We are having an issue trying to log onto Vantage on xxxx. For some reason we can log onto all lpars within the plex, except for this one.

We have changed our security environment to use two factor authentication. When we enter the credentials we receive the message that the password is not authorized. In the started task, we see message VAN0853E or ICH408I USER(xxxxxxxx) GROUP(group) NAME(name)  LOGON/JOB INITIATION - INVALID PASSWORD ENTERED AT TERMINAL TCPnnnn.

Vantage

[Note: Job, User, Appl and Group names listed are examples only.]

You can use PIN TOKEN method and passphrase (PIN+Token) methods in one case.
On the other hand, when you have some parameters or profiles wrongly defined, only passphrase is accepted (PIN+Token).
The problem that occurred is related to the APPL name profile that Vantage is running under.

You can see that your Vantage running under USER profile SAM#PRD and some GROUP.
IEF695I START SAMS WITH JOBNAME SAMS IS ASSIGNED TO USER <samsuser> , GROUP <samsgroup>

Please add this to the VKGPARMS and restart Vantage:

SECURPTK (Y)
SECURAPP (SAM#PRD)

Please add this VKGPARMS to your second Vantage (if any, or more) and restart. The XXXXXXXX is the name of the profile under the Vantage LPAR:

SECURPTK (Y)
SECURAPP (XXXXXXXX)

SECURAPP is related to the APPL resource NAME profile in SAF.

If there is some conflict in settings, the only passphrase that is accepted is PIN+TOKEN. This behavior is in accordance with MFA principles.