Airlock IAM 7.0

Airlock IAM 7.0

Airlock IAM 7 is a major release with major new features focussing on GDPR, docker, social registration, device tokens and ease of use. Airlock IAM assists in GDPR compliance by managing user consents regarding profile data and application access. Delivered as a docker image or a self-contained application (SCA), it smoothly integrates into DevOps pipelines and bundles required components. The ability to register new accounts based on social identities and link social logins with existing accounts gives you all the flexibility for customer access management. Biometric mobile phone technologies, such as Touch ID or Face ID, can be used to protect Airlock device tokens and hence be leveraged in user authentication. Last but not least, Airlock IAM's REST APIs have been extended substantially, including an adaptive workflow layer for self-registration services.

Docker Image

Airlock IAM 7 introduces two new delivery forms: a docker image and a self-contained application (SCA). Modern DevOps pipelines are often based on container technologies and orchestration tools such as Kubernetes, requiring components to be shipped in containers for automatic deployments. The Airlock IAM docker images support seamless configuration staging using instances, environments (introduced in 6.4) and profiles (new in 7.0). Besides Docker, Airlock IAM 7 is available as an SCA, including Java and Tomcat as bundled components. This facilitates handling, upgrading and automation of installations.

GDPR Compliance

The General Data Protection Legislations (GDPR) aims to give EU citizens control over their personal data. In particular, explicit consent by users is required for specific data processing purposes. Airlock IAM 7 supports GDPR compliance by managing consents regarding user profile data and access to protected applications or APIs. For instance, Airlock IAM may prohibit accessing a specific application or propagating sensitive profile attributes until the required consents are given by the user. Using the consent management self-services, users can view and revoke their consents at any time.

Social Registration and OpenID Connect Discovery

Airlock IAM's OAuth and OpenID Connect (OIDC) capabilities have been extended significantly. As you may know, setting up OIDC can be tedious. That's why we implemented OIDC discovery, which largely automates the configuration of endpoints or cryptographic algorithms and dynamically adapts to changes. While logging in with a social account has been possible for a while, Airlock IAM 7 adds various options for linking social accounts with IAM accounts. For example, IAM accounts based on attributes of social profiles can be created automatically (social registration) or social logins can be extended with a local second factor for step-up authentication. The new user self-service for social profile management enables users to view, link and unlink social accounts at any time.

Adaptive Self-Registration Workflows (REST API)

Following our API-first strategy, the adaptive workflow layer for IAM's login REST API introduced in 6.4 is now extended to cover the self-registration REST APIs as well, enabling easy and flexible adaptation to custom onboarding processes. In addition, a new REST endpoint for obtaining end user approvals is introduced. This provides a simple and efficient manner to implement business processes that require explicit and strongly authenticated user approval (e.g., for a pending banking transaction or an application consent).

Airlock Device Tokens

Airlock device tokens uniquely identify a user's device (e.g., a mobile phone) and are cryptographically bound to the device. Biometric technologies, such as Touch ID or Face ID, can be used to protect the cryptographic device ID secrets on the mobile phone. Hence, it is now possible to use Touch ID or Face ID as an authentication factor by requiring a valid device ID.

In addition to the main new features, many extensions and improvements have been made, e.g., more flexible access policies or improved token management. A special feature preview is particularly interesting: we have included a prototype login application built as an SPA (single-page application), relying solely on IAM's REST APIs. Although the new SPA login application is still experimental, we are interested in valuable customer feedback. For a complete overview of all changes, please consult the detailed release notes.

Information for you

-Our whitepapers-

Study Application and API Security 2022

In a recent study in cooperation with CIO, CSO and COMPUTERWOCHE, Ergon Airlock looked at application and API security in the container environment.

Request study

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge