Defining Persons
Multi-Factor Authentication, as well as iSecurity Authority on Demand and Password Reset, manages user information in terms of Persons. Since multiple users on multiple system might all be the same person, Multi Factor Authentication (MFA) groups them together. Thus, for example, if a person has been successfully authenticated as a particular user on one system, attempts to access related systems by that same person using other user names in a allotted period of time will also be accepted without needing to be authenticated again.
To define and work with persons, select 1. Persons from the Multi Factor Authentication (MFA) main menu. The Persons menu appears.
| PERSON Persons PR System: RLDEV Persons and Users Service 1. Persons Information 22. Delete Orphan Definitions 3. Persons by Users 5. Local Users Not in Persons Maintenance 11. Find/Rpl/Remove UsrPrfs of Persons 12. Send Person Keys 13. Replace System of UsrPrfs of Persons 19. Maintenance of Person/Users Selection or command: ===> F3=Exit F4=Prompt F9=Retrieve F12=Cancel F13=Information Assistant F16=System main menu |
To display and enter information concerning each user, select 1. Person Information from the Persons menu (STRMFA> 1). The Work with Persons screen appears:
| Work with Persons Subset by text . . . . by User Profile. Type options, press Enter. by TOTP Qst MFA Y,N,S 1=Work with 3=Rename 4=Delete 7=Questions 8=TOTP 9=MFA Opt Person Name Qst TOTP MFA DB1 Ilan 2 Yes HAIM Attia Haim 4 Yes Yes HAIM2 Attia Haim Yes JAVA JAVA 2 KOBI Saada Kobi Yes TEST TEST MARY Mary 6 Yes MFATEST MFA TEST 4 Yes Yes TEST2 TEST 2 MOTIW W Moti OD VA 1 Yes OS HG PEPE CUEVAS PEPINO 6 Yes PSNDUO DUO More... F3=Exit F6=Add new F12=Cancel |
The body of the screen contains a line for each user. Each contains the following fields:
Person
A unique identifier for the Person.
Name
The family name and first name of the user.
TOTP
If set to Yes, a Temporary One-Time Password for MFA is defined for this person.
MFA-Rqd
Whether MFA is required for this person.
Qst
The number of personal questions and answers defined for this person.
To add a new person, press the F6 key from the Work with Persons screen (STRMFA> 1 > 1). The Add New Person screen appears, as shown in Adding a New Person.
To modify a person, enter 1 in the Opt field for the person on the Work with Persons screen (STRMFA> 1 > 1). The Modify Person screen appears, as shown in Modifying a Person.
To define a person's private questions for Password Reset, enter 7 in the Opt field for the person on the Work with Persons screen (STRMFA> 1 > 1). The Modify Person Identification Questions screen appears, as shown in Managing Private Questions for a Person.
To send a person's key for Temporary One-Time Passwords or Emergency codes to them, select 12. Send Person Keys from the Persons menu (Multi Factor Authentication (MFA) > 1). The Send Person Keys (SNDPRKEY) screen appears, as shown in Sending Keys for a Person.
To find, remove, or replace a Person's user profiles or replace systems, select 11. Find/Rpl/Remove UsrPrfs of Persons or 13. Replace System of UsrPrfs of Persons as appropriate from the Persons menu (STRMFA> 1). The Replace Person's UsrPrfs (RPLPRUSR) screen appears.
| Replace Person's UsrPrfs (RPLPRUSR) Type choices, press Enter. User . . . . . . . . . . . . . . Name, generic*, *ALL From system . . . . . . . . . . Name, generic*, *CURRENT... To system, *REMOVE or *PRINT . . Name, *CURRENT, *REMOVE... Bottom F3=Exit F4=Prompt F5=Refresh F12=Cancel F13=How to use this display F24=More keys |
This command could be useful in duplicating a person's user profiles from one system to another.
The body of the screen has three fields:
User
The name of the person or persons. It can be a name, a generic* name, or *ALL.
From system
The system containing the original user profiles. It can be a name, a generic* name, *CURRENT, or *ALL.
To system, *REMOVE or *PRINT
If you are replacing user profiles, the name of the system to which they should be copied from the system in the previous field.
To remove user profiles from the system in the previous field, the string *REMOVE.
To print a listing of user profiles from the system in the previous field.
NOTE: Transferring users to a DR system. Person records include the original system name associated with each user profile. Following a switch to a DR system, it is necessary to update the system name to reflect the new environment. Use option 13. Replace System of UsrPrfs of Persons from the Persons screen (STRMFA > 1) to perform this update.
NOTE: Moving an IASP to a different system. When an IASP is moved to another system, user profiles within the Person records retain the original system name. To ensure correct system identification, use option 13. Replace System of UsrPrfs of Persons from the Persons screen (STRMFA > 1) to modify the system name accordingly.