IBM Multi Factor Authentication MFA changes in AZFEXEC not being saved

book

Article ID: 225459

calendar_today

Updated On:

Products

CA ACF2 - z/OS

Issue/Introduction

AZFEXEC utility is not saving configuration data 
the ACF2 provided R_factor callable service function 2, set general factor data, is not saving the MFA factor data when MFA performs the call.

 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

Define the AZFSTC Factor and Run the AZFEXEC Clist
The following steps are required to define the AZFSTC factor:
Define the AZFSTC factor record for the IBM MFA started task:
SET CONTROL(FACTOR) INSERT AZFSTC F ACF2,REFRESH(FAC),TYPE(FAC)
Authorize the administrator who executes the AZFEXEC clist.
When AZFEXEC is run, CA ACF2 reads and updates CONTROL(FACTOR) records in the CA ACF2 INFOSTG database.

SECURITY is needed on the logonid running AZFEXEC.

If the SECURITY logonid is scoped, it also requires read and update access to IRR.RFACTOR.MFADEF.- in the FACILITY class.

SET RESOURCE(FAC)
RECKEY IRR ADD(RFACTOR.MFADEF.- UID(azfadministrator_uid) SERVICE(READ, UPDATE) ALLOW)