IBM Z Multi-Factor Authentication
Enhance logon security throughout your enterprise with extended mainframe user and token authentication
View IBM Z® Security Workshops
a grid pattern of dots on a dark background
What multifactor authentication can do for your business

IBM Z® Multi-Factor Authentication (IBM Z MFA) is software that secures user logins to z/OS®, z/VM® and Linux® on Z through multifactor authentication.

Mainframe systems are the foundation of trusted digital experiences for most of the world’s largest companies and organizations. However, passwords protecting critical users, data and applications are a relatively simple point of attack for hackers to exploit because the passwords rely on user education and compliance for both implementation and control. By using a variety of methods, such as social engineering and phishing, criminals have exploited employees, partners and general users to hack into even the most secure platforms.

IBM Z MFA raises the level of assurance of your mission-critical systems with expanded authentication capabilities and options for a comprehensive, user-centered strategy that helps mitigate the risk of compromised passwords and system hacks. Our designers are also IBM Z MFA users. Across every new version, we incorporate their growing knowledge and expertise of real-world mainframe security scenarios.
Benefits Enhance login security

Require multiple authentication factors to protect accounts and reduce risk for critical applications and data. Remain protected even if one of the factors is discovered.

 Ease regulatory compliance

Address regulatory and industry requirements for strong user authentication and audit support, including PCI-DSS, NIST, GDPR and PSD2, plus emerging mandates such as CCPA in California and LGPD in Brazil.

 Centralize and simplify management

Centralize factor information in RACF to simplify control, accelerate factor deployment and improve administrative efficiency.

Features

Latest IBM Z Multi-Factor Authentication features (version 2.2)
  • Pluggable authentication modules
  • Configuration of multiple instances of select MFA factors
  • Addition of a “Console Modify” command
  • Documentation and formal support for customer use of policy authentication
  • MFA configuration option to request that browser clients receiving cache token credentials mask the display of such credentials
  • Support for RSA SecurID authentication
  • Web-based ESM password reset feature

Additional IBM Z Multi-Factor Authentication features (version 2.1)
  • Expanded across z/VM operating systems (new in 2.1)
  • Supports production of secure credentials within and beyond the boundary of a Sysplex cluster where the credential was generated (new in 2.1)
  • Extensions for RACF, ACF2 and TopSecret with auditing and provisioning
  • Centralized RACF, ACF2 and TopSecret database support
  • RADIUS support: RSA, Gemalto and generic
  • IBM ISAM integration
  • IBM CIV integration
  • Native Yubico support
  • IBM TouchToken and generic TOTP
  • Certificate-based authentication, PIV, CAC card support
  • Compound authentication
  • Fault tolerance and application exemption
Resources IBM Z Security Workshops: Basic and Advanced

Provide basic and advanced level evaluations to help ensure your mainframe security framework follows best practices for your organization and industry.

 Product documentation

Find answers quickly in IBM product documentation.

 Solution brief

Learn more about IBM Z Multi-Factor Authentication 2.1.
Take the next step

Contact us to discuss your IBM Z Multi-Factor Authentication requirements and get pricing information. Join the IBM Security® Community to access discussions, blog posts and additional resources.

 Join the community