IBM Z Multi-Factor Authentication expands protection to IBM z/VM systems
IBM United States Software Announcement 220-175May 19, 2020
ENUS220-175.PDF| Table of contents | ||||
|
(Corrected on June 11, 2020)
The "At a glance" section was revised.
Overview
IBM Z® MFA V2.1.0 is enhanced with new functionality and support. Existing clients are strongly encouraged to upgrade to V2.1.0 at their earliest convenience.
Integration with z/VM® External Security Managers
IBM Z MFA adds support for strong user authentication to z/VM systems protected by IBM® z/VM 7.1 RACF®:
- A separate installation of IBM Z MFA (IBM MFA for z/VM) is installed on an LPAR running a supported distribution of Linux® for IBM Z.
- MFA user accounts associated with z/VM users are configured and maintained within IBM MFA for z/VM.
- Entries for z/VM ESM clients are configured within IBM MFA for z/VM.
- The user initially authenticates to IBM MFA for z/VM to acquire a secure credential, and then uses that credential instead of their z/VM password when accessing their protected z/VM system.
Protection beyond the z/OS® sysplex boundary
IBM Z MFA adds support for the production of secure credentials that can be used both within and beyond the boundary of the sysplex where the credential was generated.
- The user is configured via familiar IBM MFA techniques in the primary (credential generating) system or sysplex.
- The user is configured to require a new AZFCKCTC factor in multiple secondary (consuming) systems or sysplexes.
- In secondary (consuming) environments, the AZFCKCTC factor is configured to direct credential processing toward IBM MFA Web Services APIs hosted in the primary (generating) environment.
Back to top
Planned availability date
May 22, 2020
Trade-marks
IBM Security, IBM Cloud and IBM z15 are trade-marks of IBM Corporation in the United States, other countries, or both.
IBM Z, IBM, z/VM, z/OS, RACF, IBM Cloud, Express, Global Technology Services, PartnerWorld, Passport Advantage, z/Architecture, IBM z14, IBM z13, IBM z13s, zEnterprise, S/390 and System z are registered trade-marks of IBM Corporation in the United States, other countries, or both.
Linux is a registered trade-mark of Linus Torvalds in the United States, other countries, or both.
Microsoft and Windows are trade-marks of Microsoft Corporation in the United States, other countries, or both.
Oracle and Java are trade-marks of Oracle and/or its affiliates in the United States, other countries, or both.
Other company, product, and service names may be trade-marks or service marks of others.
tm Trade-mark owned by International Business Machines Corporation and is used under license by IBM Canada Ltd.
® Registered trade-mark of International Business Machines Corporation and is used under license by IBM Canada Ltd.
(**) Company, product or service name may be a trade-mark or service mark of others.
Terms of use
IBM products and services which are announced and available in your country can be ordered under the applicable standard agreements, terms, conditions, and prices in effect at the time. IBM reserves the right to modify or withdraw this announcement at any time without notice. This announcement is provided for your information only.Additional terms of use are located at
For the most current information regarding IBM products, consult your IBM representative or reseller, or go to the IBM worldwide contacts page