Airlock identity- and access-management
The increasing automation and digitisation of business processes requires absolutely secure and efficient access procedures and this is precisely what Airlock’s customer identity and access management (cIAM) guarantees. The way in which users obtain authorisation to access data or applications is generally not standardised. This is where Airlock IAM comes in and offers centralised identity management and organisation of access permissions, for applications and APIs, alike. Integrated applications can be bundled as a single sign-on (SSO) group.
Airlock IAM is compatible with a wide spectrum of authentication methods and, therefore, offers various industries an easily integrated option for efficient user and access-rights management based on modern standards.
Airlock IAM is generally used in combination with Airlock WAF and Airlock API gateway within the Airlock Secure Access Hub. Airlock IAM’s role is to manage and authenticate users and to forward the relevant identity information to the desired application in an appropriate form.
- Flexible Authentication
- Strong authentication, 2FA / MFA
- Step-up and step-down authentication
- Adaptive or risk-based authentication
- Extensive list of authentication methods (including FIDO + WebAuthN)
- Single sign-on (SSO)
- Identity federation
- User self-service options
- Social registration and logins (BYOI)
- Delegated user administration + helpdesk options
- Extensive REST API
- Experience Design SDK
Airlock 2FA is integrated into Airlock IAM and makes strong authentication possible with a second factor. Every customer has the management and use of their personal keys on their smartphone (iOS and Android).
Airlock 2FA offers modern authentication methods such as one touch, offline QR code, passcode and passwordless. This user-friendly and future-proof solution is also cost-efficient.
The entire functionality is implemented as a REST API and therefore enables seamless integration into modern single page applications (SPA) and native smartphone apps.
Airlock IAM 7.5Highlights for everyone
Not only end users benefit, also helpdesk staff and IAM administrators are pleased with numerous useful features in Airlock IAM 7.5. Once again, we have substantially expanded the functionality of the flow-based Loginapp (REST UI + API) to enable a smooth replacement of the old JSP loginapp. In doing so, we have not simply ported existing functions, but at the same time implemented them more flexibly and, where possible, more simply.
Customer IAM vs. Workforce IAM
Unlike workforce IAM systems, cIAM systems such as Airlock IAM focus on managing external users accessing in-house systems. cIAM systems are designed for simple scalability and large numbers of users. They also provide a seamless user experience, with optimised, integrated user interfaces for onboarding and self-services. Airlock IAM’s capacity for handling social identities (BYOI) and a high degree of flexibility in the authentication process (adaptive authentication) are two of its greatest strengths.
The authentication platform Airlock IAM provides versatile features that make it easy for you to securely manage your users.
Connecting to user directories
cIAM projects generally do not start as a blank slate. Airlock IAM’s integrated user management has thus been to easily connect to existing user databases and directories such as LDAP and Active Directory.
AuthenticationAirlock supports a variety of methods
Airlock IAM can dynamically manage user access in a range of ways, striking the perfect balance between security and user-friendliness for all requirements. In particular, it is possible to consider the real-time circumstances of the access attempt, for example, from the workplace, home or on the road, and a user’s access history. Supported concepts include:
- RBAC/ABAC (role/attribute-based access control)
- Risk-based authentication
- Step-up and step-down authentication
- Re-authentication and time-out functions for individual roles
- Implementation of complex access policies via rules and logical operators
Strong authentication, broad selection
Strong authentication with two factors, also known as multi-factor authentication or MFA, is often used to ensure that a login is not compromised by the vulnerabilities of any single authentication method. Flexible combination options are especially important here and Airlock IAM is compatible with a range of solutions, including use with a password, FIDO / WebAuthn, Mobile TAN (mTAN), a Matrix card, email OTP, Kobil SecOVID, OneSpan (VASCO) Digipass, client certificates such as X.509 or SwissID, as well as OneSpan Cronto-Sign and many more.
Single Sign-On (SSO) standards
The Secure Access Hub decouples the individual accesses from the applications and can, therefore, act as a smart identity switch. Depending on to where an access attempt is being forwarded, the identity of the authenticated user can be represented differently. This enables transparent, single sign-on that combines high levels of security with high user acceptance.
Airlock IAM supports a range of SSO standards and formats, including SAML 2.0 assertions, Kerberos tickets, OAuth 2.0 tokens, OpenID Connect 1.0 tickets, HTTP headers, URL tickets, and others.
Social registration and BYOI
Users want to register and log in quickly and easily, re-using existing identities to avoid the need to set up yet another password. If users bring their identities with them for external access, this is called Bring Your Own Identity. The alternative to a clutter of passwords are the standards OAuth 2.0 and OpenID Connect 1.0. These allow the re-use of user identities and give users control. Should you not wish to rely entirely on an external identity provider, such as Facebook, Airlock IAM can add a second factor to these identities to enable strong authentication.
OAuth 2.0 is HTTP-based and, therefore, ideally suited to protect RESTful web services. When it comes to authorising access to enterprise APIs, for example to enable partners to access them, these standards are ideally suited.
Comprehensive user self-service options
Setting up user accounts and registration processes typically elicit a lot of questions from users. Targeted user guidance and an optimised user experience are, therefore, crucial if helpdesks are to avoid being swamped with calls. Airlock IAM provides dozens of optimised, integrated UIs for registration, onboarding and self-services. These include kiosk and portal functions for managing the user’s own data, independent registration, also available via social media channels, and management of relevant accounts and tokens, including migration workflows. The integrated consent-management system also makes it possible to meet GDPR (General Data Protection Regulation) requirements for connected applications, quickly and easily.
Zero Trust is a journey
The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles. Lern more about the effects of ongoing digitization and how it affects modern information technology
The two-factor authentication (2FA, MFA or SCA for short) in the area of IT security offers double the security. In combination with efficient customer identity & access management (cIAM), numerous processes are significantly simplified. Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.
From spoilsport to the pioneer of digitisation
Digitisation is presenting businesses with new challenges which go far beyond information technology. This primarily relates to an aspect which is becoming increasingly important: IT security. Learn how IT security is accelerating digitization.
In order to stay technically viable in this digital transformation, companies must increasingly switch to hybrid cloud environments. This requires new security approaches as well as a mature customer identity and access management system. Learn more about this topic in our whitepaper in cooperation with our partners Deloitte, eperi und SHE.