Grafik Airlock IAM

Airlock IAM

Central access management

Airlock identity- and access-management

The increasing automation and digitisation of business processes requires absolutely secure and efficient access procedures and this is precisely what Airlock’s customer identity and access management (cIAM) guarantees. The way in which users obtain authorisation to access data or applications is generally not standardised. This is where Airlock IAM comes in and offers centralised identity management and organisation of access permissions, for applications and APIs, alike. Integrated applications can be bundled as a single sign-on (SSO) group.

Airlock IAM is compatible with a wide spectrum of authentication methods and, therefore, offers various industries an easily integrated option for efficient user and access-rights management based on modern standards.

Airlock IAM is often used in combination with Airlock Gateway and Airlock Microgateway to protect web applications and APIs (WAAP) within the Airlock Secure Access Hub. Airlock IAM’s role is to manage and authenticate users and to forward the relevant identity information to the desired application in an appropriate form.

Identity-centric security

The trusted combination of IAM and WAAP

Airlock Secure Access Hub is the central hub for secure access management in a digitalized world: identity-centric security from a single source, perfectly designed to work together. The following graphic illustrates the interaction of IAM and WAAP.

Friendly to users. Relentless to uninvited guests.

The Airlock components work together to provide maximum ease of use and effective protection without compromise. The diagram illustrates how this works.

Click on the (+) symbols to learn more about the Airlock components.

Protection against cyberattacks on APIs and applications

Be it malicious bots, zero-day exploits or typical attacks according to OWASP Top 10: Airlock Gateway keeps undesirable and malicious visitors away from your web applications and APIs, e.g. with hardened filter rules and anomaly detection based on machine learning. And in conjunction with Airlock IAM, only authenticated and authorized users are granted access to the application.

Protect yourself today from the risks of tomorrow.

Airlock Gateway

Authentication and access control

Airlock's Identity and Access Management guarantees secure and efficient access to digital services. Users benefit from an excellent user experience and single sign-on, in combination with Airlock Gateway even for non-standard applications. Airlock IAM protects against identity theft and shines with flexible registration and login flows including a large number of authentication methods.

Ensure user-friendly and secure access to your applications.

Airlock IAM

Distributed security checks for modern applications

Application protection for today's APIs and tomorrow's microservices: Airlock Microgateway is designed for use in Kubernetes environments. Security policies and compliance can be perfectly automated thanks to Security as Code. This ensures better integration of security and governance throughout the DevSecOps lifecycle. Modern zero-trust architectures also benefit from micro-segmentation and distributed access controls.

Protect your cloud-native applications.

Airlock Microgateway

Protected applications and APIs

Airlock IAM

  • Flexible Authentication
    • Strong authentication, 2FA / MFA
    • Step-up and step-down authentication
    • Adaptive or risk-based authentication
    • Continuous Adaptive Trust
    • Extensive list of authentication methods (including FIDO, WebAuthN and Passkeys)
    • Own, fully integrated 2FA solution
    • Passwordless authentication
  • Single sign-on (SSO)
  • Identity federation
  • User self-service options
  • Social registration and logins (BYOI)
  • Delegated user administration + helpdesk options
  • Powerful REST API
  • Loginapp Design Kit

Airlock 2FA

Airlock 2FA is integrated into Airlock IAM and makes strong authentication possible with a second factor. Every customer has the management and use of their personal keys on their smartphone (iOS and Android).

Airlock 2FA offers modern authentication methods such as one touch, offline QR code, passcode and passwordless. This user-friendly and future-proof solution is also cost-efficient.

The entire functionality is implemented as a REST API and therefore enables seamless integration into modern single page applications (SPA) and native smartphone apps.

Airlock 2FA

Airlock IAM 8.1

SSI? No problem!

With version 8.1, there are numerous new functions on OpenID Connect, FIDO Self-Services, Cloud-Native Operating Environments and Active-Active Setups and Self-Sovereign Identities.


Learn more


Customer IAM vs. Workforce IAM

Unlike workforce IAM systems, cIAM systems such as Airlock IAM focus on managing external users accessing in-house systems. cIAM systems are designed for simple scalability and large numbers of users. They also provide a seamless user experience, with optimized, integrated user interfaces for onboarding and self-services. Airlock IAM’s capacity for handling social identities (BYOI) and a high degree of flexibility in the authentication process (Continuous Adaptive Trust) are two of its greatest strengths.


The authentication platform Airlock IAM  provides versatile features that make it easy for you to securely manage your users.

Connecting to user directories

cIAM projects generally do not start as a blank slate. Airlock IAM’s integrated user management has thus been to easily connect to existing user databases and directories such as LDAP and Active Directory.


Airlock supports a variety of methods

Adaptive authentication

Airlock IAM can dynamically manage user access in a range of ways, striking the perfect balance between security and user-friendliness for all requirements. In particular, it is possible to consider the real-time circumstances of the access attempt, for example, from the workplace, home or on the road, and a user’s access history. Supported concepts include:


  • RBAC/ABAC (role/attribute-based access control)
  • Risk-based authentication
  • Step-up and step-down authentication
  • Re-authentication and time-out functions for individual roles
  • Implementation of complex access policies via rules and logical operators

Strong authentication, broad selection

Strong authentication with two factors, also known as multi-factor authentication or MFA, is often used to ensure that a login is not compromised by the vulnerabilities of any single authentication method. Flexible combination options are especially important here and Airlock IAM is compatible with a range of solutions, including use with a password, FIDO / WebAuthn, Mobile TAN (mTAN), email OTP, OATH OTP, client certificates, as well as OneSpan Cronto-Sign and many more.


With Airlock 2FA, the cIAM offers the most modern methods of 2-factor authentication. 2FA is integrated directly into the IAM as a REST API.

Single Sign-On (SSO) standards

The Secure Access Hub decouples the individual accesses from the applications and can, therefore, act as a smart identity switch. Depending on to where an access attempt is being forwarded, the identity of the authenticated user can be represented differently. This enables transparent, single sign-on that combines high levels of security with high user acceptance.

Airlock IAM supports a range of SSO standards and formats, including SAML 2.0, Kerberos, OAuth 2.0, OpenID Connect, HTTP headers, URL tickets, and others.

Learn more about Single Sign-on

Social registration and BYOI

Users want to register and log in quickly and easily. To avoid creating even more passwords, they can reuse existing identities, e.g. with BYOI (Bring Your Own Identity). An alternative to the password mess are the standards OAuth 2.0 and OpenID Connect. These allow the re-use of identities and give users more control. Should you not wish to rely entirely on an external identity provider, such as Facebook, Airlock IAM can add a second factor to these identities to enable strong authentication.

OAuth 2.0 is HTTP-based and, therefore, ideally suited to protect RESTful web services. When it comes to authorising access to enterprise APIs, for example to enable partners to access them, these standards are ideally suited.

Learn more about social registration

Comprehensive user self-service options

Registration and login processes raise many questions among users. An optimised user experience is therefore of utmost importance to avoid overloading the helpdesk. Airlock IAM offers dozens of optimised and integrated UIs for login, onboarding and self services. These include kiosk and portal functions for managing one's own data, self-registration (also via social media channels) and the management of the corresponding accounts and tokens, including migration workflows. The integrated consent management can also help to solve DSGVO requirements for connected applications quickly and easily.

More about user self services


  • Docker image
  • Self-contained application

Further functions


Our whitepapers

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles. Lern more about the effects of ongoing digitization and how it affects modern information technology

Request Whitepaper Zero Trust

Airlock 2FA

The two-factor authentication (2FA, MFA or SCA for short) in the area of IT security offers double the security. In combination with efficient customer identity & access management (cIAM), numerous processes are significantly simplified. Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request Whitepaper Airlock 2FA

From spoilsport to the pioneer of digitisation

Digitisation is presenting businesses with new challenges which go far beyond information technology. This primarily relates to an aspect which is becoming increasingly important: IT security. Learn how IT security is accelerating digitization.

Request Whitepaper IT Security

Accelerate digitisation

In order to stay technically viable in this digital transformation, companies must increasingly switch to hybrid cloud environments. This requires new security approaches as well as a mature customer identity and access management system. Learn more about this topic in our whitepaper in cooperation with our partners Deloitte, eperi und SHE.

Request Whitepaper Accelerate digitisation

Ready for excellent IT security?

Contact us now.
Ergon Informatik AG+41 44 268 87 00

Airlock IAM 8.0

Mit Vollgas in die Cloud

IAM ist für den Betrieb in der Cloud optimiert. Mit der Version 8.0 freuen sich Betreiber, Administratoren und Helpdesk-Benutzer über zahlreiche neue Funktionen und eine flüssigere Bedienung. Die Administrationsoberfläche hat zudem einem kleines Facelifting erhalten.

Mehr erfahren


Information for you

-Our whitepapers-

Study Application and API Security 2022

In a recent study in cooperation with CIO, CSO and COMPUTERWOCHE, Ergon Airlock looked at application and API security in the container environment.

Request study

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge