Airlock IAM 7.0

Airlock IAM 7.0

Airlock IAM 7 is a major release with major new features focussing on GDPR, docker, social registration, device tokens and ease of use. Airlock IAM assists in GDPR compliance by managing user consents regarding profile data and application access. Delivered as a docker image or a self-contained application (SCA), it smoothly integrates into DevOps pipelines and bundles required components. The ability to register new accounts based on social identities and link social logins with existing accounts gives you all the flexibility for customer access management. Biometric mobile phone technologies, such as Touch ID or Face ID, can be used to protect Airlock device tokens and hence be leveraged in user authentication. Last but not least, Airlock IAM's REST APIs have been extended substantially, including an adaptive workflow layer for self-registration services.

Docker Image

Airlock IAM 7 introduces two new delivery forms: a docker image and a self-contained application (SCA). Modern DevOps pipelines are often based on container technologies and orchestration tools such as Kubernetes, requiring components to be shipped in containers for automatic deployments. The Airlock IAM docker images support seamless configuration staging using instances, environments (introduced in 6.4) and profiles (new in 7.0). Besides Docker, Airlock IAM 7 is available as an SCA, including Java and Tomcat as bundled components. This facilitates handling, upgrading and automation of installations.

GDPR Compliance

The General Data Protection Legislations (GDPR) aims to give EU citizens control over their personal data. In particular, explicit consent by users is required for specific data processing purposes. Airlock IAM 7 supports GDPR compliance by managing consents regarding user profile data and access to protected applications or APIs. For instance, Airlock IAM may prohibit accessing a specific application or propagating sensitive profile attributes until the required consents are given by the user. Using the consent management self-services, users can view and revoke their consents at any time.

Social Registration and OpenID Connect Discovery

Airlock IAM's OAuth and OpenID Connect (OIDC) capabilities have been extended significantly. As you may know, setting up OIDC can be tedious. That's why we implemented OIDC discovery, which largely automates the configuration of endpoints or cryptographic algorithms and dynamically adapts to changes. While logging in with a social account has been possible for a while, Airlock IAM 7 adds various options for linking social accounts with IAM accounts. For example, IAM accounts based on attributes of social profiles can be created automatically (social registration) or social logins can be extended with a local second factor for step-up authentication. The new user self-service for social profile management enables users to view, link and unlink social accounts at any time.

Adaptive Self-Registration Workflows (REST API)

Following our API-first strategy, the adaptive workflow layer for IAM's login REST API introduced in 6.4 is now extended to cover the self-registration REST APIs as well, enabling easy and flexible adaptation to custom onboarding processes. In addition, a new REST endpoint for obtaining end user approvals is introduced. This provides a simple and efficient manner to implement business processes that require explicit and strongly authenticated user approval (e.g., for a pending banking transaction or an application consent).

Airlock Device Tokens

Airlock device tokens uniquely identify a user's device (e.g., a mobile phone) and are cryptographically bound to the device. Biometric technologies, such as Touch ID or Face ID, can be used to protect the cryptographic device ID secrets on the mobile phone. Hence, it is now possible to use Touch ID or Face ID as an authentication factor by requiring a valid device ID.

In addition to the main new features, many extensions and improvements have been made, e.g., more flexible access policies or improved token management. A special feature preview is particularly interesting: we have included a prototype login application built as an SPA (single-page application), relying solely on IAM's REST APIs. Although the new SPA login application is still experimental, we are interested in valuable customer feedback. For a complete overview of all changes, please consult the detailed release notes.

Information for you

-Our whitepapers-

Whitepaper: How to make cIAM a success

Increasing requirements for security and user-friendliness make Customer Identity and Access Management an essential. Read our whitepaper to find out how you can secure your competitive advantage with the right CIAM strategy.

 

Request whitepaper

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge