Airlock IAM 7.4

Airlock IAM 8.0

New features and highlights

Moving full throttle to the cloud

Our main goal for version 8.0 was to take a big step towards full cloud capability with Airlock IAM, including horizontal scalability and improvements for running in Kubernetes. 

We have also added support for PostgreSQL, a popular database in modern cloud environments. To better support multi-instance IAM deployments, the user trail log is now written to the database instead of traditional log files. To improve automation and support Infrastructure as Code, we have added config variables which can be initialized by scripts during the startup of an IAM instance. The underlying Apache webserver now logs to stdout to simplify the integration with cloud logging services. Last but not least we have given the Adminapp UI a brushup to make it more modern.

Zero Trust Segmentation with OAuth 2.0 Token Exchange

Complex web applications often consist of several servers with different tasks. For example, a frontend server may contact a backend server running in a different security zone on behalf of the user. If each zone has its own access tokens, the frontend server cannot simply forward the existing token. For this purpose, the OAuth 2.0 Token Exchange allows a valid token to be exchanged for a new token at the authorisation server. With this segmentation of the token domains, an attacker can be prevented from accessing other servers from a compromised system.

Improving the Adminapp

The Adminapp has been upgraded to the latest Angular release and a some notable features were added:

  • User Management Extension: Using this new Javascript API, additional tabs can be added to the user management UI. These tabs typically contain external data and functionalities a helpdesk might need.
  • The search performance in very large databases has been dramatically improved with a much more fine granular configuration of the search behavior. It is now possible to have the default search use entire word matching and take full advantage of specialized indexes. 
  • Validation speed: Our engineers have worked hard to speed up the validation and activation process, which is particularly welcome when working with large and complex configuration files.

Keeping your Users informed

Event notifications were extended with every release since IAM 7.5. This release also includes three new features:

  • Login from a new device
    If someone logs in from a previously unknown browser, the user can be notified about this. This SMS or email can contain the location or further browser information.
  • Device token change events
    Adding, modifying, and deleting device tokens will now also generate event notifications and an event subscriber can be configured to inform users about these events.
  • Send event notifications to remote server
    The last contribution is a new event subscriber that can send information about the configured event to a remote REST endpoint. 

Security Improvements

True to its DNA, the security of Airlock IAM was improved in these areas:

  • Tight WAF security rules
    The mapping templates for Airlock Gateway have been updated to better protect the REST API of Airlock IAM. This requires a configuration change in Airlock Gateway after upgrading Airlock IAM.
  • Hardened Content Security Policy
    With the push to the cloud, we see much more use case scenarios where also the Adminapp is exposed to remote users. To support such scenarios more securely the Adminapp CSP has been strengthened.
  • No misleading log4j warnings
    log4j was patched by Ergon immediately after the log4shell vulnerability was communicated. With IAM 8.0 we have upgraded our code to use the latest release of log4j to ensure that scanners no longer report false positives about this library.


Benefit from the new Loginapp

No matter how complex your business or security requirements - with the IAM Loginapp, you can realize user-friendly login flows quickly and securely: Numerous standard modules can be flexibly arranged and adapted to support complex authentication and authorization scenarios and a wide range of self-services, from a simple password reset to managing 2nd factor devices.

The Loginapp Design Kit is a UI simulator that allows designers and front-end developers to easily adapt the look and feel of Loginapp to the corporate identity. They and customize all screens directly on their local workstation, without access to an IAM system.

Major Release

IAM 8.0 will be published on Docker Hub and the Airlock Techzone in early April 2023. This major release includes a number of significant changes. Some deprecated features have definitely been removed, including the JSP Loginapp. In preparation for upgrading to IAM 8.0, we recommend reading the release notes including the upgrade instructions. Airlock IAM 8.0 is expected to be supported until 12/2024. If you are still using IAM 7.6 or older, we recommend you upgrade as soon as possible.

Webinar Airlock IAM 8.0

The Airlock IAM 8.0 webinar will present all the main innovations in detail. Register now!

English Webinar: 12.04.2023, 9:30am   Register

German Webinar: 13.04.2023, 1:30pm   Anmelden

Information for you

-Our whitepapers-

Study Application and API Security 2022

In a recent study in cooperation with CIO, CSO and COMPUTERWOCHE, Ergon Airlock looked at application and API security in the container environment.

Request study

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge