i2Pass provides extra security protection for IBM i (Power i, iSeries, AS/400) applications by implementing two factor authentication.

It works either with 5250 terminal session connections or with your own applications. For 5250 logon sessions, i2Pass lets you also control access based on the IP address for the terminal session.

Your passwords can be compromised when using Telnet and other products over the Internet. “Hackers” and “snoopers” can pick up your user profiles and passwords and then use them to access your IBM i.

i2Pass gives you additional protection by implementing a two factor authentication requirement for specific signon devices and users. This extra layer can be authorized through mobile authenticators such as DUO, or through one-time pass codes sent via email or SMS.

Since version 4, i2Pass is available with native Bluescape web UI at no additional cost.

Mobile Authenticator Applications

This feature requires a Level 2 kConnect license. kConnect is our web service API connector utility. We use it to expand our software capabailities with native connectors to 3rd party services.

DUO (and other mobile authenticator applications) is a third party service that uses a mobile phone app to authenticate user login requests. When this feature is enabled, users will receive authentication alerts from the DUO mobile app whenever they try to login to configured devices on the IBM i.

When i2Pass and kConnect are installed on the same LPAR, administrators can enable the integration with a few simple changes in the i2Pass global settings:

DUO can then be entered as a notification option in the user configuration:

All software features, including the DUO integration, can also be configured via the web:

Authenticating with Email and SMS

In a traditional MFA implementation, single-use authentication codes are sent to the user via email and/or SMS. Text messages can either be sent vie SMTP-to_Text (as supported by your mobile carrier) or via native SMS integration with 3rd party services, such as Twilio. Sending auth codes via native SMS requires a Level 1 license for kConnect.

Users can self register their notification preferences. The first time a user signs on after they have been registered, they will see this display

After entering the address (or addresses) that they want to use, a validation process will authenticate the address. Once completed, when a signon is in process, a second authentication code is automatically generated and emailed to the user and then requested to complete the signon process. When a code is sent by email, it must be used within a 15 minute window. After 15 minutes, it will expire and cannot be used.

While the second factor code is in transit, your signon process is suspended with the following screen contents showing on your display:

The two factor authentication can also be used from within your own applications. APIs (Application Program Interfaces) allow you to call our routines to generate the second authentication factor and email it to your user along with subsequent validation of the combination of user and secondary code.

An option in the software can be set to require that the user's password be re-entered when the 2FA code is entered. This may be needed to satisfy certain security requirements for some customers.

i2Pass can also be used to pre-generate a set of two factor authentication codes and produce them on a listing. These can then be used to establish a remote connection. As each code is used, it is retired. Additional codes can be generated as needed and new listings of pre-generated codes can be made. This will come in handy when a user does not have immediate access to instant email.

Licensing

i2Pass is licensed based on the serial number where the software is installed. Unlimited user licenses are available for single or multiple LPAR packages.

Contact us for more information

Ordering Information

i2Pass is available for FREE 30 day trial.

Place your order here for a FREE trial of i2Pass.