IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

OTP and Mobile ActiveCode authentication

IBM® Security Access Manager for Enterprise Single Sign-On supports the use of one-time passwords (OTP) and Mobile ActiveCodes (MAC) to authenticate users that logon to corporate VPN servers, AccessAssistant, or Web Workplace.

One-time password

One-time password is a randomly generated password, intended only for one user for a specific time and purpose and provided to the user either through SMS or an OTP token.

OTP is used as an authentication factor for users to log on to AccessAssistant or Web Workplace. OTP is also used for applications that use the IMS Server as the authentication server through RADIUS.

You use AccessAdmin to:

IBM Security Access Manager for Enterprise Single Sign-On supports the OATH HOTP algorithm and selected vendor-specific OTP algorithms. IBM Security Access Manager for Enterprise Single Sign-On supports the following devices:
  • VASCO Digipass GO 3
  • Authenex A-Key OATH-only token without USB interface (OATH-based OTP)

Authentication with OTP tokens is centrally logged in the IMS Server. Administrators or Helpdesk officers can view the audit logs through AccessAdmin, including logs reported by AccessAgent.

Mobile ActiveCodes

A Mobile ActiveCode is a randomly generated, event-based one-time password. The Mobile ActiveCode is generated on the IMS Server. The Mobile ActiveCode is delivered through a second channel, such as short message service (SMS) on mobile phones or through email.

The users can use Mobile Active Code to logon to the following applications:
  • Applications supporting RADIUS, such as VPN Servers

    You must configure applications that support RADIUS to redirect the authentication to the IMS Server. Use this setup to have applications grant or deny access to users based on whether the OTP is successfully verified by the IMS Server.

  • Web applications
  • AccessAssistant or Web Workplace
Parent topic: Planning for authentication factors

Feedback