User Authentication
If you are using a mobile device or YubiKey, after you have registered the device, you are ready to authenticate. If you are using the Soft Token or Printed List of OTPs, registering a device is not required.
Authenticating an Interactive IBM i Sign On
- Sign on to the IBM i system your administrator has configured with Powertech Multi-Factor Authentication. Or, run a program secured by your administrator. When you do, a screen with one or more of the possible authentication methods appears:
- Enter 1 next to the authentication method you would like to use, and do the following to authenticate:
- For One-Time Password (OTP), open the mobile app and enter the six-digit number from your mobile device into the IBM i prompt, then press Enter.
- For Mobile Push Notification, open the notification using the Powertech Multi-Factor Authentication mobile app and tap Accept.
- For Biometrics (Mobile Fingerprint Scan), open the notification using the Powertech Multi-Factor Authentication mobile app and tap Accept, then scan your fingerprint.
- NOTE: See Troubleshooting Authentication with your Mobile Device if you have difficulties authenticating with your mobile device.
- For Printed list of backup OTPs, enter a valid six-digit password, then press Enter.
- For YubiKey ID, insert the YubiKey and press (short press) the YubiKey button.
- For Soft Token:
- On your PC, click the HelpSystems icon in the Windows System Tray and choose Soft Token.
Alternatively, you can click the button in the upper right of the Desktop Agent. The Soft Token entry panel appears.
NOTE: Here, you can click Manage Pin to login to the User Portal where you can set your pin. - Enter the pin configured in step 6 of the User Setup Procedure. The One-Time Password appears.
- Enter the six-digit number displayed on the Soft Token panel into the IBM i prompt, then press Enter.
- On your PC, click the HelpSystems icon in the Windows System Tray and choose Soft Token.
- If authentication is successful, you are allowed to sign on.
Authenticating an FTP IBM i Sign On
If you are signing on using an Exit Point, like FTP, the Powertech Multi-Factor Authentication Desktop Agent must be installed and running (See User Setup).
- Connect to the IBM i via FTP and sign on.
- The Powertech Multi-Factor Authentication Desktop Agent appears on your Windows workstation.
- To allow the connection, click Allow. For Device, click the drop-down arrow and select the device you will use to authenticate. You are presented with one or more authentication options. Use one of the following methods to authenticate:
- Click One-Time Password (OTP), then open the Powertech Multi-Factor Authentication mobile app. Enter the six-digit number from your mobile device into the Desktop Agent, then press Enter or click Submit.
- Click Push Notification, the open the notification using the Powertech Multi-Factor Authentication mobile app and tap Accept.
- Click Mobile Biometrics, then open the notification using the Powertech Multi-Factor Authentication mobile app and tap Accept, then scan your fingerprint.
- For YubiKey ID, click Not ready. Click here. if shown. Insert the YubiKey and press (short press) the YubiKey button.
- For Printed list of backup OTPs, enter a valid six-digit password, then press Enter (or click Submit).
- If authentication is successful, you are granted access.