Airlock Header

Airlock IAM 8.5

Highlights and important changes

Config Automation: smarter and a bit easier

With this release, we’re extending the Config Automation capabilities introduced in the previous release:

  • Short plugin type names: In the YAML config format, they significantly improve readability and make processing much easier.
  • Licence check via CLI: The config CLI now includes a command to verify licence coverage for configurations.
  • YAML as the new default: All newly created IAM instances now automatically use the YAML config format and benefit from the config automation features. The XML format remains fully supported and can still be selected via a CLI option.

 

Ready for the E-ID

Airlock IAM is now ready to support E-ID solutions and offers full support for Proof-of-Concept (PoC) projects to help organizations prepare for the launch of the official E-ID and trusted infrastructure starting in 2026. The solution is designed to work in both Switzerland and the EU. In Switzerland, the Federal Public Beta serves as the technical foundation.

New modules in Airlock IAM allow issuing, verifying, and using verifiable digital credentials for secure authentication. A compelling showcase developed in collaboration with PXL Vision demonstrates how a person can be identified using an E-ID, including a liveness check that matches the live image of the person with the photo stored in the E-ID.

New REST API documentation: Clearer, smarter, more transparent

This release marks the completion of the OpenAPI specification overhaul, resulting in a completely redesigned REST API documentation. The new version features a clean, modern layout and introduces a range of enhancements to simplify integration.

Among the key improvements: developers can now send test requests directly from the documentation interface. Response examples provide practical guidance, and all REST APIs are clearly labeled as Experimental or Deprecated—ensuring greater clarity and future-proof planning.

Even more power for OIDC & OAuth 2.0

We have further enhanced the capabilities in the area of OIDC and OAuth 2.0:
With the introduction of OIDC Backchannel Logout, all affected clients that share a session are now automatically informed when a user logs out, and their sessions are terminated accordingly – ensuring greater security and consistency.

In Token Exchange, the subject_token is now also integrated into the rule definitions. This allows it to be processed individually within each rule, significantly increasing the flexibility of Token Exchange and simplifying the implementation of complex configurations.

To further improve compatibility with bLink, Dynamic Client Registration now allows clients to define their own name. This implementation deliberately deviates from the RFC standard to offer greater flexibility in specific use cases.

Licence Analytics: Now mandatory – driving customer value

With this release, Licence Analytics become mandatory. Any configuration that does not include the Licence and Usage Analytics plugin can no longer be activated. The purpose of this change is to gain deeper insights into how the product is used in real-world scenarios—allowing us to focus future development on the features and use cases that matter most to our customers.

As part of the migration process, all customers must make a one-time decision on whether optional usage analytics data should also be shared with Ergon in addition to the required licence information. This decision is part of the configuration migration and can be updated at any time if needed.

More possibilities and security in login and self-services

With the latest release, we’re making secure login and self-services even easier and more flexible for end users:

  • Passkeys with Autofill (FIDO2): Thanks to “Conditional UI,” matching passkeys now appear directly in the username field – logging in has never been smoother.
  • Transaction approval with FIDO keys: From now on, FIDO keys can be used not only for login but also to confirm transactions.
  • QR code-free activation: Airlock 2FA devices can now also be activated via activation letters or in self-service flows without QR codes.
  • More approval steps: Both Airlock 2FA passcodes (OTP) and OATH OTP codes can now be used as approval steps in public self-service flows – ideal for protecting critical actions.
  • On-demand password letters: End users can now request password letters directly within authentication and self-service flows.

Various features: session termination, one-shot with flows, events, and more

Numerous improvements range from the termination of multiple active user sessions, to simplified certificate handling in SAML, greater flexibility in event processing, and enhancements to the User Sync Task.

As always, more new features and improvements are documented in the changelog.

Release video in English

Release video in German

Information for you

-Our whitepapers-

Whitepaper: How to make cIAM a success

Increasing requirements for security and user-friendliness make Customer Identity and Access Management an essential. Read our whitepaper to find out how you can secure your competitive advantage with the right CIAM strategy.

 

Request whitepaper

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge