We have MFA for the Mainframe - 2 STC's and hooked into the ACS that is easy
Management wants to know if it’s a pipe dream to control Windows and distributed Systems from the mainframe. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Jousma, David Sent: Friday, May 9, 2025 9:29 AM To: [email protected] Subject: Re: Unification We are likely taking a different approach. We are migrating native green screen access to a Web emulator, and doing OKTA MFA to get to the front door. TN3270 servers will be locked down eventually to only accept IP connections from the emulator servers, stopping rogue access. Its easy to do MFA for standard TSO, CICS, etc interfaces, but we have a handful of other green screen apps that are not so friendly to entering OTC. Policy here is that push notifications to allow access are not allowed, which is what we were banking on to avoid issues with some of the other apps. Dave Jousma Vice President | Director, Technology Engineering From: IBM Mainframe Discussion List <[email protected]> on behalf of Jousma, David <[email protected]> Date: Friday, May 9, 2025 at 10:19 AM To: [email protected] <[email protected]> Subject: Re: Unification We are investigating. To incorporate OKTA into mainframe logons, you need IBM MFA installed, and then configure that to use OKTA as the OTC provider. IBM MFA is not in-expensive, it is licensed in packs of 500 users. Dave Jousma Vice President | Director, Technology Engineering From: IBM Mainframe Discussion List <[email protected]> on behalf of Steve Beaver <[email protected]> Date: Friday, May 9, 2025 at 9:34 AM To: [email protected] <[email protected]> Subject: Unification Has anyone shop attempted to unify all accesses for Windows, Distributed Systems, And zOS under something like Okta and been successful Steve ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
