Airlock IAM 7.5
Highlights of Airlock IAM 7.5
Not only end users benefit, also helpdesk staff and IAM administrators are pleased with numerous useful features in Airlock IAM 7.5. Once again, we have substantially expanded the functionality of the flow-based Loginapp (REST UI + API) to enable a smooth replacement of the old JSP loginapp. In doing so, we have not simply ported existing functions, but at the same time implemented them more flexibly and, where possible, more simply.
For the end user
User Notifications
In some countries, customers need to be notified about security-related events such as a password change. For these notifications, we have added an event bus to Airlock IAM. For example, users can be notified by email when their account has been locked — even if this event was not triggered by them. The reaction to predefined events can be flexibly configured or extended with custom code.
Increased security with push login
Airlock 2FA allows a push message to be sent to the user's smartphone. In the One-Touch Login variant, the user must tap on 'accept' to complete the login. Of course, it is critical to the security of this method that the user only authorizes their own login attempts. But how can an attacker's login attempt be detected and rejected?
The solution is called Login ID: a 6-digit numerical code is displayed both on the login page and in the 2FA app. The user compares the two codes and accepts the push only if they are identical.
For the administrator
Login on behalf of another user
Wouldn't it be useful if a helpdesk employee could log in (in exceptional cases) in the name of a user? If a doctor could represent his patient or an investment advisor his client?
Logging in on behalf of another user is possible thanks to an authentication step called user representation. The application does not need to be customized for this, because it still sees the original user ID. However, the application can recognize the representation and restrict the permissions in this case.
User representation is now also available as a flow in the new loginapp. The function can thus be restricted even more flexibly, for example depending on the user, time, authentication strength or called function.
Extended health checks for Kubernetes
Because Airlock IAM is increasingly being used in cloud and container environments, we have extended the health checks for monitoring: With liveness and readiness checks, the IAM signals whether it is basically running and whether it is ready for requests. Orchestration solutions such as Kubernetes can better manage traffic and ensure that no requests go nowhere. For the greatest possible compatibility, we followed the Microprofile standard in the implementation.
Simplified configuration structure
When you configure the loginapp, you will quickly notice: The tree structure of the loginapp configuration is now more clearly and logically arranged. This makes it easier to see which settings relate to the old or new loginapp.
Further highlights
- Automatic activation letter for 2FA
Ordering an activation letter requires a manual action by the administrator and was therefore often forgotten. Now the letter can be triggered automatically when a new user is created — even if the user registers himself. - Prevent accidental lockout
To prevent a user from accidentally locking himself out, the deletion of the last 2FA device can be prevented. So in order to delete a token, a new 2nd factor must be added first. - PSD2 compliance
After the first authentication step, the user is shown the time of the last login.
As always, a complete list of changes can be found in the release notes.
Updating is easy
Airlock IAM 7.5 is available on Dockerhub and the Airlock Techzone now. Updating to this minor version does not require any manual adjustments: Your existing configuration can be activated without any problems.
Airlock IAM 7.5 is expected to be supported until 06/2023. If you are still running IAM 7.2 or older, we recommend you update as soon as possible.
IAM 7.5 Release Webinar German
IAM 7.5 Release Webinar German
IAM 7.5 Release Webinar English
IAM 7.5 Release Webinar English
Webinar LoginApp Migration
The JSP login app will be retired by the end of 2022. If your Airlock IAM login pages are still based on the JSP login app, please migrate to the Loginapp REST UI by the end of 2023.
Watch our webinar to get an answer to the following questions:
- Am I affected?
- When is a good time to make the switch?
- How big is the migration effort?
- Where can I get further support?
Switch to Loginapp REST UI German
Webinar: Switch to Loginapp REST UI
Switch to Loginapp REST UI English
Webinar: Switch to Loginapp REST UI English