IBM Z Multi-Factor Authentication expands protection to IBM z/VM systems

IBM United States Software Announcement 220-175
May 19, 2020

Table of contents
OverviewOverviewPlanned availability datePlanned availability date

(Corrected on June 11, 2020)

The "At a glance" section was revised.



Overview

Top rule

IBM Z® MFA V2.1.0 is enhanced with new functionality and support. Existing clients are strongly encouraged to upgrade to V2.1.0 at their earliest convenience.

Integration with z/VM® External Security Managers

IBM Z MFA adds support for strong user authentication to z/VM systems protected by IBM® z/VM 7.1 RACF®:

  • A separate installation of IBM Z MFA (IBM MFA for z/VM) is installed on an LPAR running a supported distribution of Linux® for IBM Z.
  • MFA user accounts associated with z/VM users are configured and maintained within IBM MFA for z/VM.
  • Entries for z/VM ESM clients are configured within IBM MFA for z/VM.
  • The user initially authenticates to IBM MFA for z/VM to acquire a secure credential, and then uses that credential instead of their z/VM password when accessing their protected z/VM system.

Protection beyond the z/OS® sysplex boundary

IBM Z MFA adds support for the production of secure credentials that can be used both within and beyond the boundary of the sysplex where the credential was generated.

  • The user is configured via familiar IBM MFA techniques in the primary (credential generating) system or sysplex.
  • The user is configured to require a new AZFCKCTC factor in multiple secondary (consuming) systems or sysplexes.
  • In secondary (consuming) environments, the AZFCKCTC factor is configured to direct credential processing toward IBM MFA Web Services APIs hosted in the primary (generating) environment.


Back to topBack to top

Planned availability date

Top rule

May 22, 2020

Trade-marks

IBM Security, IBM Cloud and IBM z15 are trade-marks of IBM Corporation in the United States, other countries, or both.

IBM Z, IBM, z/VM, z/OS, RACF, IBM Cloud, Express, Global Technology Services, PartnerWorld, Passport Advantage, z/Architecture, IBM z14, IBM z13, IBM z13s, zEnterprise, S/390 and System z are registered trade-marks of IBM Corporation in the United States, other countries, or both.

Linux is a registered trade-mark of Linus Torvalds in the United States, other countries, or both.

Microsoft and Windows are trade-marks of Microsoft Corporation in the United States, other countries, or both.

Oracle and Java are trade-marks of Oracle and/or its affiliates in the United States, other countries, or both.

Other company, product, and service names may be trade-marks or service marks of others.

tm Trade-mark owned by International Business Machines Corporation and is used under license by IBM Canada Ltd.

® Registered trade-mark of International Business Machines Corporation and is used under license by IBM Canada Ltd.

(**) Company, product or service name may be a trade-mark or service mark of others.

Terms of use

IBM products and services which are announced and available in your country can be ordered under the applicable standard agreements, terms, conditions, and prices in effect at the time. IBM reserves the right to modify or withdraw this announcement at any time without notice. This announcement is provided for your information only.Additional terms of use are located at

Terms of use

For the most current information regarding IBM products, consult your IBM representative or reseller, or go to the IBM worldwide contacts page

http://www.ibm.com/planetwide/us/