IBM MFA allows you to create multiple instances of factors for the following factors:

• AZFRADP1
• AZFSIDP1
• AZFSIDP3
• AZFSIDR1
• AZFSFNP1
• AZFLDAP1
• AZFISAM1
• AZFCKCTC
• AZFOIDC1

The IBM documentation mentions defining a resource profile in MFADEF class, but this does not work in ACF2. How can these multiple instances of factors be defined?

ACF2 uses CONTROL(FACTOR) records instead of the MFADEF class. The suffix that is specified in IBM MFA is appended to the end of the factor name. An example of creating a factor record for AZFRADP1 could look like this if a suffix of #2 was specified in IBM MFA:

SET C(FACTOR) 
INSERT AZFRADP1#2
F ACF2,REFRESH(FAC),TYPE(FAC)

In addition, verify access to the IRR.RFACTOR.MFADEF.factornameandsuffix resource in the FACILITY class for the administrators who execute the panels. The user ID of the IBM MFA web services started task also requires READ access to this resource.

SET RESOURCE(FAC)
RECKEY IRR ADD(RFACTOR.MFADEF.- UID(admin_uid) ALLOW)
RECKEY IRR ADD(RFACTOR.MFADEF.- UID(azfweb_uid) SERVICE(READ) ALLOW)
F ACF2,REBUILD(FAC)