ENH: MULTIFACTOR AUTHENTICATION (MFA) SUPPORT

book

Article ID: 192348

calendar_today

Updated On:

Products

CA VM:Secure for z/VM

Issue/Introduction

ENH: MULTIFACTOR AUTHENTICATION (MFA) SUPPORT; now available in VM:Secure PTF SO12552.

Environment

Release : 3.2

Component : CA VM:Secure for z/VM

Resolution

This enhancement provides Multi Factor Authentication (MFA) support for CA VM:Secure 3.2 logon processing to authenticate using a IBM zMFA server running on Linux for Z.
 
The initial implementation supports Out-of-Band (OOB) MFA authentication using the IBM zMFA server as follows:
 
When VM:Secure is configured to run in Multi Factor Authentication (MFA) mode, VM:Secure requires a z/VM userid and MFA token (obtained from a MFA server) for authentication. VM:Secure validates the specified userid using the online z/VM directory, and communicates with the MFA server to validate the specified userid and MFA token combination. If the MFA server
authenticates and authorizes access for the userid/MFA token combination, then VM:Secure authorizes access (permits the logon). Otherwise, VM:Secure denies access (fails the logon).
 
The user obtains a MFA token by accessing a web URL provided by their security administrator. The web URL presents a policy, a list of credentials (factors), the user must specify before the MFA server will generate their MFA token. After the user obtains a MFA token, they specify the obtained MFA token for their z/VM password when logging on to the z/VM system.

The minimum z/VM requirements for implementation of MFA in VM:Secure are z/VM 7.1 with the PTF associated with CP APAR VM66324 applied.
 
 

Additional Information

You must install the VM:Secure RSU-2001 PTF before putting on the MFA PTF.
VM:Secure RSU-2001 is available in PTF SO11972.