Airlock IAM 7.3

Airlock IAM 7.5

Highlights of Airlock IAM 7.5

Not only end users benefit, also helpdesk staff and IAM administrators are pleased with numerous useful features in Airlock IAM 7.5. Once again, we have substantially expanded the functionality of the flow-based Loginapp (REST UI + API) to enable a smooth replacement of the old JSP loginapp. In doing so, we have not simply ported existing functions, but at the same time implemented them more flexibly and, where possible, more simply.

For the end user

User Notifications

In some countries, customers need to be notified about security-related events such as a password change. For these notifications, we have added an event bus to Airlock IAM. For example, users can be notified by email when their account has been locked — even if this event was not triggered by them. The reaction to predefined events can be flexibly configured or extended with custom code.

Increased security with push login

Airlock 2FA allows a push message to be sent to the user's smartphone. In the One-Touch Login variant, the user must tap on 'accept' to complete the login. Of course, it is critical to the security of this method that the user only authorizes their own login attempts. But how can an attacker's login attempt be detected and rejected?

The solution is called Login ID: a 6-digit numerical code is displayed both on the login page and in the 2FA app. The user compares the two codes and accepts the push only if they are identical.

For the administrator

Login on behalf of another user

Wouldn't it be useful if a helpdesk employee could log in (in exceptional cases) in the name of a user? If a doctor could represent his patient or an investment advisor his client? 

Logging in on behalf of another user is possible thanks to an authentication step called user representation. The application does not need to be customized for this, because it still sees the original user ID. However, the application can recognize the representation and restrict the permissions in this case. 

User representation is now also available as a flow in the new loginapp. The function can thus be restricted even more flexibly, for example depending on the user, time, authentication strength or called function.

Extended health checks for Kubernetes

Because Airlock IAM is increasingly being used in cloud and container environments, we have extended the health checks for monitoring: With liveness and readiness checks, the IAM signals whether it is basically running and whether it is ready for requests. Orchestration solutions such as Kubernetes can better manage traffic and ensure that no requests go nowhere. For the greatest possible compatibility, we followed the Microprofile standard in the implementation.

Simplified configuration structure

When you configure the loginapp, you will quickly notice: The tree structure of the loginapp configuration is now more clearly and logically arranged. This makes it easier to see which settings relate to the old or new loginapp. 

Further highlights

  • Automatic activation letter for 2FA 
    Ordering an activation letter requires a manual action by the administrator and was therefore often forgotten. Now the letter can be triggered automatically when a new user is created — even if the user registers himself.
  • Prevent accidental lockout 
    To prevent a user from accidentally locking himself out, the deletion of the last 2FA device can be prevented. So in order to delete a token, a new 2nd factor must be added first.
  • PSD2 compliance 
    After the first authentication step, the user is shown the time of the last login.

As always, a complete list of changes can be found in the release notes.

Updating is easy

Airlock IAM 7.5 is available on Dockerhub and the Airlock Techzone now. Updating to this minor version does not require any manual adjustments: Your existing configuration can be activated without any problems.

Airlock IAM 7.5 is expected to be supported until 06/2023. If you are still running IAM 7.2 or older, we recommend you update as soon as possible.

Release Webinar

Register for our release webinar:

Dates:

Webinar LoginApp Migration

The JSP login app will be retired by the end of 2022. If your Airlock IAM login pages are still based on the JSP login app, please migrate to the Loginapp REST UI by the end of 2023.

Attend our webinar to get an answer to the following questions:

  • Am I affected?
  • When is a good time to make the switch?
  • How big is the migration effort?
  • Where can I get further support?

Dates:

 

Information for you

-Our whitepapers-

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge