Specifying IP-Groups
You can specify (on the Users Requiring MFA screen, shown in MFA Settings for Persons) that users may bypass Multi Factor Authentication if they are connecting from certified network IP addresses.
To specify network IP addresses from which particular users may access the system without added authentication, select 8. Certified Network IP Addresses from the main Multi Factor Authentication (MFA) menu. The Work with Certified Network IP Addresses screen appears:
| Current MFA Controlled Sessions System: RLDEV Type options, press Enter. 1=Display 5=DSPJOB Subset . . . . . Opt Person Current-user System Job User Number Started (No data found to construct list) F3=Exit F5=Refresh |
The body of the screen contains lines for each user or Generic* user. Each line contains the fields:
User
The username or Generic* name of the users
IP Addresses
Certified IP addresses for the user. If they connect from these IP Addresses, and the user is set not to require MFA when connecting via that protocol via certified addresses (by setting the field for that user and protocol to the letter O on the Users Requiring MFA screen), MFA is not required.
To modify the certified IP addresses for a user, enter 1 in the Opt field for that user. The Modify User of Certified Network IP Addresses screen appears, as shown in Modifying Certified Network IP Addresses.
To add users and their certified IP addresses, press the F6 key. The Add User of Certified Network Addresses screen appears, as shown in Adding Users of Certified Network IP Addresses.