Before using the Emergency Mode to deny all users access to authentication, you must have at least one Assure MFA setting enabled to ensure that you as the MFA administrator are not completely locked out of the system.
If all Assure Security administrators’ user profiles require authentication, denying access with emergency mode will also deny you access. You must be able to access the system with either the QSECOFR profile or a profile that can access the system from the System Console or the controlling subsystem.
From a 5250 command line, do the following:
- Access the Assure Security Settings screen using the name of the instance library in this command: instance-library/WRKQJSET.
- To locate the following settings, in the filter line above the list, type
RAMI PROTECTION and press
Enter.
Group Member Keyword RAMI QCONSOLE PROTECTION RAMI QCTLSBS PROTECTION RAMI QSECOFR PROTECTION
At least one of these settings must have a value of *ALLOW in the Value column of the Assure Security Settings screen.
- To change a setting, type 2 next to it and press Enter. The setting and its possible values are displayed.
- Type the value *ALLOW on the command line and press Enter.