You can bypass IBM® MFA for specific
applications and specific application users. After you bypass IBM MFA, the application users must use their RACF® credentials to log on.
Procedure
-
The following example creates default profiles as a fallback. UACC(NONE) allows IBM MFA authentication for all applications that are not otherwise
bypassed by more specific profiles.
RDEFINE MFADEF MFABYPASS.APPL.* UACC(NONE)
RDEFINE MFADEF MFABYPASS.USERID.* UACC(NONE)
RDEFINE MFADEF MFABYPASS.DEFAULT UACC(NONE)
-
The following example bypasses IBM MFA for the
MFATEST application for all users who have at least READ access to a profile in the MFADEF class for
the application.
RDEFINE MFADEF MFABYPASS.APPL.MFATEST UACC(READ)
-
The following example bypasses the MFATEST application only for user JSMITH.
RDEFINE MFADEF MFABYPASS.APPL.MFATEST UACC(NONE)
PERMIT MFABYPASS.APPL.MFATEST CLASS(MFADEF) ID(JSMITH) ACCESS(READ)
-
The following example bypasses IBM MFA for all
applications, except the MFATEST application identified with a profile in the MFADEF class with
access NONE:
RDEFINE MFADEF MFABYPASS.APPL.* UACC(READ)
RDEFINE MFADEF MFABYPASS.APPL.MFATEST UACC(NONE)
-
Refresh the MFADEF class:
SETROPTS RACLIST(MFADEF) REFRESH