Airlock IAM 7.4

Airlock IAM 7.7

Notable new features

Highlights of Airlock IAM 7.7

In terms of functionality, the new Loginapp REST UI pulls even with the old JSP Loginapp and again offers the migrated features with greater flexibility and capabilities. IAM 7.7 is the ideal release for migrating to the new loginapp because it contains both loginapps for the last time.

The most important feature enhancements are the implementation of the SAML Service Provider, the support of Risk-based Authentication and the Kerberos protocol in the flows. In addition, many other smaller features complete the scope of the new Loginapp.

Replacing the Loginapp

With IAM 7.7 you will find all the important building blocks of the JSP Loginapp also in Loginapp REST. So there is nothing standing in the way of a migration to the new Loginapp.

The Loginapp REST UI has been extended by the following functions in particular:

  • Password reset self-service with email links
  • Front-side Kerberos in flows
  • CAPTCHA support (reCaptcha and hCaptcha)
  • End-to-End-Encryption for passwords
  • Lockout self-service
  • Client fingerprinting-based user account lockout
  • On-Behalf Identity Propagator (SSO for legacy systems)
  • SAML Service Provider

SAML Service Provider

SAML remains a widely and often used federation protocol. With IAM 7.7, the SAML SP has been updated to work with the new Loginapp. This allows IAM to be used both as a SAML service provider and as a SAML identity provider while benefiting from the flexible flow authentication capabilities.

Flow Visualization

Sometimes you can't see the forest for the trees. This can be the case when you need to understand an IAM configuration that you may not have touched for a long time (or have never touched at all).

This is where the new flow diagram comes to the rescue. The graphical display of an IAM flow ensures that even complicated processes become clear and comprehensible. The flow diagram can also be exported as a PNG or SVG graphic for documentation purposes.

Risk-based Authentication

Risk-based authentication has been enhanced to allow the feature to be used more widely and better.

IAM flows can now be controlled by Risk Extractors. These are implemented by IAM itself (IP Address Range, Geolocation, User Agent, Impossible Journey) or in cooperation with an upstream gateway (Anomaly Shield Status, Client Fingerprinting). With Risk Extractors, IAM can optimize the UX during an authentication flow by either performing or skipping a step based on the risk tags.

For example, the gateway can be instructed by third-party systems (like a Fraud Detection System) or via internal functions (e.g., Anomaly Shield) to remove an authorization from the running user session. IAM 7.7 reinterprets these so-called role drops in the flows and forces the user during the authentication flow to regain the lost roles. For example, it is possible to verify a suspicious session by re-authenticating with a second character.

Event Notifications

Event notifications were introduced with IAM 7.5 and are now improved again with IAM 7.7:

  • Event notifications can now also be sent via SMS. If required, the notification is sent to all cell phone numbers that are stored in the user account.
  • The User Locked Event is triggered when an account is locked. In this case, new different notifications can be sent, depending on the cause of the lock (Lock Reason). Both the message and the channel (email, SMS) can differ.

Further innovations

  • Remember-Me self-service: Each user can view the list of all logged-in browsers and force a logout on another device if needed.
  • Username and password can be entered on separate screens. This allows case distinctions to be made after the username is entered.
  • Improved Email OTP Step: The specific phone number or email address can be displayed in the UI, masked if desired.
  • Airlock 2FA device enrollment: A mobile device can be enrolled during the registration flow.
  • Support for multiple transaction approval flows
  • Additional provider for SMS sending: Support for Swisscom SMS Large Account REST Gateway

As always, a full list of changes can be found in the release notes.

Updating is easy

Airlock IAM 7.7 is published on Docker Hub and the Airlock Techzone since early October 2022. Updating to this minor version does not require any manual adjustments: Your existing configuration can be activated without any problems.

Airlock IAM 7.7 is expected to be supported until 06/2024. If you are still running IAM 7.5 or older, we recommend you update soon.

IAM 7.7 Release Webinar German

IAM Release Webinar English

Information for you

-Our whitepapers-

Study Application and API Security 2022

In a recent study in cooperation with CIO, CSO and COMPUTERWOCHE, Ergon Airlock looked at application and API security in the container environment.

Request study

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge