The following is a list of frequently asked questions about i2Pass. If you have a question that is not covered here, ask us via email and we'll answer your question.
Yes. After the IBM i OS upgrade is complete and all IBM PTFs have been installed but before you put your system back into productive use, you must run the following command:
GRTOBJAUT OBJ(QSYS/ASSIST) OBJTYPE(*MENU) USER(I2PASSUSR) AUT(*EXCLUDE)
This is needed to avoid users bypassing the 2FA validation process during a normal signon. See the i2Pass User's Guide under the section titled "IBM i Security Loophole" for more information.
Yes, this is possible. To correct for this situation, we ship alternate signon screens for the system that remove the "Program/procedure" line from the signon screen. We also include step-by-step instructions on how to install the alternate signon screen objects and test them.
You can send the 2FA code to your cell phone as a text using your cell carriers email-to-text feature. Kisco can help you with this if you are unfamiliar. In fact, if you want, you can send the code both as an email message and via text. This is how we use the product internally here.
Your can enroll user profiles one at a time if you want to, but i2Pass also includes a batch enrollment utility that will let you enroll all active users or GENERIC* user profiles. We don't recommend that you do this while the software is installed on trial, but once you commit to i2Pass, it will simplify your activation process.
When you register a user profile in i2Pass, the initial program information is saved. When the two factor authentication process has been completed successfully, then your initial program will still be called.