lsauthmultifactorverify

Use the lsauthmultifactorverify command to list the system-wide IBM Security Verify multifactor authentication configuration.

Syntax

Read syntax diagramSkip visual syntax diagram lsauthmultifactorverify

Parameters

None.

Description

This table provides the attribute values that can be displayed as output view data.

Table 1. lsauthmultifactorverify output
Attribute Description
status Indicates the MFA enablement status using IBM Security Verify. Value can be enabled or disabled.
failmode Indicates how the system should behave for the user logins when the MFA server is unavailable. Value can be insecure or secure.
  • A secure failmode indicates the failure of MFA-enabled users if the server is unavailable.
  • An insecure failmode indicates the succeed of MFA-enabled users if the server is unavailable.
hostname Indicates the hostname of the IBM Security Verify tenant. It must consist of a string up to 255 printable ASCII characters.
port Indicates the port number of the IBM Security Verify tenant. The value must be an integer 1-65535.
openid_client_id Indicates the IBM Security Verify OpenID Connect client ID for the system. It must consist of a string up to 64 printable ASCII characters.
openid_client_secret_set Indicates whether the IBM Security Verify OpenID Connect client secret has been set. Value can be yes or no.
cli_client_id Indicates the IBM Security Verify CLI client ID for the system. It must consist of a string up to 64 printable ASCII characters.
cli_client_secret_set Indicates whether the IBM Security Verify CLI client secret is set or not. Value can be yes or no.
admin_enrolled_factors Indicates whether factors enrolled by the IBM Security Verify admin are displayed on the choice list of factors when logging into the command line.
max_prompts Indicates the maximum number of prompts displayed when logging in with a second factor on the CLI.