Adding IBM i systems

If you are adding IBM i systems, you must install and start the SSH server on the target system before you can connect using Privileged Access Service.

Accounts on IBM i are called profiles. For example, you can specify the user profile QSECOFR as the account used to access the system. This is the most powerful user profile, and is similar to root on UNIX. The use of a proxy account and password is not supported on IBM i.

For any user profile (account) you add, you can choose whether you want the Zero Trust Privileged Access Service to manage the account password. If you select Manage this credential, the Privileged Access Service automatically changes the password immediately after the account and system are added and each time the account is checked in for each password profile associated with the account.

If you select Manage this credential for IBM i devices, keep in mind that the Privileged Access Service can only manage passwords for privileged user accounts that have sufficient rights to configure and save settings. In addition, if there are any pending changes for other user accounts, those changes will be saved when the Privileged Access Service updates a managed password.

For more information about password and system management for IBM i systems, see the following topic:

Password complexity rules