Work with Profiles for SecurID Agent screen

The objective here is to allow the activation and deactivation of SecurID authentication. All of the IBM i profiles with a name that matches the previously selected name or pattern are displayed here, with the exception of QSECOFR. SecurID authentication can be activated and deactivated where required.

NOTE: Deactivating SecurID authentication means that the profile will no longer pass through the SecurID authentication process when signing on to the IBM i.
WARNING: When attempting to activate SecurID authentication against QSECOFR, a warning splash screen is displayed. This screen outlines the potential risks of such action. For example, if the agent's Initial Program does not exist or is inaccessible (e.g. damaged), QSECOFR may not be able to sign on. Such a situation impacts other User Profiles and not just QSECOFR. However, being the most powerful profile, the main consideration is that in the case QSECOFR is not able to sign on, some activity may not be able to be performed by any user profile on the system. Consequently, a lengthy restore activity and/or even a system reset could be required just to ensure QSECOFR can sign on. In addition, as with requiring the use of DR or HA, this sort of obstruction is most likely at the most inopportune time.

How to Get There

From the Master Menu, choose 1. Proceed with the Powertech RSA SecurID Agent Maintenance procedure until you reach this screen.

Options

2=Activate
Choose this option to activate SecurID authentication for the user. This means the profile will be challenged with SecurID authentication when they sign on to the IBM i.

4=Deactivate
Choose this option to deactivate SecurID authentication. This means the profile will no longer be challenged with SecurID authentication when they sign on to the IBM i.

NOTE: Users who have upgraded from version 9.9: Now that Powertech RSA SecurID Agent for IBM i has different object owners (PTADMIN and PTUSER), the legacy owner profile, ACEDTI, is removed during a product upgrade. However, if the ACEDTI profile is recreated and had been configured for SecurID authentication, selecting the option to deactivate SecurID authentication against ACEDTI removes that profile's details from within the agent. Previously, selecting "4=Deactivate" against ACEDTI would only deactivate the SecurID authentication.

5=Profile Details
Choose this option to display details of the selected user profile.

7=IBMi Restricted State
Choose this option to switch on / off access for when IBM i is in a Restricted State.

NOTE:

This option should only be used after due consideration. Switching on the access provides the potential for the User Profile to access the IBM i system when in Restricted State.



When using this option, it acts as a 'toggle button'. In other words, if access is currently on, selecting this option again will switch off the access. Similarly, if access is off, selecting the option will switch on the access.

 

When 'on', a 'Y' will be displayed under the 'RS' part of 'EA: RS AM'.

'EA' is short for 'Emergency Access'.

9=Auth Manager Unavailable
Choose this option to switch on / off access for when RSA Authentication Manager is unavailable.

NOTE:

This option should only be used after due consideration. Switching on the access provides the User Profile with access to the IBM i system when none of the configured RSA Authentication Managers and/or 'Replicas' can be reached, by the IBM i system.

 

When using this option, it acts as a 'toggle button'. In other words, if access is currently on, selecting this option again will switch off the access. Similarly, if access is off, selecting the option will switch on the access.

 

When 'on', a 'Y' will be displayed under the 'AM' part of 'EA: RS AM'.

'EA' is short for 'Emergency Access'.