You use the ALTUSER or ALU command to activate
users for IBM® MFA Password Authentication. IBM MFA Password Authentication is
supported only in IBM MFA Out-of-Band.
Procedure
-
Enter the following command to activate a user for IBM MFA Password Authentication:
ALU [Login ID] MFA(FACTOR(AZFPASS1)
ACTIVE)
Where:
- [Login ID] is the z/OS® user name.
-
ACTIVE activates the AZFPASS1 authenticator for the user ID.
-
You must create a multi-factor authentication policy as described in Create and manage multi-factor authentication policies. IBM MFA Password Authentication is a weak factor and requires the policy to contain at least one
other strong authentication factor.
-
Apply the multi-factor authentication policy to the user as described in Create and manage multi-factor authentication policies.
-
Enter the following command to deactivate a user for IBM MFA Password Authentication:
ALU [Login ID] MFA(FACTOR(AZFPASS1)
NOACTIVE)
-
Enter the following command to display IBM MFA
information for a user profile:
MULTIFACTOR AUTHENTICATION INFORMATION:
---------------------------------------
FACTOR = AZFPASS1
STATUS = ACTIVE