Activate and deactivate users for IBM MFA Out-of-Band authentication

The authentication factors you activate determine which factors the user must provide.

1. Select from the following authentication factors, and activate users as described in the referenced sections:
   • SecurID. See Activate and deactivate users for IBM MFA SecurID.
   • TOTP. See Administration and operation steps for TOTP.
   • Certificate Authentication. See Activate and deactivate users for Certificate Authentication.
   • Activate and deactivate users for generic RADIUS.
   • Activate and deactivate users for SafeNet RADIUS.
   • Activate and deactivate users for RSA SecurID RADIUS.
   • Administration and operation steps for Yubico OTP.
2. Apply one or more multi-factor authentication policies to a user, as described in Create and manage multi-factor authentication policies.

   ALU <USERID> MFA(ADDPOLICY(POLICY-NAME))

3. Enter the following command to display IBM MFA information for a user profile:

   LISTUSER [Login ID] MFA

4. Tell users they must use the IBM MFA Out-of-Band web server login page:

   https://server-host:port/mfa/policy-name

   where port is the server authentication port you configured and policy-name is the policy the user must use. You may want to have the user bookmark this URL.

   Note: If you do not include the policy-name in the URL you provide to the user, the user is prompted for their policy name, which they must already know.
   On the next page, they are shown user-specific information about the factors required for them to log on.