Implementing IBM MFA out-of-band authentication. Once an MFA approved and activated userid gets a logon token and pastes it into the TSO logon password field gets "Invalid password" message.
Need to activate IBM MFA globally using the TSS MFA option:
Need to enable MFA(IBMRSA(FACILITY)).
1. Is it necessary to enable the TSS MFA option for MFA to work or can MFA be enabled on an individual userid basis
2. If the MFA(IBMRSA(FACILITY)) option is required, will this affect all users. Do not want to enable a global option that will break regular password logons.
Release : 16.0
Component : CA Top Secret for z/OS