IBM Z Multi-Factor Authentication

Enhance login security with mainframe user and token authentication

Threat Intelligence Report 2025
3d render of cubes on mainframe

Secure your user logins against cyberthreats

IBM Z® Multi-Factor Authentication (IBM Z MFA) secures user logins to z/OS®, z/VM® and Linux® on Z. It helps mitigate the risk of compromised passwords with expanded authentication capabilities for your mission-critical IBM Z and LinuxONE environments.
Enhance login security

Use multiple authentication factors to enhance security for critical applications and data.
Ease regulatory compliance

Comply with regulations such as PCI-DSS, NIST, GDPR and PSD2, CCPA and LGPD.
Centralize management

Centralize factor data in RACF® for control to deploy faster and boost admin efficiency.
Streamline integration

Enable quick setup and integration with support for authentication factors and protocols.

IBM mainframe security workshops

Whether you’re part of a growing organization or a more mature enterprise, IBM can help evaluate your unique security needs and implement improvements to your mainframe environment.

Download the flyer

Key features

Person authorizing system action with smartphone

Latest IBM Z Multi-Factor Authentication features (version 2.3)

  • Single sign-on support for tokens issued by external OIDC-compliant identity providers
  • User-driven password fallback voting
  • Remote CTC checking
  • Search before bind user provisioning for LDAP authentication
  • In-memory storage of IBM Z MFA-issued CTCs
  • Support for “generic” RADIUS, SafeNet RADIUS and RSA SecurID RADIUS
  • Certificate authentication includes CAC and PIV cards
Person looking at a tablet

Latest IBM Z Multi-Factor Authentication features (version 2.4)

  • Password-only login can now trigger a secure challenge through an alternative channel, such as a push notification
  • Admins can now use multiple OpenID Connect providers to configure secure access
  • Web-accessible updated user interfaces
  • Automatic detection of TOTP operating modes that align with the user’s client capabilities
  • In-band code page with expanded LDAP support, enabling compatibility with character sets other than IBM-1047
  • Comprehensive BlastRADIUS mitigation applied to all multi-factor authentication (MFA) RADIUS factors

Case studies

Team working in a modern office
Software AG
See how IBM Z MFA enables Software AG to implement a holistic mainframe security approach securely.
Abraxas informatik AG building
Abraxas Informatik AG
Learn about the implementation of IBM Z MFA to modernize the security experience for enterprise.
APIS IT team working at office
APIS IT
Discover how APIS IT decided to implement IBM Z Operations Analytics with strategic AIOps.
Person depositing check with smartphone
Bradesco
Read how Bradesco created a reliable, secure and innovative online banking experience to deliver services to customers.

Resources

User's guide

Get instructions for customizing and using IBM Z Multi-Factor Authentication.

 Download the guide
Installation and customization

Help system administrators customize the product following installation.

 Install it now
Program directory

Read about the materials and procedures associated with the installation of IBM Z MFA.

 Read the directory
Solution brief

Enhance login security with extended mainframe user and token authentication, now with single sign-on support.

 Read the brief
Take the next step

Contact us to discuss your IBM Z Multi-Factor Authentication requirements and get pricing information. Join the IBM Security® community to access discussions, blog posts and more resources.

 Join the community
More ways to explore Community Blog Learning Academy Support Documentation Installation and deployment