Using Multi-Factor Authentication (MFA)

No additional configurations are required to support users configured with Multi-Factor Authentication (MFA), other than enabling the SAF JWT Service for the Debug Profile Service.

The SAF JWT Service invokes RACROUTE REQUEST=VERIFY, which consistently treats all passwords as MFA credentials and passes them to the MFA task automatically. If the MFA validation fails or the MFA task is not running, the system reinterprets the input either as a standard password or a password phrase.

MFA is supported by IBM Z Multi-Factor Authentication.