The suspension threshold limits the number of times a user consecutively fails to provide a valid TOTP code. If the user fails more than this number of times, their SUSPENDED tag is set to YES. The suspension threshold setting is separate and distinct from a RACF® revoked status.
About this task
See Configure AZFTOTP1 for important information regarding the Suspension Threshold setting.
Procedure
-
Enter the following command to display IBM® MFA
information for a user profile, including the suspended state:
MULTIFACTOR AUTHENTICATION INFORMATION:
---------------------------------------
FACTOR = AZFTOTP1
SUSPENDED:YES a
FAILCOUNT:0 b
STATUS = ACTIVE
FACTOR TAGS =
REGSTATE:PROVISIONED
Callout Notes:
- The user has exceeded the suspension threshold you set, and the SUSPENDED tag is set to
YES.
- The user's consecutive failure count is reset to zero.
-
Enter the following command to reactivate a user for TOTP.
ALU [Login ID] MFA(FACTOR(AZFTOTP1)
TAGS(SUSPENDED:NO))
-
Enter the following command to confirm that the user is no longer in the suspended state: