Support for Multi-Factor Authentication using RACF
CICS® Transaction Server for z/OS® provides support for Multi-Factor Authentication (MFA) using RACF®.
If you are an RACF user, see Multi-Factor Authentication for z/OS in z/OS Security Server RACF Security Administrator's Guide for an overview of MFA and the prerequisite for this feature.
If you are using other security products, see the documentation of your ESM for details of support and prerequisites.
The following information shows how to implement MFA in CICS, based on the example of RACF and IBM® Multi-Factor Authentication for z/OS.
CICS supports in-band MFA tokens. If you use z/OS Out-of-Band authentication, a one-time-use token can be generated and is supported by CICS.
Interface | CICS level requirement |
---|---|
CICS Explorer® | CICS TS V5.4 with APAR PI87691 or later |
CESN and CESL |
|
CPSM WUI | |
User-written sign-on programs using EXEC CICS SIGNON |
MFA tokens are not supported on stateless requests that cache credentials.
Depending on the length, MFA tokens should be entered in the phase or password fields.
For more information, see IBM Multi-Factor Authentication for z/OS User's Guide.