ENH: MULTIFACTOR AUTHENTICATION (MFA) SUPPORT
Article ID: 192348
Updated On:
Products
VM:Secure for z/VM
Issue/Introduction
ENH: MULTIFACTOR AUTHENTICATION (MFA) SUPPORT; now available in VM:Secure PTF SO12552.
Environment
Release : 3.2
Component : CA VM:Secure for z/VM
Resolution
This enhancement provides Multi Factor Authentication (MFA) support for CA VM:Secure 3.2 logon processing to authenticate using a IBM zMFA server running on Linux for Z.
The initial implementation supports Out-of-Band (OOB) MFA authentication using the IBM zMFA server as follows:
When VM:Secure is configured to run in Multi Factor Authentication (MFA) mode, VM:Secure requires a z/VM userid and MFA token (obtained from a MFA server) for authentication. VM:Secure validates the specified userid using the online z/VM directory, and communicates with the MFA server to validate the specified userid and MFA token combination. If the MFA server
authenticates and authorizes access for the userid/MFA token combination, then VM:Secure authorizes access (permits the logon). Otherwise, VM:Secure denies access (fails the logon).
The user obtains a MFA token by accessing a web URL provided by their security administrator. The web URL presents a policy, a list of credentials (factors), the user must specify before the MFA server will generate their MFA token. After the user obtains a MFA token, they specify the obtained MFA token for their z/VM password when logging on to the z/VM system.
The minimum z/VM requirements for implementation of MFA in VM:Secure are z/VM 7.1 with the PTF associated with CP APAR VM66324 applied.
The initial implementation supports Out-of-Band (OOB) MFA authentication using the IBM zMFA server as follows:
When VM:Secure is configured to run in Multi Factor Authentication (MFA) mode, VM:Secure requires a z/VM userid and MFA token (obtained from a MFA server) for authentication. VM:Secure validates the specified userid using the online z/VM directory, and communicates with the MFA server to validate the specified userid and MFA token combination. If the MFA server
authenticates and authorizes access for the userid/MFA token combination, then VM:Secure authorizes access (permits the logon). Otherwise, VM:Secure denies access (fails the logon).
The user obtains a MFA token by accessing a web URL provided by their security administrator. The web URL presents a policy, a list of credentials (factors), the user must specify before the MFA server will generate their MFA token. After the user obtains a MFA token, they specify the obtained MFA token for their z/VM password when logging on to the z/VM system.
The minimum z/VM requirements for implementation of MFA in VM:Secure are z/VM 7.1 with the PTF associated with CP APAR VM66324 applied.
Additional Information
You must install the VM:Secure RSU-2001 PTF before putting on the MFA PTF.
VM:Secure RSU-2001 is available in PTF SO11972.
VM:Secure RSU-2001 is available in PTF SO11972.
Feedback
Yes
No
Powered by
