Top Secret

Hello,
We already implemented TOPSECRET MFA together with TPX SSO to easen OTP password usage by only entering userID/password to the first logon screen.  Switch to the other apps inside TPX handled by the pass ticket support without entering passwords again and again.  By this support sysprogs are happy to to use MFA password only once to access other apps multiple times a day without additional passwords.

However there are other non-3270 apps and accounts accessing mainframe like MSM, CICS explorer outside TPX that we have to implement MFA. Either we need to implement every non-3270 app to use MFA individally or need an orchestrating app like TPX SSO  via passtickets. Any such solution or implementation?

Regards,

------------------------------
Security Architect (TISO)
Garanti BBVATechnology
------------------------------

Adnan,
Support for MFA is dependent on each individual product that uses it to support it.  Doesnt matter if the application has a green screen type interface or a GUI based interface.

The application must issue the appropriate RACROUTE security call for a MFA signon. 

Once the application issues the appropriate security call for a MFA signon, Top Secret or ACF2 will respond to the MFA signon request. He doesnt care what application its is coming from and the type of user interface it is using like 3270 or GUI. All that matters is the MFA signon security call is being done.

Same for passtickets. The application must have the appropriate security calls for passticket signons. Top Secret doesnt care the if its GUI or 3270. As long as the application issues the appropriate security calls for the passticket signon thats all that matters.

Please submit an idea on ideation for those products that dont currently support MFA or passtickets, so the functionality can be voted on by the community and considered by Top Secret product owner to be added for a future release or maintenance level of the product.

Please let me know if there are any questions.

Regards,

Joseph Porto - Broadcom Level 1 Support



​
Original Message:
Sent: 07-16-2020 07:56 AM
From: ADNAN CAN
Subject: SSO support for non-3270 applications

Hello,
We already implemented TOPSECRET MFA together with TPX SSO to easen OTP password usage by only entering userID/password to the first logon screen.  Switch to the other apps inside TPX handled by the pass ticket support without entering passwords again and again.  By this support sysprogs are happy to to use MFA password only once to access other apps multiple times a day without additional passwords.

However there are other non-3270 apps and accounts accessing mainframe like MSM, CICS explorer outside TPX that we have to implement MFA. Either we need to implement every non-3270 app to use MFA individally or need an orchestrating app like TPX SSO  via passtickets. Any such solution or implementation?

Regards,

------------------------------
Security Architect (TISO)
Garanti BBVATechnology
------------------------------

Hello Joseph,
My  question is more on SSO rather than MFA. We started to implement MFA but to simplify logon to MF apps we already implemented TPX SSO and then MFA.
We cannot use TPX for non-3270 apps for SSO therefore we need a TPX like SSO solution either from you or from IBM to easen logon to non-3270 apps.  ​
I cannot open ideation due to may account problems I need to recreate my account. 

regards, Adnan.

------------------------------
Security Architect (TISO)
Garanti BBVATechnology
------------------------------

Original Message:
Sent: 09-23-2020 05:15 PM
From: JOSEPH PORTO
Subject: SSO support for non-3270 applications

Adnan,
Support for MFA is dependent on each individual product that uses it to support it.  Doesnt matter if the application has a green screen type interface or a GUI based interface.

The application must issue the appropriate RACROUTE security call for a MFA signon. 

Once the application issues the appropriate security call for a MFA signon, Top Secret or ACF2 will respond to the MFA signon request. He doesnt care what application its is coming from and the type of user interface it is using like 3270 or GUI. All that matters is the MFA signon security call is being done.

Same for passtickets. The application must have the appropriate security calls for passticket signons. Top Secret doesnt care the if its GUI or 3270. As long as the application issues the appropriate security calls for the passticket signon thats all that matters.

Please submit an idea on ideation for those products that dont currently support MFA or passtickets, so the functionality can be voted on by the community and considered by Top Secret product owner to be added for a future release or maintenance level of the product.

Please let me know if there are any questions.

Regards,

Joseph Porto - Broadcom Level 1 Support



​
Original Message:
Sent: 07-16-2020 07:56 AM
From: ADNAN CAN
Subject: SSO support for non-3270 applications

Hello,
We already implemented TOPSECRET MFA together with TPX SSO to easen OTP password usage by only entering userID/password to the first logon screen.  Switch to the other apps inside TPX handled by the pass ticket support without entering passwords again and again.  By this support sysprogs are happy to to use MFA password only once to access other apps multiple times a day without additional passwords.

However there are other non-3270 apps and accounts accessing mainframe like MSM, CICS explorer outside TPX that we have to implement MFA. Either we need to implement every non-3270 app to use MFA individally or need an orchestrating app like TPX SSO  via passtickets. Any such solution or implementation?

Regards,

------------------------------
Security Architect (TISO)
Garanti BBVATechnology
------------------------------