Preparation for implementation of Advanced Authentication Mainframe (AAM) or IBM Multi-Factor Authentication (MFA) support
search cancel

Preparation for implementation of Advanced Authentication Mainframe (AAM) or IBM Multi-Factor Authentication (MFA) support

book

Article ID: 9722

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

Preparation for implementation of Advanced Authentication Mainframe or IBM Multi-Factor Authentication support

Release requirement: Top Secret r16.  Customers running Top Secret r15 or lower will need to upgrade to r16 across all LPARS before implementing Advanced Authentication Mainframe or IBM Multi-Factor Authentication.  Under no circumstances should an AAM or MFA implementation project begin until all LPARs have been successfully upgraded to CA Top Secret r16.



Environment

Release:
Component: TSSMVS

Resolution

Steps to complete before leveraging Advanced Authentication Mainframe (AAM) or IBM Multi-FactorAuthentication (MFA):

Step 1: Implement Top Secret r16 including related toleration PTF RO92675 across all LPARs prior to beginning the implementation.

o   For ease of implementation RO92675 should be ACCEPTed via SMP/E prior to moving ahead to step 2.  This will allow sites to:

§  Successfully back out RO92696 should that become necessary.

§  Prevent problems should an LPAR unexpectedly be brought into a shared environment.

 

ALERT: If RO92675 is not ACCEPTed, make sure it is not RESTOREd while backing off any other maintenance.

 

Step 2: Install PTF RO92696 to bring in support for the AAM and MFA enhancement. 

  • This enhancement implements the following product changes:
    • Internal TSS security record elements in support of AAM and MFA
    • TSS command changes to allow MFA user and Control Option administration:
      • TSS ADD/REMOVE/PERMIT/REVOKE command updates
      • TSS MODIFY MFA Control Option updates
      • TSS LIST command output to allow display of user ACID AAM and MFA data
      • TSS MODIFY STATUS command output to allow display of AAM and MFA Control Option
      • TSS WHOHAS MFACTOR
    • TSSCFILE record types:
      • 5203    PWFALLBACK=
      • 5204    MFACTIVE=
      • 5206    TAGS=
      • 5207    Tag data continuation

ALERT: Attempting to implement AAM or MFA in a configuration where not all recommended maintenance has been applied can result in an unstable implementation and is highly discouraged.

 

 

Step 3: Begin implementation steps for AAM and MFA