Mainframe Architect MFA resource
Remote
Infrastructure Mainframe Architect MFA resource
See description:
An architect for designing the complete solution … Need design for the overall phases of the project from an architecture perspective.
The activities included are:
Phase 1
1.1.1 Stream 1 – Preparation
- Define project activities
- Identify with client’s key stakeholders including the 10 test users
- Identify Roles and responsibility of team
- Request relevant documentation
1.1.2 Stream 2 – Design document
- Review documentation
- Understand how EntraId is hosted and configured
- Discover which channel can be used for MFA pushes
- Understand current zMFA implementation
- Elaborate each of the 3 use cases
- Elaborate requirement aligned with use cases
- Define design document for all environments
1.1.3 Stream 3 – Implementation zMFA for ACF2
- If needed, Install and configure IBM zMFA components on the z/OS systems
- Apply required IBM ZMFA maintenance & updates as recommended by IBM
- Configure zMFA runtime parameters, including:
- High-level qualifiers (HLQs)
- USS directory structures and permissions
- Java runtime and environment variables
- Configure zMFA communication services, including:
- Listener and service ports required for authentication requests
- Secure (TLS) communication between zMFA and the external MFA provider
- Define and configure required zMFA started tasks and supporting services
- Integrate with Entra ID MFA enforcement points for interactive access paths, including TPX, Personal Communications (PCOMM), and web-based access tools
- Validate successful startup and operation of zMFA services and confirm readiness for integration testing with Microsoft Entra ID MFA Implementation Entra ID MFA (based on availability of configured tenant
1.1.4 Stream 4 – Implementation zMFA for RACF
- Installation and Base Configuration of zMFA components which is in-scope z/OS systems protected by RACF.
- Apply required IBM zMFA maintenance, PTFs, and updates as recommended by IBM to ensure compatibility with RACF and z/OS.
- zMFA Runtime Configuration & parameters, including:
- High-level qualifiers (HLQs) for zMFA datasets
- USS directory structures and associated RACF OMVS permissions
- Java runtime configuration, JVM parameters, and environment variables
- zMFA Communication Services Configuration & services, including:
- Listener and service ports required for authentication and RADIUS processing
- Secure (TLS) communication between zMFA and the external MFA provider
- Define and configure required zMFA started tasks and supporting services, including:
- APF authorization for required load libraries
- Integrate zMFA with Microsoft Entra ID MFA via RADIUS for interactive access methods, including:
- TPX multi-session access
- Direct TSO / Personal Communications (PCOMM) access
- Web-based access tools (z/OSMF, Zowe, IDz)
- Validate successful startup and operation of ZMFA services, confirm RACF policy enforcement, and verify ready-to-end integration testing with Microsoft Entra ID MFA.
1.1.5 Stream 5 – Implementation EntraID MFA
- Setup and configure MFA account and groups for test accounts
- Configure TOTP MFA
- Configure enrollment process
- Recovery procedure for re-registration, token issues
- Integrate with zMFA
- Test use cases
- Approval
Phase 2
1.1.6 Stream 1 – Full roll-out preparation
- Define additional use cases
- Identify all mainframe instances
- Define additional requirements including break glass, disaster recovery, alternative authentication methods including out of band
Define required procedure for enrollment
Never miss an opportunity! Create an alert based on the job you applied for.
