IBM Z Software
Hide about this portal


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

ADD A NEW IDEA

Z Multi-Factor Authentication

Showing 24 of 8834

MFA native Support of Thales eToken PASS without RADIUS

We've successfully tested factor AZFYUBI1 with zMFA. Our preferred factor for production would be AZFTOTP1, this is working fine. But we're currently in process of setting up some support processes (e.g. what will hapen, if somebody lost his phone...
10 months ago in zSecurity / Z Multi-Factor Authentication 2 Not under consideration

Branding Customization MFA Web Pages

Actually its possible to customize some aspects of webpages like language and html like described on https://www.ibm.com/docs/en/zma/2.3.0?topic=customization-translating-customizing-mfa-messages-html , but when its needed to change the stylesheet...
3 months ago in zSecurity / Z Multi-Factor Authentication 0 Future consideration

Improve AZFPASS1 factor to hide the "New password" field when password change or reset is disabled.

When Factor AZFPASS1 is active, the web form authentication shows a RACF password field followed by 2x New Password (optional) requests to change passwords, even if this option was disabled on STC Configuration Attributes, causing confusion to end...
3 months ago in zSecurity / Z Multi-Factor Authentication 0 Planned for future release

WARNING message, if the zMFA Administrator activate multiple strong factors that would block authentication of users

Currently, it is possible to activate multiple strong zMFA factors for the users (e.g. AZFTOTP1 and AZFCERT1). If more than one of such factors are enabled, the users can't login with In-Band authentication. zMFA should be enhanced to give the adm...
11 months ago in zSecurity / Z Multi-Factor Authentication 0 Under review

improvement for AZFTOTP1 enrollment

Today when you enroll an user for AZTOTP1, you can have 2 ways to add it to your authenticator app on your mobile phone. By default the most are using a QR code, but as alternative you can use the otpauth address by typing it manually into your au...
2 months ago in zSecurity / Z Multi-Factor Authentication 1 Not under consideration

Add diagnostic event logging for Cache Token Credential (CTC) usage

IBM MFA for z/OS provides diagnostic event trace information for many of the various authentication factors that can be configured in this product. We found that authentication factor Cache Token Credential, when using "Cache Token Sharing" set to...
6 months ago in zSecurity / Z Multi-Factor Authentication 0 Future consideration

Manage OpenID Connect (OIDC) certificates on RACF/ICSF

As described on https://www.ibm.com/docs/en/zma/2.3.0?topic=oidc-performing-sso-by-using-no, "You must have a server certificate and private key. This certificate and private key are for use with the included Node.js application, and you do not ne...
3 months ago in zSecurity / Z Multi-Factor Authentication 0 Planned for future release

Count down to expiration or generation date/time added to token window

Our out-of-band tokens expire after 4 hours and customers continue to lock themselves out of the system attempting to use expired tokens, not realizing they have expired. Suggesting either having a date/time pasted to the same webpage that the tok...
7 months ago in zSecurity / Z Multi-Factor Authentication 0 Planned for future release

Support protected or secure key operations for PKCS#11 token objects.

Given this is the auth mekanism for privileged accounts and IBMs own health checker reacts on clear keys in TKDS i'd say it's a reassonable request to develop better crypto support in the zMFA product. I uploaded an examle from one of our test mac...
about 1 year ago in zSecurity / Z Multi-Factor Authentication 0 Future consideration

Allow a user to perform MFA compound authentication specifying only the security manager credential with a Radius server that pushes an authentication request to a user device.

Currently MFA requires a credential value that contains a “dummy” MFA portion to cause the Radius server to push an authentication request to the user device. Having the push request generated without explicitly having to specify the dummy MFA por...
over 2 years ago in zSecurity / Z Multi-Factor Authentication 3 Planned for future release

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.