Edit Default System
The settings on this page allow Powertech Multi-Factor Authentication administrators to configure the default action to perform (allow or deny) for IBM i user profiles not allocated to an Powertech Multi-Factor Authentication user on systems that authentication is enabled on.
Upon signing on to a system secured by Powertech Multi-Factor Authentication with a user profile not attached to an Powertech Multi-Factor Authentication user, Powertech Multi-Factor Authentication first consults the settings for that system in its Edit System screen. If 'Use Agent Defaults' is set to On, or the user profile is otherwise allowed by the individual system's settings, Powertech Multi-Factor Authentication defers to the settings on this screen.
Administrators can then allow or deny access for individual new user profiles as exceptions to the default action.
This page also allows administrators to change the default authentication status (enabled or disabled) for each exit point.
How to Get There
In the Navigation Pane, choose Agents, then Systems Defaults.
Options
Default Unassigned Profile Action: Deny users access • Allow users access
Choose 'Deny users access' to reject login attempts by IBM i user profiles unfamiliar to Powertech Multi-Factor Authentication. Choose 'Allow users access' to grant access to user profiles unfamiliar to Powertech Multi-Factor Authentication. Unassigned users that have been granted access will inherit the user settings of the Default Group. See Users screen.
Unassigned Profile Action
If any of the profiles in this list come through one of the system's exit points, and Powertech Multi-Factor Authentication can't find an Powertech Multi-Factor Authentication user attached to that profile to challenge for authentication, Powertech Multi-Factor Authentication will check the Unassigned Profile Action setting for that user profile. If it is set to Allow, the user will not be challenged with an authentication request and will be permitted to sign on. If the user is set to Deny, they will be denied access.
Add Profile • Remove
Click Add Profile to open the Select Profiles screen, where you can choose a profile on the selected system. Select a user and click Remove to remove that user from the list.
[profile list]; Deny • Allow
Choose 'Deny' from the drop-down list adjacent to a user to reject login attempts by that user. Choose 'Allow' to grant access to the adjacent user.
Exit Points; Activate • Deactivate
Check the exit points you would like to activate or deactivate. Whether the exit point is set to activated or deactivated initially depends on the system's default settings when added to Powertech Multi-Factor Authentication. Powertech Multi-Factor Authentication supports the TCP Signon Server, REXEC Server Logon, FTP Server Logon, and FTP Server Requests exit points. Click Activate to secure them with Powertech Multi-Factor Authentication. Click Deactivate to stop securing them with Powertech Multi-Factor Authentication.