Grafik Airlock IAM

Airlock IAM

Central access management
Request an online demo
About Airlock IAMReferenceHighlightsFunctionsDownloadsContact

Airlock identity- and access-management

The increasing automation and digitisation of business processes requires absolutely secure and efficient access procedures and this is precisely what Airlock’s customer identity and access management (cIAM) guarantees. The way in which users obtain authorisation to access data or applications is generally not standardised. This is where Airlock IAM comes in and offers centralised identity management and organisation of access permissions, for applications and APIs, alike. Integrated applications can be bundled as a single sign-on (SSO) group.

Airlock IAM is compatible with a wide spectrum of authentication methods and, therefore, offers various industries an easily integrated option for efficient user and access-rights management based on modern standards.

Airlock IAM is generally used in combination with Airlock WAF and Airlock API gateway within the Airlock Secure Access Hub. Airlock IAM’s role is to manage and authenticate users and to forward the relevant identity information to the desired application in an appropriate form.

From our point of view, the greatest advantages of Airlock IAM include the adaptability of the solution, the standardized connection options for new applications and surrounding systems, modularity and expandability. This project has clearly shown that the combination of a well thought-out architecture with the right product decision and the choice of the right partner leads to success.

Albert Frei, Head of Enterprise Platforms, Bank Vontobel AG

Case Study

Airlock IAM

Highlights
  • Authentication
    • Strong authentication
    • Step-up and step-down authentication
    • Adaptive or risk-based authentication
  • Single sign-on (SSO)
  • Identity federation
  • User self-service options
  • Social registration and logins (BYOI)

Airlock IAM 7.1

Airlock IAM 7.1 brings many new features:
The focus is on the implementation of the Payment Services Directive (PSD2) and on a new, structured reporting solution which supports the use of SIEM systems in an easier and better way. In addition, the existing REST interfaces were further expanded to make flows even more powerful and flexible and thus further develop the SPA Loginapp. Dynamic Client Registration is a new feature that optimizes operating costs with PSD2 because Trusted Third Parties can automatically register themselves based on OAuth standards. For the users of Docker as an operating environment, improvements have been implemented that reduce resource requirements and make integration with Docker even more seamless and simple.

Airlock IAM 7.1 will be available end of November 2019

 

Learn more

Releases
Airlock IAM 7.0
Airlock IAM 6.4

Customer IAM vs. Workforce IAM

Unlike workforce IAM systems, cIAM systems such as Airlock IAM focus on managing external users accessing in-house systems. cIAM systems are designed for simple scalability and large numbers of users. They also provide a seamless user experience, with optimised, integrated user interfaces for onboarding and self-services. Airlock IAM’s capacity for handling social identities (BYOI) and a high degree of flexibility in the authentication process (adaptive authentication) are two of its greatest strengths.

Features

The authentication platform Airlock IAM  provides versatile features that make it easy for you to securely manage your users.

Connecting to user directories

cIAM projects generally do not start as a blank slate. Airlock IAM’s integrated user management has thus been to easily connect to existing user databases and directories such as LDAP and Active Directory.

Authentication

Airlock supports a variety of methods

Adaptive authentication

Airlock IAM can dynamically manage user access in a range of ways, striking the perfect balance between security and user-friendliness for all requirements. In particular, it is possible to consider the real-time circumstances of the access attempt, for example, from the workplace, home or on the road, and a user’s access history. Supported concepts include:

 

  • RBAC/ABAC (role/attribute-based access control)
  • Risk-based authentication
  • Step-up and step-down authentication
  • Re-authentication and time-out functions for individual roles
  • Implementation of complex access policies via rules and logical operators

Strong authentication, broad selection

Strong authentication with two factors, also known as multi-factor authentication or MFA, is often used to ensure that a login is not compromised by the vulnerabilities of any single authentication method. Flexible combination options are especially important here and Airlock IAM is compatible with a range of solutions, including use with a password, Mobile TAN (mTAN), a Matrix card, email OTP, Kobil SecOVID, OneSpan (VASCO) Digipass, Swisscom Mobile ID (mobile signature services), client certificates such as X.509 or SwissID, as well as OneSpan Cronto-Sign and many more.

 

Single Sign-On (SSO) standards

The Secure Access Hub decouples the individual accesses from the applications and can, therefore, act as a smart identity switch. Depending on to where an access attempt is being forwarded, the identity of the authenticated user can be represented differently. This enables transparent, single sign-on that combines high levels of security with high user acceptance.

Airlock IAM supports a range of SSO standards and formats, including SAML 2.0 assertions, Kerberos tickets, OAuth 2.0 tokens, OpenID Connect 1.0 tickets, HTTP headers, URL tickets, and others.

Learn more about Single Sign-on

Social registration and BYOI

Users want to register and log in quickly and easily, re-using existing identities to avoid the need to set up yet another password. If users bring their identities with them for external access, this is called Bring Your Own Identity. The alternative to a clutter of passwords are the standards OAuth 2.0 and OpenID Connect 1.0. These allow the re-use of user identities and give users control. Should you not wish to rely entirely on an external identity provider, such as Facebook, Airlock IAM can add a second factor to these identities to enable strong authentication.

OAuth 2.0 is HTTP-based and, therefore, ideally suited to protect RESTful web services. When it comes to authorising access to enterprise APIs, for example to enable partners to access them, these standards are ideally suited.

Learn more about social registration

Comprehensive user self-service options

Setting up user accounts and registration processes typically elicit a lot of questions from users. Targeted user guidance and an optimised user experience are, therefore, crucial if helpdesks are to avoid being swamped with calls. Airlock IAM provides dozens of optimised, integrated UIs for registration, onboarding and self-services. These include kiosk and portal functions for managing the user’s own data, independent registration, also available via social media channels, and management of relevant accounts and tokens, including migration workflows. The integrated consent-management system also makes it possible to meet GDPR (General Data Protection Regulation) requirements for connected applications, quickly and easily.

 

More about user self services

Deployment

Docker image

Self-contained application

Downloads

Datasheet

Airlock IAM

Download PDF
Summary

Airlock Secure Access Hub Brochure

Download PDF
Summary

Product review Airlock IAM

Download PDF

Further functions

Authentification

The Secure Access Hub provides strong, adaptive and step-up authentication.

 

More about Authentication
Single Sign On (SSO)

With Single Sign-on your users get access to different services - with only one login.

 

More about Single-Sign On (SSO)
Mobile Security

Airlock offers end-to-end protection - from the mobile device to the REST API interface on the server.

 

More about Mobile Security
User Self-Services

Increase user comfort and relieve your support by delegating administrative tasks to your users.

 

More about User Self Services
Social Logins (BYOI)

Increase usability by letting your customers use existing social media accounts to sign up for your services.

 

More about Social Logins
Filtering (attack blocking)

Prevent current and future attack attempts with consistent filtering of all data traffic.

 

More about Filtering
Fraud prevention

The Secure Access Hub stops fraudulent attacks before they reach an application or service.

 

More about Fraud Prevention
SIEM integration

Airlock makes safety visible! So you can evaluate every detail of accesses and events relevant to security.

 

More about SIEM Integration
Virtual patching

Secure now, fix later. Thanks to server virtualization, patches can be applied quickly.

 

More about Virtual Patching
MS applications

Airlock offers interfaces that ensure high accessibility and optimum safety at low operating costs.

 

More about MS applications
Airlock in the cloud

The Secure Access Hub is designed for the cloud and can be used as a secure foundation.

 

More about Airlock in the cloud

Awards

Ready for excellent IT security?

Contact us now.
Ergon Informatik AG+41 44 268 87 00
Consult expert for free
This website uses cookies to ensure you get the best experience on our website. If you continue browsing, you agree to the use of cookies. Learn more

Whitepaper - OWASP Top 10

Read our whitepaper "Airlock and the OWASP Top 10 for API Security 2019" and learn all about the ten biggest API security risks and how you can protect yourself against them.

Download the whitepaper now.