IBM i Password Self-Service iSeries PSS Profile Enablement
IBM i Password Self-Service PSS automation software enables users to reset passwords, re-enable their iSeries profiles and replicate their passwords to other AS400, AIX, Windows and Linux systems, saving IT resources and improving security. The Password Self-Service (PSS) tool streamlines password management into an autonomous process, empowering users on IBM iSeries Power AIX, Linux & Windows (including Active Directory) platforms (at the same time or independently) to securely reset their Passwords, enable their User ID or Workstation Device in a single action, using real-time authentication via email or phone, and without having to involve the helpdesk. Password Self-Sservice tool also quickly enforces your company password and sign-on policy across all your systems. Implementation is quick and simple, especially compared to Single Sign-on solutions. Registration is performed by your users. Administrators can allow users to define their own personal security questions and answers or chose from a predefined list of questions chosen by the Administrator.
Password Reset Self-Service software installs on any Windows, IBM iSeries or Cloud Server and supports IBM i AS400, Windows, Power AIX and Linux platforms currently. Additional platforms will be added soon (currently in development).
End-users who do not remember their password for a particular system or want to synchronize a new password across all or select systems, can be given the ability to do so on their own using a secure web browser. No longer do users need to escalate password reset requests to helpdesk. Password management is conducted through a web-facing portal that guides the user through a 3-step identification process that is both user-friendly and highly secure. PSS uses secured SSL-3 protocol to maintain the privacy of conversations with the authentication server, which can be on a private network or on a secured cloud.
From a single interface, Administrators simply select the preferred identification mode to implement for a particular set of users or user group (the list of active users, and user groups automatically populate from the User Management module). Security Officers can then easily define password criteria (e.g. length, special characters, expiration intervals, etc.) according to the desired policy. Rules for password criteria can be defined so that it meets system specific requirements across all available platforms. Rules can include use of tokens for passwords renewals, request answers to security questions, or both. A full audit trail of end-user password activity is available for Security Officers and Auditors.
PSS helps organizations:
Offload administrative password management procedures from helpdesk teams
Improve security through highly customizable user identification processes
Enforce password criteria and expiration interval controls
Synchronize new passwords across multiple systems and platforms
Maintain an audit trail of Password Activity Settings
How it works:
Step 1: User enters User ID in the PSS web portal (secured SSL-3 protocol to maintain privacy with authentication server which can be on a private network or on a secure cloud). Interface Option for IBM iSeries Users include both 5250 Green Screen and Secure Web Portal.
Step 2: User authenticates himself/herself through a predefined identification mode (both below modes can be chosen for added protection).
Authentication Method #1: Input token received via e-mail or SMS text message.
Authentication Method #2: Answer personal security questions.
Note: PSS manages token authentication using a variety of parameters and conditions the administrator will define:
a. Time period the token remains valid (in minutes - administrator defined)
b. Number of failed token attempts allowed before blocking user
c. Option to disable user profile for blocked users
d. Method of sending token – email or SMS
e. Option to skip stages for selected users
Step 3: The Administrator can define which systems password changes will be applied, according to a policy or allow the user to choose which systems by the System Name or IP Address at the time of reset.
Other related products:
One time token (OTT): A standalone authentication layer.
Single Sign-on (SSO): One screen logs on to multiple Windows and IBM i systems.
Password Synchronization (MPPS): Change password on one machine and have it changed automatically on other machines used by the same user.
Synchronization for IBM i (SII): Green screen software product that allows a single point of password management for several IBM i servers.
This provides comprehensive security, auditing and compliance solutions to help businesses reduce workloads, satisfy audit requirements and empower administrators to be proactive security threats. For over two decades, we have been providing solutions for mission critical environments including IBM i Series (AS400), IBM z (OS/390 Mainframe), IBM AIX (Power), Windows, Linux, Oracle, MS SQL, MySQL, DB2, Progress & Sybase. Our expertise and commitment to innovation enables us to offer the best of breed solutions to our customers.