When configuring your WebSphere Application Server for z/OS system to use SAF (RACF), having configured WebSphere Application Server for z/OS appropriately with the z/OS Profile Management Tool or ISPF customization panels, you must set the curam.security.zos.saf property to true before running the configure target.
When running the configure target the default value for property curam.security.user.registry.enabled is true. Overriding curam.security.user.registry.enabled by setting it to false is not recommended. Property curam.security.check.identity.only can be set as per your requirements (see below).