IBM Z Multi-Factor Authentication

What multifactor authentication can do for your business

IBM Z® Multi-Factor Authentication (IBM Z MFA) is software that secures user logins to z/OS®, z/VM® and Linux® on Z through multifactor authentication.

Mainframe systems are the foundation of trusted digital experiences for most of the world’s largest companies and organizations. However, passwords protecting critical users, data and applications are a relatively simple point of attack for hackers to exploit because the passwords rely on user education and compliance for both implementation and control. By using a variety of methods, such as social engineering and phishing, criminals have exploited employees, partners and general users to hack into even the most secure platforms.

IBM Z MFA raises the level of assurance of your mission-critical systems with expanded authentication capabilities and options for a comprehensive, user-centered strategy that helps mitigate the risk of compromised passwords and system hacks. Our designers are also IBM Z MFA users. Across every new version, we incorporate their growing knowledge and expertise of real-world mainframe security scenarios.

Get the X-Force Threat Intelligence Index 2024

In 2023, organizations saw a 71% spike in cyberattacks caused by exploiting identities. Check out the new report to learn how to best safeguard identities.

Benefits

Enhance login security

Require multiple authentication factors to protect accounts and reduce risk for critical applications and data. Remain protected even if one of the factors is discovered.

Ease regulatory compliance

Address regulatory and industry requirements for strong user authentication and audit support, including PCI-DSS, NIST, GDPR and PSD2, plus emerging mandates such as CCPA in California and LGPD in Brazil.

Centralize and simplify management

Centralize factor information in RACF to simplify control, accelerate factor deployment and improve administrative efficiency.

Features

Latest IBM Z Multi-Factor Authentication features (version 2.2)

Pluggable authentication modules
Configuration of multiple instances of select MFA factors
Addition of a “Console Modify” command
Documentation and formal support for customer use of policy authentication

MFA configuration option to request that browser clients receiving cache token credentials mask the display of such credentials
Support for RSA SecurID authentication
Web-based ESM password reset feature

Additional IBM Z Multi-Factor Authentication features (version 2.1)

Expanded across z/VM operating systems (new in 2.1)
Supports production of secure credentials within and beyond the boundary of a Sysplex cluster where the credential was generated (new in 2.1)
Extensions for RACF, ACF2 and TopSecret with auditing and provisioning
Centralized RACF, ACF2 and TopSecret database support
RADIUS support: RSA, Gemalto and generic
IBM ISAM integration

IBM CIV integration
Native Yubico support
IBM TouchToken and generic TOTP
Certificate-based authentication, PIV, CAC card support
Compound authentication
Fault tolerance and application exemption

Resources

IBM Z Security Workshops: Basic and Advanced

Provide basic and advanced level evaluations to help ensure your mainframe security framework follows best practices for your organization and industry.

Product documentation

Find answers quickly in IBM product documentation.

Solution brief

Learn more about IBM Z Multi-Factor Authentication 2.1.

Case Studies

Abraxas Informatik AG

Read more about the implementation of IBM Z MFA to modernize the security experience for business-critical enterprise applications.

Software AG

See how IBM Z MFA enables Software AG to implement a holistic mainframe security approach.

Take the next step

Contact us to discuss your IBM Z Multi-Factor Authentication requirements and get pricing information. Join the IBM Security® Community to access discussions, blog posts and additional resources.

Join the community