Duo Security Login to Mainframe and AS/400 Hosts
We have discussed the importance of secure login in our previous posts about multi-factor authentication.
When you incorporate multi-factor authentication (MFA) methods at your access point, your users will be required to confirm their identity presenting two or more “factors” or pieces of evidence that prove they are who they say.
The adoption of such a security measure minimizes the risks of non-authorized user access to your databases, websites and other critical data. As said Keith Banham, Mainframe Research and Development Manager at Macro 4:
“Continuing to rely on a password alone for user authentication exposes business-critical applications to unacceptable risk. Hackers are now very adept at misleading people into revealing their passwords or they use technology to crack, steal or by-pass them altogether.”
At Cybele Software, we encourage our web terminal emulation users to adopt MFA methods to prevent security access britches on the login instance of Mainframe and AS/400 hosts.
We have been presenting different articles with tutorials to cover the available options, and we hope you consider them all and chose the best for your present scenario.
Integrate Duo 2FA Secure Login to z/Scope Anywhere v8.5
After checking that you’re running the latest version (1), please follow these steps:
On the Duo admin login page (open it here):
1) Navigate to the “Applications” tab and click on “Protect an Application”:
2) Search for “Web SDK” and click on “Protect this Application”:
3) In here, you will find your “Integration Key”, your “Secret key” and your “API Hostname”, required to configure the terminal emulation server’s side:
4) Open the z/Scope Anywhere Configuration Manager, click on “Server Settings”, navigate to the “Authentication” tab, click on “Add”, and chose “DUO”.
5) You must now enter your “Integration Key”, “Secret Key”, and “API Hostname” provided by DUO:
6) Click “OK” and “Apply”.
7) Navigate to the z/Scope Anywhere server.
A new method of authentication should have been added to the drop-down menu:
After you enter valid DUO credentials, you will be redirected to the 2FA option method:
You can choose to either:
- Send a push to a DUO validated mobile device ( Using the DUO Mobile application )
- Call a number associated with that DUO account.
- Send an SMS text message with a Passcode.
And that’s it!
(1) z/Scope Anywhere 7 has been replaced by version 8.5 (see the release notice here). This security feature was not supported by previous terminal emulation editions, neither desktop or web-based.
If you have a z/Scope Anywhere 7 license, contact our support team to check whether you are entitled to run a free update. You can also request our help to check exactly the version you run.
To download a setup for the latest build visit our download page or take a look to the features page to learn the advanges of switching from the desktop terminal emulator to a web browser client to access your mainframes.
If you want to read more about the reasons why you should adopt further security measures, take a look to Keith Banham’s article about mainframe security.
Quick Tip: Learn how to configure Centrify SSO with SAML for z/Scope Anywhere.
Is there any other MFA you would like us to support?
Contact us at [email protected] or leave a message on this same post.