You can bypass IBM® MFA for an application by
using the user ID that submits the RACROUTE REQUEST=VERIFY request for the
application. After you bypass IBM MFA, the application users must use their RACF® password to log on.
About this task
Note: You might find it convenient to use SDSF to view the job status and determine the
user ID. The Owner column identifies the user ID. You cannot use an Owner marked as plus signs
(+).
Procedure
-
The following example creates default profiles as a fallback. UACC(NONE) allows IBM MFA authentication for all applications that are not otherwise
bypassed by more specific profiles.
RDEFINE MFADEF MFABYPASS.APPL.* UACC(NONE)
RDEFINE MFADEF MFABYPASS.USERID.* UACC(NONE)
RDEFINE MFADEF MFABYPASS.DEFAULT UACC(NONE)
-
The following example bypasses IBM MFA for MFATEST
for all users with READ or higher access to the profile.
RDEFINE MFADEF MFABYPASS.USERID.MFATEST UACC(READ)
-
The following example bypasses IBM MFA for an
application identified by the MFATEST user ID only for user JSMITH.
RDEFINE MFADEF MFABYPASS.USERID.MFATEST UACC(NONE)
PERMIT MFABYPASS.USERID.MFATEST CLASS(MFADEF) ID(JSMITH) ACCESS(READ)
-
Refresh the MFADEF class:
SETROPTS RACLIST(MFADEF) REFRESH