Welcome to Powertech Multi-Factor Authentication
Powertech Multi-Factor Authentication allows administrators to ensure only authorized users are granted access to their IBM i systems by requiring two pieces of evidence in order to validate each user's identity, a method of access control known as multi-factor authentication. Powertech Multi-Factor Authentication allows network users to easily register a mobile device or YubiKey to act as the second authentication factor, in addition to their IBM i or Active Directory credentials.
Powertech Multi-Factor Authentication is designed to challenge users as they access the IBM i. It can be used to sign on to interactive sessions or when FTP is used to connect to the system.
The installation components required to administer the authentication process include:
- Version 1.15 or higher of Insite Server. HelpSystems Insite is the web browser interface used to manage Powertech Multi-Factor Authentication.
- The Authentication Manager Server. The Authentication Manager is Powertech Multi-Factor Authentication's central processing component.
- The Data Services Server. The Data Services includes Powertech Multi-Factor Authentication's database and backup, recovery, and HA services.
These components can be installed together on one server, or divided on two or more servers. For example, in one possible configuration, the Insite server can be installed where users can connect, and the Authentication Manager Server and Data Services can be installed together on a different server. (These systems can be Windows servers, or Linux or Unix systems.)
See Administrator Setup Procedure for details on configuring and administrating Powertech Multi-Factor Authentication.
The installation components for user authentication include:
- The Android app. This app, available from Google Play, can be used to authenticate using Android.
- The iOS app. This app, available from Apple, can be used to authenticate using an iPhone.
- The Desktop Agent. This desktop application can be used to authenticate connections made through methods outside of traditional log on screens (like FTP).
The administration and configuration of Powertech Multi-Factor Authentication is done from a connection with the Insite server. Network users can register their devices using a URL provided via an email they receive after enrolling with Powertech Multi-Factor Authentication.
See User Setup Procedure for details on setting up Powertech Multi-Factor Authentication for authentication.
See User Authentication for details on how to authenticate using Powertech Multi-Factor Authentication as an end user.