Broadcom Identity Manager product can see MFA segments via LDAP in Top Secret but cannot attach an MFA segment to a user in Top Secret.

Error messages from Identity Manager attaching an MFA segment to a user through Broadcom LDAP:

:ETA_E_0085<MAC>, User Account 'USERA' on 'CIVL' synchronization with Account Template 'AT_TEST_MFA' failed: 
Connector Server Modify failed: code 80 (OTHER-LdapNamingException): failed to modify entry:
 eTDYNAccountName=USERA,eTDYNAccountContainerName=ACIDs,eTDYNDirectoryName=CIVL,eTNamespaceName=CA Top Secret v2,
dc=PARIS,dc=etasa: JCS@s00v09972012: JNDI: [LDAP: error code 80 
- LDP2108E TSS error adding tssMfaFactor(TSS0203E YOU ARE NOT AUTHORIZED FOR THIS TSS FUNCTION)]: 
failed to add tssacid=USERA,host=Company!,o=ABC,c=USA (ldaps://##.###.##.###:nnnnn)

Release : 16.0

Component : CA LDAP Server

TSS ADD(dept) CASECMFA(TSSMFA.xxx) TSS PERMIT(user) CASECMFA(TSSMFA.RAD.TSO) ACC(USE) Add, Modify, or Remove Factor Authentication Data for an ACID A Master Security Control ACID (MSCA) or Central Security Control ACID (SCA) with proper authorities     

so only an MSCA or SCA can change an MFA segment on an acid.