Activate and deactivate users for IBM MFA Password Authentication

You use the ALTUSER or ALU command to activate users for IBM® MFA Password Authentication. IBM MFA Password Authentication is supported only in IBM MFA Out-of-Band.

Procedure

  1. Enter the following command to activate a user for IBM MFA Password Authentication:
    ALU [Login ID] MFA(FACTOR(AZFPASS1)
        ACTIVE)
    Where:
    • [Login ID] is the z/OS® user name.
    • ACTIVE activates the AZFPASS1 authenticator for the user ID.
  2. You must create a multi-factor authentication policy as described in Create and manage multi-factor authentication policies. IBM MFA Password Authentication is a weak factor and requires the policy to contain at least one other strong authentication factor.
  3. Apply the multi-factor authentication policy to the user as described in Create and manage multi-factor authentication policies.
  4. Enter the following command to deactivate a user for IBM MFA Password Authentication:
     ALU [Login ID] MFA(FACTOR(AZFPASS1)
        NOACTIVE)
  5. Enter the following command to display IBM MFA information for a user profile:
    LISTUSER [Login ID] MFA
    MULTIFACTOR AUTHENTICATION INFORMATION:      
    ---------------------------------------      
       FACTOR = AZFPASS1                                 
       STATUS = ACTIVE