Configure Automated Sign-On for Mainframe - IBM Z MFA

Use the MSS Administrative Console to configure an IBM Z MFA server, which is required for automated sign-on. The IBM Z MFA server is used to secure user logins to z/OS systems via multi-factor authentication.

Prerequisite

Configure the z/OS host. Refer to IBM Z Multi-Factor Authentication Documentation.

Add an IBM Z MFA server

Getting here: MSS Administrative Console > Configure Settings > Automated Sign-On > Enable IBM Z MFA Automated Sign-On for Mainframe. Click Automated Sign-On for Mainframe (IBM Z MFA servers).

Click +ADD and enter the details for the IBM Z MFA Server Configuration.

Note

A TLS certificate is required. The IBM Z MFA server certificate must be installed as a trusted MSS certificate and added to the MSS Trusted Certificate store. See Trusted Certificates - Certificate Store - Management and Security Server.

Server name

Enter the name of the IBM Z MFA server.

Server port

The default port is 8990; however, the IBM Z MFA server can be configured to use any port.

Test Connection

Click this button to test the connection between the MSS Server and the IBM Z MFA server.

Edit an existing IBM Z MFA server

Select a server, click EDIT. Adjust the settings as needed and click OK.

Delete an IBM Z MFA server

Select the server, and click DELETE. When sessions are assigned to use this IBM Z MFA server, a dialog lists the assigned sessions.

Next steps

Configure the Common Settings for a secondary LDAP server, if required.
Configure your client.