Multi-factor Authentication on IBMi

Boost your security, protect your data, and fortify your digital fortress with Multifactor Authentication (MFA) on IBMi. In an era where cyber threats are becoming more sophisticated than ever, it's crucial to go beyond simple password protection. MFA provides an additional layer of security, ensuring that only authorized users gain access to your valuable resources.

Why is Multifactor Authentication on IBMi so important?

• Defend Against Unauthorized Access: With traditional password-only authentication, a single compromised password can spell disaster. MFA requires users to provide multiple pieces of evidence to verify their identities, such as a password, fingerprint, smart card, or one-time passcode. This greatly reduces the risk of unauthorized access, even if a password is compromised.

• Strengthen Data Protection: IBMi hosts a wealth of sensitive data, from financial records to customer information. Multifactor Authentication adds an extra layer of protection to this data, making it significantly harder for cybercriminals to breach your system. By requiring multiple factors for authentication, you create a robust defense against data breaches and identity theft.

• Mitigate Insider Threats: Unfortunately, not all threats come from external sources. MFA helps mitigate insider threats by ensuring that employees or privileged users authenticate themselves through multiple factors. This not only protects your data from malicious insiders but also serves as a deterrent against unauthorized activities.

• Compliance with Regulations: Many industries, such as healthcare, finance, and government, have strict regulatory requirements for data security. Implementing Multifactor Authentication on IBMi helps you meet these compliance standards. By proactively adopting advanced security measures, you can avoid penalties, maintain customer trust, and safeguard your organization's reputation.

• User-Friendly Experience: Contrary to popular belief, Multifactor Authentication doesn't have to be complicated or burdensome. IBMi offers a variety of MFA methods that are user-friendly and seamless. From mobile apps to biometrics, there are options that align with your users' preferences, making authentication a smooth and convenient experience.

• Future-Proof Your Security: Cyber threats are constantly evolving, and organizations must stay one step ahead to protect their critical assets. Multifactor Authentication is a proactive approach that helps future-proof your security infrastructure. By adopting MFA on IBMi, you demonstrate your commitment to staying ahead of emerging threats and safeguarding your organization's digital future.

Assure Multi Factor Authentication as a module works with Enforcive and Precisley's Assure Enterprise security product. So you have the choice, if you want to keep the cost down by starting small but still strengthening your IBMi this module is for you.

At KDP, we understand the importance of security in today's interconnected world. Our experts specialize in implementing Multifactor Authentication solutions on IBMi, tailored to your specific needs. We offer seamless integration, comprehensive support, and user training to ensure a smooth transition and optimal security posture.

Don't wait until it's too late. Strengthen your defenses with Multifactor Authentication on IBMi today! Contact us using the ask a question tab on the left side of this page to learn more and schedule a consultation with our security experts. Your data deserves the best protection possible.

Assure works with Radius to generate tokens or it will generate a ODA token for you and can be configured to send it by email or text, or it can be configured to use Google's Authenticator.

Below are some example screens.

The first Sign-on screen here is configured in a sub-system to only show user ID and password, the user cannot enter initial program, menu or library, the MFA rule will take care of that after sign-on.

Next is the additional authentication screen 

With Assure MFA you able to configure the lifetime of the ODA code.

If you want additional authentication you can ask the user to enter answers to pre configured questions.

After this screen and after any configured additional startup jobs are completed the user is presented with their initial display.

Using Multi Factor Authentication for a more modern interface

I have configured Multi-factor Authentication for Access to the IFS via ACS using the Google Authenticator on an iPhone.

This requires the use of a Radius server, I have configured Freeradius on a Linux box as my Radius server, I have also installed the Google Authenticator.

For this you need a user profile and home directory on the linux box. When registering the Google Authenticator the registration process saves the google files in a users home directory and and displays the QR code so configuration can be completed on the iPhone using the google app. 

This example uses Enforcive's file server interface and can trigger different MFA rules for different file server functions.

I can set the same rule for all file server functions. Here I have only configured the Allocate Conversation

Using the Assure MFA web based listener, it will prompt me for a code once Enforcive triggers the MFA rule.

The great thing about the Google authenticator is that I don't have to wait for a code to come thru via email - I already have one on my iPhone which the Google Authenticator validates via my radius server. This code is only valid for 30 seconds. pet105 is the name of my radius server.

Once Enforcive triggers the MFA Rule the web listener presents me with a prompt to enter a password and a code as one string which the radius server authenticates with Google.

Once the code is validated and accepted, I gain access to the IFS.

And the resource I need to use is presented.

If you are using Enforcive contact us for more information.

Contact us using the ask a question tab on the left side of this page.