MFA compound In-Band

MFA users may be provisioned so that they are required to authenticate with both a token device code and their RACF authenticator (password or password phrase). Users configured for compound in-band may enter their token code and RACF authenticator concatenated together in the password phrase field of an application with a separator character between the two values. When the RACF authenticator is expired it can be changed by passing the new value into the new password or new password phrase field of the application by itself without the token code portion. Refer to the IBM Multi-Factor Authentication for z/OS Installation and Customization and the IBM Multi-Factor Authentication for z/OS User's Guide for more information on MFA compound in-band support.