- Powertech MFA's Authentication Manager can now delegate authentication calls to a RADIUS server to authenticate users.
- Logging has been added to the desktop agent to assist with troubleshooting.
- Updates to the Multi-Factor Authentication Desktop Agent.
- Updates to the Multi-Factor Authentication IBM i Agent.
- The System Selection screen of the Insite UI has been updated to provide better feedback on each IBM i system, including information on systems that cannot be supported.
- The product has been renamed Powertech Multi-Factor Authentication. The new name is now used in the UI for all product modules and accompanying documentation. (Previously the product was called "Access Authenticator.")
- The product name has been added to the title of the Deactivate Authentication panel (PMA3985).
- Updates to the Powertech Multi-Factor Authentication IBM i Agent.
- Documentation for securing IBM i and Authentication Manager connections with TLS has been improved.
- Improvements and fixes to the IBM i Agent with the release of version R01M04. See Multi-Factor Authentication IBM i Agent.
- Administrators can now make changes to the initial program that is now stored in the configuration file for each user profile being authenticated by Access Authenticator. This can be done without deactivating and reactivating the user. A new option (option 5) on the Main Menu, and the CHGAAINITP command, have been added for this purpose.
- The Windows version of the backup/restore database script that is packaged with the Authentication Manager has been repaired.
- The HelpSystems Insite server address on the IBM i agent is now updated with each Activation from Insite.
- The 'Select All' check box on the Users screen is now cleared after deleting all users.
- Service scripts are now always upgraded during installation on Linux.
- Extra license expiry emails are no longer sent when the license expiry email feature is active.
- The character limit of the LDAP Context field in Access Authenticator's LDAP screen has been increased to 300 characters.
- Green screen authentication is no longer disabled when the Kafka server is down or unreachable.
- The Insite Server address (listed in the Insite Server Configuration panel) is now cleared if the IBM i agent is removed from HelpSystems Insite.
- An issue preventing the ability to delete Access Authenticator users after a YubiKey or mobile device has been added has been resolved.
- A problem preventing the ability to sync a mobile device when the YubiKey device type is disabled has been resolved.
- Users can now choose to authenticate using a one-time password (OTP) generated by a soft token. The soft token is a PIN-protected authentication method launched from the desktop agent.
- APIs are now available that allow third parties to use two factor authentication provided by Access Authenticator in their own products and processes. The APIs are documented and include usage examples.
- User Portal updates: The list of authentication methods in the User Portal now includes all available authentication methods, as well as each method's status (enabled/disabled). The soft token has been added and the backup list of OTPs is now included as a device.
- Commands have been added to start and stop the Access Authenticator IBM i agent (PMASTRMON and PMAENDMON) to help facilitate system backup and other maintenance procedures.
- An issue preventing Access Authenticator users from being added with the IE11 web browser has been resolved.
- The jackson-databind jar file used in the Authentication Manager has been updated to version 2.9.4 for improved security.
- Usability improvements.
- The Access Authenticator Windows installer is no longer required to create a Windows user account during installation in order to start and stop the services associated with Access Authenticator. This enhancement improves stability.
- Audit logs and reports have been added. Reports now allow administrators to view Access Authenticator system activities including authentication data and system event information, as well as an audit log of Access Authenticator configuration information. See Reports screen for details.
- Email server support has been improved. Access Authenticator now provides administrators more flexibility when connecting to the email server resources used to distribute email alerts generated by Access Authenticator. See Email Settings screen for details.
- Notifications of an impending license expiration have been added. Administrators can now be sent a notification when the Access Authenticator license period is nearing expiration. See Settings screen for details.
- LDAP server settings can now be validated before saving. LDAP server settings can now be validated to ensure a connection can be made without errors prior to saving the LDAP settings. See LDAP Settings screen for details.
- Exit Point activation now prompts to activate the agent system. If an IBM i agent is deactivated and an administrator activates an Exit Point within the agent settings for that system and saves, the administrator is now prompted to activate the agent. See New/Edit System screen for details.
- Reliability improvements have been made to the Access Authenticator mobile app. The mobile app can now remain synced after the primary authentication manager has failed.
- Access Authenticator Roles have been added to Insite. See Roles in the Insite help for details.
- Installation Improvements. The Access Authenticator installation process has been enhanced and simplified.
- Improved Mobile App Synchronization. Primary and secondary authentication managers are now included in the syncing process, eliminating the need to re-sync the mobile app after authentication manager failover.
- Exit point authentication errors are now displayed as notifications in the Desktop Agent.
- Toggle buttons have been added to show/hide passwords in the Desktop Agent.
- A warning now notifies the administrator if all authentication methods are turned off.
- The exit point status is now evident as exit points are activated/deactivated.
- Usability/UI improvements have been made to the Email Settings screen, Access Authenticator Settings screen, New/Edit User Screen, and other areas.
- Access Authenticator documentation has been improved.
Access Authenticator has been released. Access Authenticator allows you to implement multi-factor authentication across your IBM i environment.
- Comprehensive Authentication Manager. Access Authenticator is administered from the HelpSystems Insite web interface. The authentication manager is a powerful tool that makes it easy to configure multi-factor authentication to meet your organization’s needs.
From here, you can import users from Active Directory, invite users to the self-service portal, and activate or deactivate multi-factor authentication for users and groups. Users can also be disabled without removing them from the database altogether.
- Intuitive User Portal. The self-service portal allows users to complete the Access Authenticator registration process. This easy-to-use portal is also where users maintain their authentication credentials and update their options.
In compliance with PCI DSS 8.2.2, which requires users to verify their identities before modifying any authentication credentials, users must verify their usernames and passwords before making changes to their accounts.
Multiple Authentication Methods. Access Authenticator allows administrators to select from several different methods of authentication for your users’ convenience and to meet your organization’s security requirements including:
One-time password generation
Biometric fingerprint scanning
See Access Authenticator for more product details.
See Access Authenticator Reference Manual for product documentation.