Reviewing the Zowe doc, I see that Zowe desktop can be integrated with IBM MFA. As CA/Broadcom also has an MFA solution and participate to Zowe, and also as in our shop we have yet another MFA solution that hooks behind the RACF passphrase validation, I wonder if this MFA integration will be extended to other solutions ?
Just curious, what is MFA? I’ve never seen that acronym before.
MFA : Multi Factor Authentication
The Broadcom AAM (Advanced Authentication Mainframe) solution provides multi-factor authentication support for all three ESMs (ACF2, Top Secret and RACF) and can be leveraged from an authentication call from Zowe or any application via the standard APIs available on z/OS for authentication.
Hi Renaud & good question.
Zowe’s support for MFA software has been tested with IBM’s MFA product but is not limited to IBM’s MFA product. The reality is we have not been able to test with all products yet. If you have the broadcom MFA product, I think it would be great to try out and report results so we could update documentation.
But, essentially the way it all works is that Zowe uses SAF to do authentication. If an MFA product interacts with SAF to add MFA checks into the authentication process, then it should just work.
Thank you for the replies. We don’t have the Broadcom MFA but another product. It is not obvious at all that simply using SAF for authentication would be fine, as the password could be stored or passtickets could be used (and the MFA product we use does not support passtickets). We will need to test…
Both RACF and ACF2 use SAF macro calls. Look at the SAF macros and CB’s first to get a picture of what’s going on underneath the covers.