Emergency Override Setup screen

The objective of this program is to allow you to setup the global emergency override switch within the software.

WARNING: Depending on the switch, the user profile could be allowed access to the IBM i without attempting any connection to the Authentication Manager. This is the first layer switch. The Emergency Override function also depends on the user profile level setting within the "Powertech RSA SecurID Agent Maintenance" screen.

How to Get There

From the Audit Configuration and Reporting screen, choose 3.

Options

Allow Emergency Override

Enter a 'Y' or an 'N'.

If this field is set to 'Y', the user profile is eligible to access the IBM i, depending on the setup within the Powertech RSA SecurID Agent Maintenance screen. The following applies:

If the user profile is eligible for Emergency Access during Restricted State the user is allowed access without attempting any connection to the Authentication Manager.
If the user profile is eligible for Emergency Access due to the Authentication Manager being unavailable the user is allowed access.

NOTE: If the user profile is allowed access when Authentication Manager is unavailable but NOT when the IBM i is in Restricted State, the user should NOT gain access when IBM i is in Restricted State. The IBM i in Restricted State and Authentication Manager not being contactable are to be treated as separate situations that are mutually exclusive.
If this field is set to 'N' the user profile is not allowed to bypass the Authentication Manager.

The following four fields are reference purpose only. The default value will be shown on each field below.

Activity Journal Name

The reference to 'activity' means job/user activity. For example, accessing the IBM i system when it is in 'Restricted State'. For this type of activity to occur, 'Emergency Access' would need to have been activated.

These job/user activities will be collected within the journal defined in this field. The default value will be set to "ACEACTJRN".

Journal Library

The library where the journal is to be created. By default, the value will be "@ACE".

Activity Receiver Prefix

The receiver name prefix to be attached to the specified activity journal. By default, the value will be set to "ATV*".

Receiver Library

The library where the receiver is to be created. By default, the value will be "@ACE".

Time Period of Suppression • Use QINACTITV System Value

Use these parameters to control authentication suppression, which is a global SecurID Agent setting that reduces the number of times a challenge (for your SecurID Passcode) is required.

Time Period of Suppression allows an administrator to specify the period of time, in minutes, authentication will be suppressed per each IBM i interactive session. After an initial authentication request, the user will not receive additional authentication requests during that session until the time period has expired. A valid value is between 0 and 300.

Use QINACTITV System Value

This allows you to use IBM i system value of QINACTITV for the authentication time period.

NOTE: Value of Time Period of Suppression must be set to 0 in order for Use QINACTITV System Value to be set to Y.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
9.13 | 202403280913 | March 2024