Advanced tab - 7.0

Assure Security Web User Interface Guide

Version
7.0
Language
English
Product name
Assure Security
Title
Assure Security Web User Interface Guide
Copyright
2024
First publish date
1999
Last updated
2024-10-15
Published on
2024-10-15T10:28:29.100769

The Advanced tab fields identify programs and commands to be run when the rule is selected by the MFA rules engine to authenticate a request.

When a field or value has a different name than its 5250 user interface equivalent, the 5250 name is shown in parentheses () at the end of the description.

Message

Identifies the message to display in the authentication challenge. When the rule's Action is Challenge User Interactively, the specified message is displayed on the MFA Authentication screen. When the Action is Challenge User In Listener, the message is displayed in the configured listener's screen. (5250 field: MSG (lib/msgf/id))
  • None - No message is displayed.
  • Specify - When selected, the following fields identify the message to display and its location on the system.
Field Description
ID Identifies the message ID. The message ID must be 7 characters in length. The first character must be an alphabetic character. User-defined messages must begin with 'U’. The next 2 characters can be any alphanumeric characters. The last 4 characters must consist of numbers ranging from 0 through 9 and characters ranging from A through F.
File Identifies the message file name. The first character must be an alphabetic character or one of the following: $, #, or @. The remaining 9 characters may be a combination of any alphanumeric characters and the characters $, #, @, _ (underscore), . (period). The value *IJRN is also allowed.
Library Identifies the library containing the message file. The first character must be an alphabetic character or one of the following: $, #, or @. The remaining 9 characters may be a combination of any alphanumeric characters and the characters $, #, @, _ (underscore), . (period). The value *IJRN is also allowed.

Hosted initial program

Identifies the program and library of a hosted initial program. The specified program is invoked after the user profile is authenticated. This field is only displayed for Sign-On rules.
  • None - No initial program is invoked.
  • Specify - When selected, the following fields identify the name and location of the hosted initial program.
Field Description
Program Identifies the initial program to be invoked. The first character must be an alphabetic character or one of the following: $, #, or @. The remaining 9 characters may be a combination of any alphanumeric characters and the characters $, #, @, _ (underscore), . (period).
Library Identifies the library containing the initial program. The first character of the library name must be an alphabetic character or one of the following: $, #, or @. The remaining 9 characters may be a combination of any alphanumeric characters and the characters $, #, @, _ (underscore), . (period).

Commands

The following fields display the IBM i commands to send messages to users, update user profiles, send messages to administrators, or execute custom commands when access is granted or rejected. Some command fields have a default command that is determined by the rule category and other settings.
Field Description
Send password Identifies the command used to send newly changed passwords to the user. Passwords are sent via email. If no email address is specified for the user in their MFA user profile, the password is displayed in the 5250 screen. This field is only displayed for Reset Password rules.
Deny decision Identifies a command to run to perform an action when a user profile is denied authentication by the rule. Commands can be used here to disable a user profile or send an alert to an administrator.

SQL Access rules and File Access rules use the command in this field to deny access for an unexpected update of a sensitive file. (5250 field: Reject command)

Allow decision Identifies the command run to send a message or perform an action when a user profile is authenticated by the rule. This command can be used to send email messages to an administrator. (5250 field: Accept Command)