In the documentation related to the Configuration of MFA for RACF, it is mentionned;

Use the PTKTDATA resource class to define profiles that contain the encryption key that is used for generating and
validating PassTickets.
Follow these steps:
1. Define resource ENDEVOR in class APPL and give access to group NDVRGRP:

RDEFINE APPL ENDEVOR UACC(NONE)
PERMIT ENDEVOR CL(APPL) ACCESS(READ) ID(NDVRGRP)
SETROPTS RACLIST(APPL) REFRESH

A profile is added for each APPLID that receives signons with PassTickets

But there is no detail about 'NDVRGRP' RACF group creation.
Does it mean a new RACF group 'NDVRGRP' must be created from scratch to associate it with the resource ENDEVOR in class APPL ?
Otherwise is it possible to re-use any existing RACF group, matching the site standards, created for Endevor functional users ?

Release : All from 18.0.12

NDVRGRP is not a mandatory name and GROUP ID can follow the Site standards.
Thus, any existing GROUP ID nameid associated with the resource ENDEVOR in class APPL can be used, as follows:

RDEFINE APPL ENDEVOR UACC(NONE)
PERMIT ENDEVOR CL(APPL) ACCESS(READ) ID(nameid)
SETROPTS RACLIST(APPL) REFRESH

Where nameid is the existing GROUP ID.