Vanguard is pleased to introduce ez/Token™, a two-factor authentication solution integrated with RACF® for users logging on to the mainframe.
Vanguard ez/Token is a two-factor RSA authentication solution that allow users to authenticate through either RSA SecurID, SafeSign, or ActivIdentity tokens to the zSeries Server or any other application currently using RACF authentication. The ez/Token solution provides a more secure alternative than the usual RACF user ID/password combination. With ez/Token, users substitute a new, one-time passcode in place of a password. Passcodes are generated randomly every 60 seconds. For enhanced security, the passcode can be combined with a PIN number.
With Vanguard ez/Token users can:
- Authenticate through either an ActivIdentity or RSA SecurID token to log on to the Mainframe via TSO, CICS, IMS, or any other application using RACF authentication.
- Perform New PIN and Next Token Code operations through a Web interface.
Authenticate with ez/Token
The ez/Token authentication exit authenticates users logging on to the zSeries Server or any other application that uses RACF security, through either an ActivIdentity or RSA SecurID tokens.
Next Token Code
The ez/Token Website Next Token Code page allows users to get the Next Token Code for their user ID when necessary.
The ez/Token Website New PIN page allows users to change the PIN for their user ID when necessary.
Vanguard ez/Token Components
Vanguard ez/Token is comprised of the following components:
Security on Demand Host Server
The Security on Demand host server (VIPMAIN) runs as a started task on an IBM mainframe server. The Security on Demand host server is integrated with the Vanguard Security Solutions product installation.
ez/Token Agent Daemon
The ez/Token Agent Daemon provides remote clients, such as the ez/Token Website and ez/Token Authentication Exit, the ability to authenticate either an ActivIdentity, SafeSign, or RSA SecurID tokens, change PINs and get the Next Token Code by redirecting requests from these remote clients to the RSA ACE/Server via the RSA Application Programming Interface (API).
ez/Token Mainframe Authentication Exit
The ez/Token Mainframe authentication exit selectively redirects certain RACF users to authenticate using RSA or SafeSign two-factor tokens instead of a RACF password. This exit talks to the ez/Token Agent Daemon.
The ez/Token Website communicates with the ez/Token Agent Daemon to allow users to perform New PIN and Next Token Code operations. The ez/Token authentication exit on the mainframe does not have the capability to provide these interfaces therefore the website provides these functions.
- Eliminates the need for users to remember passwords.
- Requires no changes to logon screens.
- Allows you to dynamically choose which users will be authenticated with either an ActiveIdentity, SafeSign, RSA SecurID®, or native RACF.
- Allows you to dynamically choose which users will or will not require a PIN number.
- Eliminates Help Desk calls for forgotten passwords.