Configure RSA SecurID RADIUS
You must configure the IBM® MFA AZFSIDR1 settings if you want to use RSA SecurID RADIUS.
Before you begin
- Configured a PKCS#11 token as described in Configuring a PKCS#11 token before you configure IBM MFA for RSA SecurID RADIUS. The AZFSIDR1 authentication factor users the PKCS#11 token to encrypt the shared secret before it is stored in RACF®, and to generate random authenticators for use inside the RADIUS packet.
- Configured the RSA SecurID RADIUS server to accept communications from each z/OS system or LPAR that is running the IBM MFA services started task. The network administrator may configure a RADIUS client with or without an RSA Authentication Agent for each z/OS system or LPAR that is running the IBM MFA services started task.
About this task
Configuration data for RSA SecurID RADIUS is stored in the RACF database. The configuration data include settings related to the AZFSIDR1 authentication load module.
Procedure
If you change the PKCS#11 token name
or key label values, you must re-enter the shared secret value.