Edit Default System
How to Get There
In the Navigation Pane, choose Agents, then Systems Defaults.
What it Does
The settings on this page allow Access Authenticator administrators to configure the default action to perform (allow or deny) for IBM i user profiles not allocated to an Access Authenticator user on systems that authentication is enabled on.
Upon signing on to a system secured by Access Authenticator with a user profile not attached to an Access Authenticator user, Access Authenticator first consults the settings for that system in its Edit System screen. If 'Use Agent Defaults' is set to On, or the user profile is otherwise allowed by the individual system's settings, Access Authenticator defers to the settings on this screen.
Administrators can then allow or deny access for individual new user profiles as exceptions to the default action.
This page also allows administrators to change the default authentication status (enabled or disabled) for each exit point.
Options
Default Unassigned Profile Action: Deny users access • Allow users access
Choose 'Deny users access' to reject login attempts by IBM i user profiles unfamiliar to Access Authenticator. Choose 'Allow users access' to grant access to user profiles unfamiliar to Access Authenticator. Unassigned users that have been granted access will inherit the user settings of the Default Group. See Users screen.
Unassigned Profile Action
If any of the profiles in this list come through one of the system's exit points, and Access Authenticator can't find an Access Authenticator user attached to that profile to challenge for authentication, Access Authenticator will check the Unassigned Profile Action setting for that user profile. If it is set to Allow, the user will not be challenged with an authentication request and will be permitted to sign on. If the user is set to Deny, they will be denied access.
Add Profile • Remove
Click Add Profile to open the Select Profiles screen, where you can choose a profile on the selected system. Select a user and click Remove to remove that user from the list.
[profile list]; Deny • Allow
Choose 'Deny' from the drop-down list adjacent to a user to reject login attempts by that user. Choose 'Allow' to grant access to the adjacent user.
Exit Points; Activate • Deactivate
Check the exit points you would like to activate or deactivate. Whether the exit point is set to activated or deactivated initially depends on the system's default settings when added to Access Authenticator. Access Authenticator supports the TCP Signon Server, REXEC Server Logon, FTP Server Logon, and FTP Server Requests exit points. Click Activate to secure them with Access Authenticator. Click Deactivate to stop securing them with Access Authenticator.