IBM i 7.6 MFA – Go Pro with iSecurity MFA

With the release of IBM i version 7.6, IBM has introduced advanced native multi-factor authentication (MFA) capabilities, including support for time-based one-time passwords (TOTP). MFA is a vital component for securing systems that run mission-critical business applications, and we’ve been committed to helping organizations implement MFA on IBM i for exactly this reason.

We extend our sincere thanks to IBM for making this important security feature a native part of the operating system. This initiative significantly enhances the platform’s security posture and contributes to a stronger security culture across the IBM i community.

IBM i 7.6 Native MFA Overview

This update enables secure authentication across multiple access points, such as green-screen and FTP sign-ons, without requiring a direct network connection between the authentication device and the IBM i system.

How iSecurity MFA goes Beyond IBM i 7.6 ?

iSecurity Multi-Factor Authentication (MFA) features unique advantages while has been built upon native features by offering:

Centralized Management: Streamlines user identity authentication and maintenance across multiple systems, facilitating efficient onboarding and offboarding.

Freedom of Authentication Choice: Supports authentication using Google Authenticator or any other free authentication app, giving users flexibility in securing their accounts.

Integration with Existing Authentication Infrastructure: Compatible with services such as Duo, Okta, Microsoft Entra ID, and RSA SecurID through RADIUS support, allowing users to continue with familiar authentication methods.

Support for multiple authentication methods: Includes options like desktop authentication agents, one-time password lists, and TOTP.

MFA App with biometric authentication: Enables authentication using fingerprints or face recognition, depending on the smartphone’s capabilities, enhancing security and convenience.

Protection on all Protocols and Exit Points: Verification includes Regular Sign On, as well as TCP services such as FTP, ODBC, REXEC, IFS share, etc.

User-friendly Device Management: Allows end users to securely add their own mobile authentication devices via a browser-based interface, eliminating the need to store sensitive TOTP initial or recovery keys elsewhere.

Complete Audit Trails: Provides records of both failed and successful MFA attempts, as well as changes to MFA configurations, which are crucial for compliance.

SIEM Integration: Enables authentication events to be sent to a Security Information and Event Management (SIEM) solution, extending the audit trail through secure remote logging.

Most significant advantages of iSecurity MFA

IBM i OS7.6 supports only TOTP. iSecurity MFA supports multiple types.
Looks at a Person. Person may have multiple User Profiles on multiple Systems. Once an MFA was done to any of the Person’s users, the “safe interval” that subsequent authentications will be allowed without passing a new MFA refers to all the Upper Profiles of the Person. Just imagine the relief provided to one that is used to SignOn to multiple user profiles or on multiple system.
Scope of product can be one system or the organization as a hole. With the approach of organization as a hole, person’s valid authentication is considered on all systems. Also, efforts and define and controls are minimized.
Valid authentication is considered safe ONLY IF IT IS FROM THE SAME IP.
iSecurity MFA controls beside Interactive ACS/5250 also SignOns from FileShare, FTP, and other TCP services. This can be set per person.
We have our own mobile App (Apple store, Goole store) that can be used. It simplifies the process especially when controlling SignOn which are not from Interactive ACS/5250.
iSecurity MFA mobile App enables recognition by Finger Prints, Face Recognition, Patterns etc.
Already have MFA in your organization? We shall use it as a confirmation method for IBM i SignOns.
Should MFA “safe interval” be valid for same user if he SignOn from different Ips (i.e. locations) as it is now in IBM i OS7.6 ? iSecurity MFA enables “safe interval” only if it is from same IP.
iSecurity MFA can work differently based on the locations where the person is expected to work from.
iSecurity MFA can work differently for each type of SignOn.
iSecurity MFA provides convenient history logs and reports.
iSecurity MFA provides ability to control or end “safe interval”.

iSecurity MFA Go Pro with our own Authentication APP

The all New MFA App with Biometric Authentication enables te use of Fingerprints, Patron, Pin or Face Recognition, depending on the smartphone’s capabilities, enhancing security and convenience. Linking everything with your Smartphone so you dont have the need to enter to different applications to authenticate.

By using iSecurity MFA, organizations benefit from enhanced authentication security, improved user management, and seamless integration with a wide range of authentication solutions.

Thanks to Raz-Lee’s advancements, businesses can enjoy increased flexibility, superior biometric authentication, and a more comprehensive audit trail, ensuring robust security while maintaining compliance.