Top Secret IBM MFA and Multiple active FACTOR's

book

Article ID: 131082

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction



Is there anyway to use 2 FACTOR's for one user with IBM MFA? 

Environment

Release:
Component: TSSMVS

Resolution

Can have multiple MFA FACTORs active GLOBALY, this example from a 
TSS MODIFY output: 

MFA(CARSA(FACILITY,FALLBACK)) 
MFA(IBMRSA(NO)) 
MFA(CAPAM(NO)) 
MFA(RADIUS(FACILITY,FALLBACK)) 

And although can add multiple FACTORs to an ACID's record, only ONE FACTOR can be active per ACID.  
Example from a 'TSS LIST(acid) DATA(MFA)': 

----------- SEGMENT MFA 
FACTOR = CAAAMRSA 
MFACTIVE = NO 
TAGS = RSANAME:TEAMTOPSE 
FACTOR = RADIUS_PASSWORD 
MFACTIVE = FACILITY 
TAGS = RADIUSNAME:[email protected]