Multi-factor authentication (MFA) credentials for CICS Explorer connections

Authentication with MFA credentials can enhance sign-on security for CICS® management client interface (CMCI) connections to CICS regions. MFA requires a password or passphrase coupled with a dynamic authentication token to verify the user's identity.

Note: When MFA support is required, if you need to export CICS bundles to a z/OS® UNIX System Services file system from CICS Explorer, you must use the Remote System Explorer (RSE) connection. MFA is not supported for z/OS FTP or z/OSMF connections.

Prerequisites of CICS TS

CMCI connections with MFA are supported in either a CICSPlex® SM or a single CICS region environment:

For a CICSPlex SM environment
  • The WUI region and CMAS must be running at the same CICS level that is CICS TS 5.4 with APAR PI87691 or later.
  • The WUI region must be configured to use a CMCI JVM server and multi-factor authentication support is enabled on the server side. For instructions, see Configuring for CICS Explorer in the CICS TS product documentation.
For a single CICS region

Prerequisites of CICS Explorer

To connect to a CICSPlex SM environment
Use CICS Explorer for Aqua 3.1 (Fix Pack 5.4.0.4) or a later release.
To connect to a single CICS region
All the in-service versions of CICS Explorer are supported.

How to connect to CICS using an MFA credential

You define an MFA credential in a similar way to other connection credentials, except that you do not save a password or passphrase in the credential. For detailed instructions, see Defining connection credentials.
Figure 1. Creating an MFA credential
Creating an MFA credential in the New Credentials dialogue

When you connect to the CMCI connection with multi-factor authentication support, select to use the MFA credential you defined. When you are prompted to specify a password or passphrase, specify your password or passphrase coupled with an authentication token in the Password or Passphrase field. If you don't know how to concatenate your password or passphrase and the authentication token, ask your system administrator.

Figure 2. Prompt upon sign-on with MFA
Signing on with an MFA credential in the Signon dialogue

The token has an expiration period. When it expires, you are prompted to specify your password or passphrase with a new token.

For detailed instructions on configuring a CICS Explorer connection to CICS, see Connecting CICS Explorer to CICS systems.