Hi A lot of our customers have implemented MFA for their Windows logon but have not thought about or not implemented MFA on their z/OS applications for various reasons. However due to compliance regulations we are seeing a sea change and customers are now engaging with us for best practice etc. The first issue is what Authentication factors do you want to use. This is a lot easier if you have already implemented elsewhere, such as Windows logon. Then where best to implement MFA on your z/OS applications. You could update all of your applications to accept MFA credentials, ok if you just have say TSO and CICS as IBM have done this for you but not ok if you have numerous other applications which could mean a lot of updates, testing and disruption. Or you could just utilize your 3270 session manager and therefore implement it in one place. Also means if you add or change authentication factors you only have to implement it and test it in one place rather than all of your z/OS applications. Then of course you need to decide who's MFA software to use, IBM's or another vendor. But we are finding that customers who have already implemented MFA for their Windows logon just want to use these credentials for their z/OS applications. This is possible to do! But it involves a lot of complicated development involving trusted realms between say Active Directory and RACF. We have implemented it here at Macro 4 utilizing our Tubes 3270 session manager. (Sorry for the indirect sales pitch but I just wanted to emphasis it can be achieved). If you want to utilize Windows credentials or centralize it on your 3270 session manager then please drop me an email ([email protected]) and I will be happy to discuss further. Regards Keith Banham R&D Manager, Macro 4
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
