We are having an issue trying to log onto CA Vantage on xxxx. For some reason we can log onto all lpars within the plex, except for this one.

We have changed our security environment to use two factor authentication. When we enter the credentials we receive message that the password

is not authorized. In the started task, we see message VAN0853E or ICH408I USER(xxxxxxxx) GROUP(group) NAME(name)  LOGON/JOB INITIATION - INVALID PASSWORD ENTERED AT TERMINAL TCPnnnn.

Release: 14.0-Graphical Management Interface

                CA Vantage Web Client 14.0.5 or higher
Component: Security interface

[Note: Job, User, Appl and Group names listed are examples only.]

You can use PIN TOKEN method and passphrase (PIN+Token) methods in one case.
On the other hand, when you have some parameters or profiles wrongly defined, only passphrase is accepted (PIN+Token).
The problem that occurred is related to APPL name profile that Vantage is running under.

You can see that your Vantage running under USER profile SAM#PRD and some GROUP.
IEF695I START SAMSPRD WITH JOBNAME SAMSPRD IS ASSIGNED TO USER SAM#PRD, GROUP G0051768

Please add this to Vkgparms and restart Vantage.
SECURPTK (Y)
SECURAPP (SAM#PRD)

Please add this Vkgparms to your second Vantage (if any or more) and restart. The XXXXXXXX is name of profile under Vantage Lpar.
SECURPTK (Y)
SECURAPP (XXXXXXXX)

SECURAPP is related to APPL resource NAME profile in SAF.

If there is some conflict in settings, the only passphrase accepted is PIN+TOKEN. This behavior is in accordance with MFA principles.