Hey Mark, the last two places I worked we had fire-call ID's that were 'suspended' (inactive) and after each use (DR) mostly ,secadmin would change the password, store the password in an envelope on a lock box in the computer room, this was before MFA, only MFA experience we have is windows, LAN ID's I suspect with MFA, you don't need to suspend the ID, since you'd need a password and a PIN to be valid?
Carmen Vitullo ----- Original Message ----- From: "Mark Jacobs - Listserv" <mark.jac...@custserv.com> To: IBM-MAIN@LISTSERV.UA.EDU Sent: Thursday, December 7, 2017 1:37:43 PM Subject: Fire-call, emergency RACF userid We have an emergency use userid with it's password "locked in a safe", which can be used by authorized people when/if needed. How do other organizations better control something like this? I'm asking since we're implementing MFA for "special" userids, and I don't know how to fit this shared userid into the MFA framework. -- Mark Jacobs Time Customer Service Global Technology Services The standard you walk past is the standard you accept. Lt. Gen. David Morrison ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN