Start the IBM MFA services started task
The IBM® MFA services started task supports authentication of users and validation of tags specified in the RACF® ALTUSER command at runtime.
Before you begin
You must configure at least one of the following strong authentication factors before you start
the IBM MFA services started task:
- RSA SecurID ACEv5 UDP AZFSIDP1
- RSA SecurID Auth API (HTTPS) AZFSIDP3
- TOTP AZFTOTP1
- Certificate AZFCERT1
- Generic RADIUS AZFRADP1
- Safenet RADIUS AZFSFNP1
- SecurID RADIUS AZFSIDR1
- Yubico OTP AZFYUBI1
- IBM Security Verify Access AZFISAM1
- LDAP AZFLDAP1
- Check CTC AZFCKCTC
Important: Start the IBM MFA started tasks
after TCP/IP, PAGENT (for AT-TLS, if needed), and ICSF (if needed) have started successfully and
all TCP/IP-related services such as the resolver are running and fully initialized. See IBM MFA configuration roadmap for the factor-specific configuration
requirements.
Start the IBM MFA started tasks before applications that use IBM MFA.
If a user who has been activated for IBM MFA attempts to log on to an application and the IBM MFA started tasks are not started, the logon fails. Only users with PWFALLBACK enabled as described in Configuring Password Fallback will be able to log on with their z/OS password or passphrase.
About this task
In Copy SAZFSAMP(AZF#IN00) and SAZFSAMP(AZF#IN01), you copied the AZF#IN00 member of the SAZFSAMP data set to the PROCLIB from which you run started tasks.