Top Secret IBM MFA and Multiple active FACTOR's
Article ID: 131082
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
Is there anyway to use 2 FACTOR's for one user with IBM MFA?
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
Can have multiple MFA FACTORs active GLOBALY, this example from a
TSS MODIFY output:
MFA(CARSA(FACILITY,FALLBACK))
MFA(IBMRSA(NO))
MFA(CAPAM(NO))
MFA(RADIUS(FACILITY,FALLBACK))
And although can add multiple FACTORs to an ACID's record, only ONE FACTOR can be active per ACID.
Example from a 'TSS LIST(acid) DATA(MFA)':
----------- SEGMENT MFA
FACTOR = CAAAMRSA
MFACTIVE = NO
TAGS = RSANAME:TEAMTOPSE
FACTOR = RADIUS_PASSWORD
MFACTIVE = FACILITY
TAGS = RADIUSNAME:[email protected]
TSS MODIFY output:
MFA(CARSA(FACILITY,FALLBACK))
MFA(IBMRSA(NO))
MFA(CAPAM(NO))
MFA(RADIUS(FACILITY,FALLBACK))
And although can add multiple FACTORs to an ACID's record, only ONE FACTOR can be active per ACID.
Example from a 'TSS LIST(acid) DATA(MFA)':
----------- SEGMENT MFA
FACTOR = CAAAMRSA
MFACTIVE = NO
TAGS = RSANAME:TEAMTOPSE
FACTOR = RADIUS_PASSWORD
MFACTIVE = FACILITY
TAGS = RADIUSNAME:[email protected]
Feedback
Yes
No
Powered by
