agent Defaults; On • Off

Choose On to use the Authentication Suppression settings defined in the Edit Default System page. Choose Off to use the Authentication Suppression settings defined on this page for this system.

Authentication Suppression (minutes)

Specify the period of time, in minutes, authentication will be suppressed for each IBM i interactive session. After an initial authentication request, the user will not receive additional authentication requests during that session until the time period has expired.

Exit Points; Activate • Deactivate

Check the exit points you would like to activate or deactivate. Whether the exit point is set to activated or deactivated initially depends on the system's default settings when added to Powertech Multi-Factor Authentication. Powertech Multi-Factor Authentication supports the following exit points:

DDM/DRDA Server
Database Svr-Initiation
FTP Server Logon
FTP Server Requests
File Server
REXEC Server Logon
Remote Command
Retrieve command exit programs
TCP Signon Server

NOTE: See also IBM i Exit Point Descriptions.

Click Activate to secure them with Powertech Multi-Factor Authentication. Click Deactivate to stop securing them with Powertech Multi-Factor Authentication.

For example, if the system is enabled, and you set an exit point to Deactivate and click Save, Powertech Multi-Factor Authentication sends a message to deregister the exit point program with Powertech Multi-Factor Authentication. If the system is not currently enabled in Powertech Multi-Factor Authentication, and this setting is changed, the setting is stored in the database so that when the system is enabled within Powertech Multi-Factor Authentication, Powertech Multi-Factor Authentication will apply the activate/deactivate setting as appropriate, and register/deregister the exit point program accordingly.

NOTE: In some cases, restarting the services (which Powertech Multi-Factor Authentication does when activating/deactivating exit points) is not sufficient for the Database Server and File Server exit points. In this case, restart QSERVER subsystem:

ENDSBS SBS(QSERVER)

STRSBS SBSD(QSERVER)

If after restarting the subsystem authentication still does not function properly, also restart the QUSRWRK subsystem:

ENDSBS SBS(QUSRWRK)

STRSBS SBSD(QUSRWRK)