Bypassing IBM MFA for applications by application name

You can bypass IBM® MFA for specific applications and specific application users. After you bypass IBM MFA, the application users must use their RACF® credentials to log on.

Procedure

  1. The following example creates default profiles as a fallback. UACC(NONE) allows IBM MFA authentication for all applications that are not otherwise bypassed by more specific profiles.
    RDEFINE MFADEF MFABYPASS.APPL.* UACC(NONE)
    RDEFINE MFADEF MFABYPASS.USERID.* UACC(NONE)
    RDEFINE MFADEF MFABYPASS.DEFAULT UACC(NONE)
  2. The following example bypasses IBM MFA for the MFATEST application for all users who have at least READ access to a profile in the MFADEF class for the application.
    RDEFINE MFADEF MFABYPASS.APPL.MFATEST UACC(READ)
  3. The following example bypasses the MFATEST application only for user JSMITH.
    RDEFINE MFADEF MFABYPASS.APPL.MFATEST UACC(NONE)
    PERMIT MFABYPASS.APPL.MFATEST CLASS(MFADEF) ID(JSMITH) ACCESS(READ)
  4. The following example bypasses IBM MFA for all applications, except the MFATEST application identified with a profile in the MFADEF class with access NONE:
    RDEFINE MFADEF MFABYPASS.APPL.* UACC(READ)
    RDEFINE MFADEF MFABYPASS.APPL.MFATEST UACC(NONE)
  5. Refresh the MFADEF class:
    SETROPTS RACLIST(MFADEF) REFRESH