Db2 Tools for z/OS

Db2 Tools for z/OS

Connect with Db2, Informix, Netezza, open source, and other data experts to gain value from your data, share insights, and solve problems.

 View Only

Strengthen QMF Security with Okta-Based Multi-Factor Authentication (MFA)

By Prasad Pawar posted Thu December 18, 2025 08:27 AM

  

Introduction

In today’s digital landscape, security is not optional—it’s essential. Enterprises face increasing threats from credential theft and unauthorized access, making strong authentication a critical component of any application. IBM’s Query Management Facility (QMF) for WebSphere and QMF Server now takes a significant step forward in safeguarding your environment by introducing Okta-based Multi-Factor Authentication (MFA) with SAML 2.0 support.

This new capability empowers organizations to protect sensitive data and applications with an additional layer of security, ensuring that even if a password is compromised, your systems remain secure.

Why MFA Matters for QMF Users

Passwords alone are insufficient to protect against modern threats. Cyberattacks and phishing attempts continue to rise, and compromised credentials are among the leading causes of data breaches. MFA addresses this challenge by requiring users to verify their identity through multiple factors—such as SMS codes, authenticator apps, or biometric checks—before granting access.

By integrating MFA into QMF for WebSphere and QMF Server, IBM helps customers:

·         Reduce risk of unauthorized access

·         Comply with enterprise security standards

·         Protect mission-critical data and applications

Introducing Okta Integration for QMF

With this release, QMF for WebSphere and QMF Server support Okta-based MFA using SAML 2.0. Okta is a leading identity provider offering a wide range of authentication factors and Single Sign-On (SSO) capabilities, enabling a seamless and secure user experience.

Key Highlights:

·         MFA can be enforced at the application level in Okta.

·         Users confirm credentials with additional factors during sign-in.

·         Okta’s SSO simplifies access across multiple enterprise applications.

Benefits for Customers

·         Stronger Security: MFA ensures that compromised passwords alone cannot grant access.

·         Seamless Experience: Okta’s SSO reduces login friction for end users.

·         Centralized Control: Administrators can manage MFA policies and user assignments from a single console.

·         Scalable & Future-Ready: Built on industry-standard SAML 2.0 for interoperability.

What’s New for Repository Security

Beyond login protection, this feature introduces a new security provider option for repositories: IDP (Okta). Administrators can now:

·         Define user and administrator groups directly from Okta.

·         Apply granular permissions for repository access and object-level security.

·         Align repository security with enterprise identity management strategies.

How It Works (High-Level)

1.      Integrating QMF for WebSphere or QMF Server with Okta.

2.      Configuring SAML settings and MFA policies in Okta.

3.      Assigning users and groups to the QMF application.

4.      Selecting IDP (Okta) as the security provider when creating repositories.

Detailed configuration steps are available in IBM’s official documentation, ensuring a smooth setup process for administrators.

Getting Started

Ready to strengthen your QMF environment? Enable Okta MFA for QMF today and take advantage of enterprise-grade security. For step-by-step guidance, refer to the official IBM documentation.

Limitations and Important Considerations
While Okta-based MFA integration significantly enhances security for QMF for WebSphere and QMF Server, there are a few important limitations to keep in mind:

  • Phishing-Resistant Authentication Not Supported: QMF currently does not support Okta’s phishing-resistant authentication feature. If this option is enabled in your Okta policies, authentication will fail with an “Access Denied” message.Action Required: Ensure the Phishing resistant checkbox is cleared when configuring authentication policies in Okta.
  • Default Policy Behavior: Okta applies the default policy “Any two factors” for new organizations. While you can edit this policy, you cannot replace it with a different default policy.
  • Scheduled Tasks and Public Links: IDP (Okta)-secured repositories do not support scheduled tasks or creation of public web links for stored objects.

For detailed steps on adjusting Okta policies, refer to IBM documentation and Okta’s official guide.

Conclusion

Security is a shared responsibility, and IBM is committed to helping customers stay ahead of evolving threats. By integrating Okta-based MFA into QMF for WebSphere and QMF Server, we deliver a solution that combines robust protection, ease of use, and enterprise scalability.

Upgrade now and experience the confidence of modern identity security with QMF and Okta.

IBM Documentation
What's new in QMF 13.1.3.0

#CyberSecurity #IdentitySecurity #MultiFactorAuthentication #MFA #SecureAccess #QMFforWebSphere #QMFServer #EnterpriseSecurity #OktaIntegration #OktaMFA #IdentityManagement #SSO
2 comments
24 views

Permalink

https://community.ibm.com/community/user/blogs/prasad-pawar/2025/12/18/strengthen-qmf-security-with-okta-based-multi-fact

Comments

Prasad Pawar
Mon December 22, 2025 02:15 AM

Thank you for your question! The Okta-based Multi-Factor Authentication (MFA) feature is currently available for QMF for WebSphere and QMF Server only.

QMF for Workstation is a desktop-based application and does not have an application-layer login mechanism. Since MFA relies on an identity provider (Okta) for authentication at the application level, this capability is not supported for QMF for Workstation.

If you have any further questions or need guidance on securing QMF for Workstation, feel free to reach out!

Mark Vickers
Fri December 19, 2025 07:58 AM

Is this available for QMF Workstation ?