OTP and Mobile ActiveCode authentication
IBM® Security Access Manager for Enterprise Single Sign-On supports the use of one-time passwords (OTP) and Mobile ActiveCodes (MAC) to authenticate users that log on to corporate VPN servers, AccessAssistant, or Web Workplace.
One-time password
One-time password is a randomly generated password, intended only for one user for a specific time and purpose. The OTP is provided to the user either through SMS or an OTP token.
OTP is used as an authentication factor for users to log on to AccessAssistant or Web Workplace. OTP is also used for applications that use the IMS Server as the authentication server through RADIUS.
You use AccessAdmin to:
- Assign an OTP token to a user or revoke an OTP token from a user.
- Enable or disable authentication with an OTP token for an authentication service.
IBM Security Access Manager for Enterprise Single Sign-On supports the OATH HOTP algorithm and selected vendor-specific OTP algorithms. IBM Security Access Manager for Enterprise Single Sign-On supports Authenex A-Key OATH-only token without USB interface (OATH-based OTP).
OTP token authentication is centrally logged in the IMS Server. Administrators or Helpdesk officers can view the audit logs through AccessAdmin, including logs that are reported by AccessAgent.