Set up an Automated Sign-On for Mainframe Session

Using the Management and Security Server Automated Sign-On for Mainframe Add-On, you can enable a user to authenticate to a front-end system using a modern form of authentication (such as a smart card, certificate, LDAP password, Kerberos, etc.) and then be automatically logged on to a z/OS mainframe application.

NOTE:The Automated Sign-On for Mainframe Add-on requires the base installation of Host Access Management and Security Server, which provides the Administrative Server. It is not included with the Management and Security Server license. To activate this product, you must purchase a separate license.

Automated Sign-On solves problems associated with credentials typically required for mainframe applications. Mainframe applications prompt for traditional credentials (a user name and password) and are typically hard-coded to accept a maximum of 8 characters for these credentials. Changing the password to match the user enterprise password is often not practical because of the mainframe limits on password character length and coordination of password changes. Because of this limitation, logging on to mainframe applications requires an identify that is separate from the user enterprise identity.

Automated Sign-On solves this problem by providing middleware that maps the user enterprise identity to the user mainframe identity. When using a Reflection session configured to use Automated Sign-On, the user authenticates to the front-end system using a modern authentication method. After authentication through the front-end system, the user is automatically logged into the host application.

To implement Automated Sign On, you’ll need to configure the Administrative Server, the Reflection emulation client session, and the z/OS mainframe. For configuration instructions, see the Automated Sign-On for Mainframe Administrator Guide provided with the add-on.