You must configure the Yubico OTP AZFYUBI1 settings.
You must have already configured PKCS#11 tokens before you configure Yubico OTP.
About this task
Configuration data for Yubico OTP is stored in the RACF® database. The Yubico OTP configuration data include settings related to the
AZFYUBI1 authentication load module.
-
Execute AZFEXEC and choose AZFYUBI1.
-
Provide the following:
-
See Configure IBM MFA Compound In-Band for
information about configuring IBM MFA Compound In-Band.
-
Press F3 to save your changes and exit.
-
Set Enable YubiKey Enrollment to Y in the web services started task
configuration, as described in Configure IBM MFA web services started task if you
want users to be able to enroll a YubiKey on the YubiKey Enrollment page. The YubiKey Enrollment
page and process is described in Ingesting the .csv configuration file.
If you change the PKCS#11 token name
or key label values, all user registrations will become inaccessible, and users must
re-register.