z/Scope Anywhere Web Terminal Emulator

Duo Security Login to Mainframe and AS/400 Hosts

Duo Security Login to Mainframe and AS/400 Hosts

We have discussed the importance of secure login in our previous posts about multi-factor authentication.
When you incorporate multi-factor authentication (MFA) methods at your access point, your users will be required to confirm their identity presenting two or more “factors” or pieces of evidence that prove they are who they say.
The adoption of such a security measure minimizes the risks of non-authorized user access to your databases, websites and other critical data. As said Keith Banham, Mainframe Research and Development Manager at Macro 4:

“Continuing to rely on a password alone for user authentication exposes business-critical applications to unacceptable risk. Hackers are now very adept at misleading people into revealing their passwords or they use technology to crack, steal or by-pass them altogether.”

At Cybele Software, we encourage our web terminal emulation users to adopt MFA methods to prevent security access britches on the login instance of Mainframe and AS/400 hosts.
We have been presenting different articles with tutorials to cover the available options, and we hope you consider them all and chose the best for your present scenario.

Integrate Duo 2FA Secure Login to z/Scope Anywhere v8.5

After checking that you’re running the latest version (1), please follow these steps:
On the Duo admin login page (open it here):
Duo Security Login to Mainframe and AS/400 Hosts
1) Navigate to the “Applications” tab and click on “Protect an Application”:
Duo Security Login to Mainframe and AS/400 Hosts
2) Search for “Web SDK” and click on “Protect this Application”:
Duo Security Login to Mainframe and AS/400 Hosts
3) In here, you will find your “Integration Key”, your “Secret key” and your “API Hostname”, required to configure the terminal emulation server’s side:
Duo Security Login to Mainframe and AS/400 Hosts
4) Open the z/Scope Anywhere Configuration Manager, click on “Server Settings”, navigate to the “Authentication” tab, click on “Add”, and chose “DUO”.
Duo Security Login to Mainframe and AS/400
Duo Security Login to Mainframe and AS/400
5) You must now enter your “Integration Key”, “Secret Key”, and “API Hostname” provided by DUO:
Duo Security Login to Mainframe and AS/400
6) Click “OK” and “Apply”.
7) Navigate to the z/Scope Anywhere server.
A new method of authentication should have been added to the drop-down menu:
Duo Security Login to Mainframe and AS/400
After you enter valid DUO credentials, you will be redirected to the 2FA option method:
Duo Security Login to Mainframe and AS/400
You can choose to either:

  • Send a push to a DUO validated mobile device ( Using the DUO Mobile application )
  • Call a number associated with that DUO account.
  • Send an SMS text message with a Passcode.

And that’s it!

(1) z/Scope Anywhere 7 has been replaced by version 8.5 (see the release notice here). This security feature was not supported by previous terminal emulation editions, neither desktop or web-based.
If you have a z/Scope Anywhere 7 license, contact our support team to check whether you are entitled to run a free update. You can also request our help to check exactly the version you run.
To download a setup for the latest build visit our download page or take a look to the features page to learn the advanges of switching from the desktop terminal emulator to a web browser client to access your mainframes.
If you want to read more about the reasons why you should adopt further security measures, take a look to Keith Banham’s article about mainframe security.
Quick Tip: Learn how to configure Centrify SSO with SAML for z/Scope Anywhere.

Have any questions?

Book a call today to learn more about how Thinfinity® can help your organization. We are always available to guide you and provide the best solution based on your specific needs.

Add Comment

Blogs you might be interested in

<span>AS/400</span>, <span>Cloud Service provider (CSP)</span>, <span>Duo</span>, <span>Enterprise</span>, <span>IBM iSeries</span>, <span>IBM zSeries</span>, <span>IT Security</span>, <span>Mainframe Access</span>, <span>Managed Service Providers (MSP)</span>, <span>MSSP</span>, <span>RBAC</span>, <span>Secure Access</span>, <span>System Integrator</span>, <span>Terminal Emulation</span>, <span>TN3270</span>, <span>TN5250</span>, <span>VT</span>