Additional specificity through ACL and UACC
For all three scenarios, you can further qualify which specific application users are allowed for IBM® MFA or bypassed by using an ACL or UACC.
You can bypass IBM MFA authentication for an application if the user being authenticated has a minimum of READ access to the profile in the MFADEF class for the application. If the user does not have a minimum of READ access to the profile in the MFADEF class for the application, IBM MFA is required.
RACF® considers ACL's first:
- If the user is on the access list (either explicitly or using the group names in which the user is a member), return that access.
- If the user is not on the access list, return the access defined by UACC.