Summary of changes

Changes made to IBM® MFA for Version 2 Release 2.

New

The following information is new.

Version 2.2 September 2023 refresh
  • IBM MFA obtains and caches the IP address of authentication servers, such as a RADIUS server, when the IBM MFA started task starts. You can use the DNSREFRESH console command to refresh the IP addresses without having to restart the IBM MFA started task, as described in Refreshing server IP addresses.
  • The AZFTOTP1 Suspension Threshold limits the number of times a user consecutively fails to provide a valid TOTP code. In this release, Suspension Threshold is enabled by default, with a default setting of 100, as described in Configure AZFTOTP1. If a previous setting exists, the existing value is maintained.
  • The AZF9221E and AZF9135E error messages are added in this release.
Version 2.2 September 2022 refresh
  • When configuring bulk provisioning for users, the azfprov1.sh script invokes azfbulkcmd.sh, which allows you to make any needed customizations if you are using an ESM other than RACF. No changes to azfbulkcmd.sh are required if you are using RACF. This change is described in Configuring bulk provisioning users for IBM MFA.
  • Configuring bulk provisioning users for IBM MFA also makes clear that you need to have UPDATE access to the system security manager FACILITY class profile IRR.RFACTOR.USER to update the user factor data.
  • Using IBM MFA with PassTickets is updated with additional information about how the application performs a SAF RACROUTE REQUEST=VERIFY request.
Version 2.2
Version 2.1 April 2021 refresh
  • The description of Use Single-key Encryption in Configure AZFTOTP1 is updated to clarify that if disabled, a new TKDS object is created to hold the TOTP secret for each new enrolling user.
Version 2.1 March 2021 refresh
Version 2.1 January 2021 refresh