Close this search box.

Enhancing Security and Identity Management with the LzLabs Software Defined Mainframe (SDM)

In today’s dynamic digital landscape, organisations are constantly seeking ways to bolster their security and streamline identity management processes. The Software Defined Mainframe® (SDM) environment, a transformative technology solution for running mainframe applications on modern commodity x86 cloud instances and on-premise virtual machines or physical hardware, is no exception to these evolving security needs. In this blog post, we will explore how the SDM allows legacy mainframe applications to get seamlessly integrated into modern Identity Management solutions.

Why is this relevant to the CIO? 

Migrating your legacy applications to the SDM environment empowers your organisation to adopt leaner processes, accelerate onboarding, increase automation, and reduce duplication of efforts across teams. Additionally, the SDM allows you to adapt your processes at your own pace. You can continue using existing processes during and after the migration of legacy applications to the SDM, implementing changes when capacity permits. This approach mitigates the risks associated with “big bang” changes. 

Streamlining Identity Management using SCIM 

The SDM enables a step-by-step approach to modernising mainframe systems, empowering organisations to adapt and thrive in the digital age. As the SDM adoption increases, one of the key challenges organisations face is efficient identity management, especially in heterogeneous environments with multiple identity and access management (IAM) solutions and processes. 

This is where SCIM, short for System for Cross-Domain Identity Management, comes into play. SCIM is an industry-standard protocol that facilitates seamless identity and access management across different domains and applications. It leverages the power of JSON (JavaScript Object Notation) and operates over the HTTP protocol, making it an ideal choice for modern, web-based applications. 

Key Advantages of using SCIM in the SDM: 

  1. Standardisation: SCIM is standardised by the Internet Engineering Task Force (IETF) in RFC 7643 and RFC 7644. This ensures compatibility and interoperability across various IAM solutions, streamlining integration efforts. 
  1. Integration Flexibility: Most IAM providers have implemented SCIM, making it a natural choice for the SDM. This allows the SDM to seamlessly integrate with a wide range of IAM solutions, whether they are on-premises or cloud-based. 
  1. Simplified Identity Provisioning: SCIM simplifies the process of provisioning user identities within the SDM environment. It allows for the automated creation, modification, and deactivation of user accounts, reducing administrative overhead. 
  1. Security: SCIM provides robust features to ensure secure identity and access management operations. This is particularly important in SDM environments where sensitive resources may be accessed. 
  1. Internal Tooling: SCIM is not limited to external IAM solutions. Many internal SDM tools are transitioning from raw LDAP access to SCIM due to its standardised nature. This shift enhances the overall consistency and manageability of identity management within the SDM environment. 

Leveraging SCIM for common identity management tasks 

Integrating the SDM into an IAM solution like Okta or SailPoint enables the following scenarios:  

  • Provisioning user accounts for new hires in the central IAM solution automatically provisions their accounts on the SDM as well. This means new hires can instantly access all their allocated resources, whether it is corporate email accounts, documentation, or SDM resources. No longer is there a need for a dedicated team to manage separate legacy security. 
  • Resetting passwords for user accounts applies to all IAM-integrated environments, including the SDM. Similarly, suspending or unlocking absentee or leaving user accounts can be done globally across all integrated environments at once. 
  • Migrating existing accounts from the legacy environment to the SDM often results in mismatched account IDs on the IAM solution. This leads to users managing one account for the legacy environment and another for everything else. The SDM allows the mapping of legacy IDs to IAM account IDs, allowing migrated accounts to be provisioned by an IAM solution. This unifies user accounts, enhances corporate security, and centralises management in one location under a single team, saving costs and time. 
  • Many IAM solutions support creating workflows to automate recurring tasks. For instance, you can set up a workflow to search for accounts unused on the SDM in the last 60 days and temporarily suspend them. This improves the overall security hardening of your environment over time. 


In the ever-evolving world of IT and mainframe modernisation, security and identity management are crucial. The SDM, with its transformative capabilities, allows organisations to enhance their security posture and streamline identity management processes. 

The adoption of SCIM as an industry-standard protocol for identity and access management within SDM environments brings several advantages. It promotes interoperability, simplifies identity provisioning, and ensures a secure user experience. Whether integrating with external IAM solutions or transitioning internal tools to SCIM, you can achieve greater consistency and efficiency in identity management. As organisations continue to embrace the SDM, a holistic approach to security and identity management will be vital for unlocking the full potential of this transformative technology. By leveraging SCIM for identity management, SDM-hosted applications can operate with confidence in today’s dynamic digital landscape. 


Click here to attend our Webinar: Demystifiyng Mainframe Migration Security

Related articles.