IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

RACF authentication from windows active directory

  • 1.  RACF authentication from windows active directory

    Posted Tue September 12, 2023 11:27 AM

    Hi All

    I got a request that instead of  define users and passwords in RACF , we can only use the same user and password of active directory to authenticate user logon to TSO and CICS .would you please advise if this doable, 

    Thanks



    ------------------------------
    Mohammed Ibrahem
    ------------------------------


  • 2.  RE: RACF authentication from windows active directory

    Posted Wed September 13, 2023 03:50 AM

    Hello Mohammed, 

    the IBM Multi-Factor Authentication solution allows for a RACF UID to use an Active Directory Account for z/OS authentication.

    The RACF-UID is mapped to a AD Account (via TAGS in an enrollment for a UID) and the AD PW is used additional or instead of

    the RACF-PW.  zMFA Faktor used is LDAP via "simple bind" to AD. 

    More details you can find here: https://www.ibm.com/docs/en/SSNR6Z_2.2.0/pdf/azfi100_v2r2.pdf

    See Chapter 20. Configuring LDAP 

    Best regards     Guenter



    ------------------------------
    Günter Weber
    ------------------------------

    Original Message