This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
Hi Team,
At present, it is possible to block at engine level which is useful to block users from logging in. It is possible to block users to block if they user particular adapter and allow for others?
We have two types of adapters MFA and non-MFA adapters where MFA adapters use a policy which require both password and key to authenticate users. But MFA users can also login to non-MFA adapters which expects either of password or key. Is it possible to block MFA users if they access non-MFA adapters?
Thanks,
Satheesh
Thank you for taking the time to provide your ideas to IBM. We appreciate your willingness to share details about your experience and your recommendations.
Sterling Secure Proxy currently blacklist the users already at the engine level. Intentionally we have designed it in a way that even the blocked users will be asked for passwords followed by which a generic message "authentication failed" would be shown. This ensures that there's no knowledge to the external user whether their IPs are blocked.
If you have any additional feedback, thoughts or ideas, or if there is anything else I can do, please do not hesitate to reply to this message to continue the conversation. Appreciate your patience.