Compatibilities
Product Lifecycle
Fixcat Holddata
Use this grid to identify which Broadcom product releases are compatible with MultiFactor Authentication and Passphase. If maintenance is required:
Launch Mainframe Compatibility Main Page
The following grid contains a list of all Broadcom mainframe products and releases. The column values include:
| NO | The product collects user credentials (ID/PSWD) but the password length is limited to 8-bytes and there are no plans to update this version of the product to support strong credentials. |
| In Progress | Currently in the process of researching whether the product support strong authentication credentials or in the process of updating the product to provide support. |
| YES | The product collects user credentials and supports passphrases (9-100 bytes). The product may be using interfaces such as API/ML or ESM/MS which enables the support for stronger credentials |
| N/A | The product does not collect user credentials and relies either on TSO, Batch or other sub-systems (CICS, DB2, etc). Therefore, MFA processing does not directly apply to this product. |
Product List
Please refer to the Product Lifecycle Page for additional information.Fix Category: CA.Function.Multi-FactorAuthentication
CA 7 12.0
Supports passphrases up to 100 characters for online logon and the
CA 7 Web Client logon. Passphrases are not supported for batch
processing or program-to-program interfaces.
Requires PTFs RO91472, RO91505 and SO00645.
Fix Category: CA.Function.Multi-FactorAuthentication
CA 7 12.1
Supports passphrases up to 100 characters for online logon and the
CA 7 Web Client logon. Passphrases are not supported for batch
processing or program-to-program interfaces.
No PTFs are required.
Fix Category: CA.Function.Multi-FactorAuthentication
One detail missing: Leveraging IDTA on RACROUTE to support linking
MFA calls (affects expired password reset user experience)
Fix Category: CA.Function.Multi-FactorAuthentication
One detail missing: Leveraging IDTA on RACROUTE to support linking
MFA calls (affects expired password reset user experience)
Fix Category: CA.Function.Multi-FactorAuthentication
ESP REST API - YES
Intelligent Experience - YES
ESP Workstation - YES
Workload Agent Manager - YES
AAI Integration - N/A
Report Server - N/A
Fix Category: CA.Function.Multi-FactorAuthentication
Gen supports Strong Passwords up to 200 characters for CICS cooperative
applications when using the Gen Client Manager Remote-Enhanced option.
Distributed PTFs CCN86301, RTN86301, RTI86301, RTL86301, RTX86301,
and RTR86301 enable Strong Password support in the Client Manager.
z/OS PTFs LU06644, LU06645 and LU06986 enable Strong Password support
in CICS.
Other Gen cooperative targets/options support passwords up to 64
characters when using Gen Enhanced Security.
Fix Category: CA.Function.Multi-FactorAuthentication
Multi-Factor Authentication (MFA) and Advanced Authentication Mainframe
(AAM) Support
TPX supports sign-in with MFA/AAM. MFA/AAM provides an extra level of
security for TPX by letting users sign in with a combination of
authentication factors, such as a passcode. A passcode can be either a
password, password phrase, or MFA/AAM code. MFA/AAM support allows you
to sign in to TPX with your User ID and one of the following
combinations:
- RSA token
- PIN + RSA token
- RSA token + PIN
- RADIUS
- RADIUS Compound-I-Band
- OTHERS
***********************************************************************
Important
- TPX supports RACF password phrase and MFA through the SAF interface.
Sites using IBM RACF must configure TPX to use SAF security. If your
site uses IBM RACF, set SMRT Security System to SAF and SAMT to SAF.
- Ensure that the Multi-Factor Authentication (MFA) /Advanced
Authentication Mainframe (AAM) product and mainframe security
products at your site are current with enhancements and maintenance.
- Implement Pass Ticket before you implement MFA/AAM. For more
information about why you should implement Pass Ticket before
MFA/AAM, see Knowledge Base article 73106.
***********************************************************************
Panel TEN1003 is updated to support passcode entry. For more information
on sign-on panels, see Password Verification.
You must add security messages to the Security Access Message Table
(SAMT) for MFA/AAM support. See Security messages to add to TPX SAMT
when employing MFA/AAM for more information.
Apply the following PTFs for MFA/AAM support:
RO93703 (Base)
RO93704 (English Panel TEN1003)
R093702 (Uppercase Panel TUP1003)
RO94337 (LOCK MFA Support) plus RO094331 to RO94346 Language Panels.
SO0804 Remove restricion that infterfere MFA with RADIUS
Compound-In-Band Support
For more information, see the Knowledge Base article How to set up TPX
with Multi-Factor Authentication (MFA) and Advanced Authentication
Mainframe (AAM) Support.
Fix Category: CA.Function.Password-Phrase
PTFs SO11290 and SO11291 00000100
Fix Category: CA.Function.Multi-FactorAuthentication
Fix Category: CA.Function.Multi-FactorAuthentication
Fix Category: CA.Function.Multi-FactorAuthentication
Fix Category: CA.Function.Multi-FactorAuthentication
Fix Category: CA.Function.Multi-FactorAuthentication
Fix Category: CA.Function.Multi-FactorAuthentication
Fix Category: CA.Function.Multi-FactorAuthentication