iSecurity MFA

Our solution works in the easiest way possible, iSecurity Multi Factor Authentication inside the IBM i, as part of the user’s initial program, prompting for MFA at sign-on. 

No need for multiple login steps — one step is enough.

MFA works with every Authenticator App available in the Market. We use ANY Token generator, such as Google Authenticator on a mobile phone or by any hardware device. Freedom is part of our Multi Factor Authentication.

iSecurity MFA is the easiest system to use on the market. It can be ready for all your company’s IBM i systems to use in less than an hour. You don’t have to rewrite or recode a single module in your software.

New Features

Additional Support

  • Third-party web apps.
  • Desktop applications.
  • iSecurity GUI.
  • Authority Elevation inside Authority On Demand and Password Recovery inside Password Reset.
  • Support of release 7.6 new MFA exit point. Customers in release 7.6 can choose to make use of the alternative more convenient exit point IBM provides or remain with their traditional setting.
  • Possibility to set the TOTP defining per the organization requirement re TOTP secret key and Emergency tokens. Setting is in 81.
  • The GETMFA Command has a new parameter MFA(*CHECK). When used, an *ESCAPE message is sent when the MFA validation fails. This enables adding it before sensitive operations. It does respect the safe time after successful authentication.
  • New programmatic check to see in session is in safe mode added. Done by API -MFCHECKR that retrieves the MFA status of a User+IP. Using it enables WEB and GUI applications to request MFA only when needed. It returns:
    • *NOMFA – No MFA needed
    • *MFAREQ – Mfa required
    • *MFAACTmm -Safe time left in minutes
    • *REJECT – Action rejected
  • Protection of Shares has been improved. It is now using a separate safe time value.
  • Adding, Changing, Deleting of Person and its UsrPrfs can now be done by commands. This enables on board high number of users in an alternative way, that some customers prefer. The commands are:
    • Create a person
    • Add/Rmv a user of a Person
    • MFA Setting for Persons
    • Send Secret Info to Person
    • Delete a person

Key Features

One MFA authentication covers all of a person’s activity from the same IP range for a specified amount of time. You can specify whether it is requested when the access is from inside or outside that person’s pre-approved ranges of IP addresses.

Some users may have multiple profiles to access different systems. iSecurity MFA introduces the concept of a person rather than based on profiles. When a person is authenticated once (including the IP group), users can access using any of their user profiles.

Other implementations require complex systems and hardware devices to meet the requirements on Multi Factor Authentication. Here at Raz-Lee, we like to keep things simple. Our solution follows a pure IBM environment standard, and can be implemented in one hour.

MFA only uses standard applications on it and on smart phones. There is no need for additional hardware server, another operative system server nor special apps on phones and/or PCs.

One MFA is good enough for all of a Person’s activities, from the same IP, for a specified time. This includes:

  • Secure Sign ON
  • FTP Server
  • REXEC
  • FTP Client
  • ODBC
  • File Server
  • Remote PGM/CMD
  • DDM/DRDA

Users of Radius, Oauth2, OpenID (PingID) can get authenticated by one of these apps, MFA will continue having these apps in control of the users, eliminating the need for additional authentication.

Flexible Verification Options – Organizations can choose from a wide variety of factors, including:

  • OTP and TOTP
  • Raz-Lee’s MFA Mobile App
  • Third-party MFA solutions like Duo, Okta, PingID, and more
  • Industry standards such as OAuth2, OpenID, or Radius

The MFA Mobile App provides a secure and user-friendly way to add strong authentication without complicating access. It enables users to approve login requests or generate one-time passwords directly from their mobile device, ensuring that access is granted only after a second, trusted factor is verified.

Fully integrated with Raz-Lee iSecurity MFA, the mobile app supports policy-based authentication, reduces reliance on SMS or hardware tokens, and delivers a smooth, modern authentication experience while significantly strengthening protection against compromised credentials.

With Web-MFA, organizations can seamlessly integrate their websites and web applications with iSecurity MFA—with minimal development effort and no disruption to existing systems.

The solution offers exceptional flexibility, supporting leading authentication technologies such as DUO, PingID, OTP, TOTP, and Raz-Lee’s MFA Mobile App. This allows organizations to define and enforce authentication policies that align with their security strategy and user experience requirements.

Whether protecting internal web portals or customer-facing applications, Web-MFA makes it easy to apply consistent, enterprise-grade MFA across your digital environment, reducing risk while strengthening access control.

Secure more. Integrate faster. Control authentication everywhere.

Based on Clients Experience

iSecurity Multi Factor Authentication

Business Vertical: Finance & Banking.

Need: Zero Trust Architecture Implementation for IBM i Focused on Exit Point and User Security.

“Securing the access with Multi Factor Autentication based on the IP of the User its a great way to manage if they need or not to use the featured based on their location, also it can be configured to block access if its on a non secure location, the flexibility for creating rules is for me the best feature, protecting by User, Work schedule, including all protocols like TCP/IP, FTP, Telnet, WSG, Passthrough, etc…”

Resources

Product Documentation

Related Webinars

Request Demo

Please fill the following Form, our Sales Representatives will contact you as soon as possible.