Configuring IBM MFA certificate authentication

You can configure IBM® MFA for certificate authentication. This is a general purpose certificate authentication that includes Common Access Card (CAC) and Personal Identification Verification (PIV) cards.

Certificate authentication uses the client identity certificate to authenticate the user.

Certificate Authentication configuration requirements

Before you configure Certificate Authentication, refer to the configuration roadmap in IBM MFA configuration roadmap.

Start of change

Certificate Authentication configuration recommendation

If you configure only AZFCERT1 and no other standalone-capable authentication factors, IBM recommends that you consider deploying user-driven fallback, as described in Configuring user-driven fallback. User-driven fallback is a way to ensure system availability in the event of an unexpected outage in an external dependency.

End of change