This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updateson them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
IBM i ACS Client - Lock down connection settings for Single Sign On
We recently configured SSO for deployment and will be using Kerberos for authentication. We currently are using AD for authentication to the AS/400. A user could circumvent the client configuration for IBM i signon information and change "Use Kerberos authentication; do not prompt" to use IBM i Access Client Solutions setting. We would like to be able to lock down that setting so it cannot be changed in the client. We use SSO so that once the AD account is disabled they would no longer be able to login to the AS/400. The way the settings are today, they could change the setting in the client and if the AS/400 profile is not disabled right away, they would be able to still login to the AS/400. This is related to our internal controls for SSO and prior to deployment of the new client would like this setting locked down with a setting or configurable only by an administrator.
AD account gets automatically disabled from our HR system when an employee is terminated, but secondary systems are not always locked down immediately until a ticket is processed. By SSO and AD being leveraged, the employee would no longer be able to login to the AS/400. If they are able to change the setting in the client, they could circumvent SSO/Kerberos and login with their IBM credentials. This cannot happen for us.
Do not place IBM confidential, company confidential, or personal information into any field.