Changing multi-factor authentication policy (MFA)
This policy specifies if an additional sign-on factor (MFA) is enabled for
the sign-on process for service tools. If this is enabled the sign-on screen will display the
"Additional factor" field. The individual user profile attributes can later be configured to require
an additional factor for the user profile sign-on process. You can change the additional sign-on
factor enabled using system service tools (SST), dedicated service tools (DST), or the Change
SST Security Attributes (CHGSSTSECA) command.
This security policy is independent of the "TOTP enabled" user profile attribute and configuring it "no" (disabled) will not clear or change the service tools user profile TOTP authentication attributes. User profiles can create a TOTP key and have the TOTP enabled attribute on/enabled regardless of this policy being "no" (disabled).
When this policy is configured "no" (disabled), the service tools user profiles will only authenticate with a user ID and password during the sign-on process and the TOTP additional factor is not required.
- Access SST.
- Select option 8 (Work with Service Tools Server Security and Devices).
- Select option 5 (Work with service tools security options).
- Change the (Additional sign-on factor enabled) field and press Enter.
- Access DST.
- Select option 5 (Work with DST environment).
- Select option 4 (Service tools security data).
- Select option 7 (Work with service tools security options).
- Change the (Additional sign-on factor enabled) field and press Enter.
- Specify the Additional sign-on factor (ADLSGNFAC) parameter on the Change SST Security Attributes (CHGSSTSECA) command.
- The Display SST Security Attributes (DSPSSTSECA) command can be used to display the current value of the Additional sign-on factor and other security attributes.