ACF2 protected system with IBM Z Multi-Factor Authentication AZFSIDP1 factor RSA SecurID. ACF started task is active
Logonids can signon using either password or RSA Token, they should only be permitted to use RSA Token.
The MFA AZFLDAP1 factor was configured using both the PROFILE(USER) DIV(MFA) profile record method and the $USERDATA line of a resource rule called RSAUMAP in the CASECMFA class method.
Only one of the above methods to map a logonid to a RSA userid should be done.
After removing the $KEY(RSAUMAP) TYPE(CAS) rule, issuing the F ACF2,REBUILD(CAS), and re-cycling the AZF#IN00 task, the logonids defined for RSA SecurID (AZFSIDP1) can only signon using an RSA token.
For more information see:
Step 4 of Define RSA SecurID (AZFSIDP1) Support