Airlock Header

Microgateway 4.6

enabling new use cases with Token Exchange

Airlock Microgateway 4.6 takes authentication to the next level. At the heart of this release is support for OAuth 2.0 Token Exchange (RFC 8693) – complemented by fine-grained access control with JWT and new Grafana dashboards for improved monitoring. Together, these features make Microgateway a key security component for modern API architectures.

OAuth 2.0 Token Exchange

The secure bridge between identities

Microgateway consistently follows open standards, now extending its OIDC capabilities with full support for OAuth 2.0 Token Exchange (RFC 8693).

With version 4.6, Microgateway can convert external tokens (e.g. from Entra ID or partner IdPs) into internal, trusted tokens via an integrated IAM. This offers significant benefits for architecture and operations:
 

  • Access control
    Only authenticated and authorized users from trusted identity providers can access protected resources.
  • Centralized authentication
    All authentication requests are processed centrally via Microgateway, simplifying management and monitoring. 
  • Compatibility and interoperability
    Microgateway supports a wide range of authentication mechanisms and Identity Providers. This ensures seamless integration into diverse IT landscapes and keeps your architecture flexible – without vendor lock-in.
  • Digital integration across systems
    Token Exchange enables secure authentication across organizational and system boundaries – ideal for SaaS integration and API-driven supply chains.
  • Optimized licensing
    Only users and systems that actually access resources need an account in the external IdP – reducing potential licensing costs.
  • Secure implementation
    Authentication is delivered as part of the infrastructure – securely developed, maintainable and reliable. This minimizes risk and shortens time-to-market for web applications.
  • Only trusted tokens
    Only internally validated tokens are used after exchange – reducing the risk of token theft or misuse.
  • Transparent token flows
    Token conversion is transparent, allowing integration without backend modifications. 

Access Control with JWT

Smart filtering and fine-grained enforcement

Microgateway 4.6 now also supports the evaluation of JSON Web Tokens (JWT) directly in the gateway – ideal for fine-grained access:
 

  • Validation of token validity and signature
  • Access rules based on HTTP request properties and available claims

This feature enables precise control of API access – directly at the entry point.

Grafana Dashboards

Monitoring for full transparancy and control

The new and updated dashboards provide clear, real-time insights for operations teams:

  • System Metrics: Quick overview of key figures such as CPU, memory requirements or network traffic.
  • Downstream Metrics:  Interesting statistics on incoming HTTP requests
  • Upstream Metrics: Quick overview of forwarded HTTP requests

Perfect for fast troubleshooting and efficient performance monitoring in production environments.

This new release introduces numerous improvements for greater security, flexibility, and seamless integration. We look forward to your suggestions and feedback as we continue to improve Microgateway!

Airlock Microgateway 4.6 release video

Watch our release video to find out about all the new features of Airlock Microgateway 4.6.

Information for you

-Our whitepapers-

Whitepaper: How to make cIAM a success

Increasing requirements for security and user-friendliness make Customer Identity and Access Management an essential. Read our whitepaper to find out how you can secure your competitive advantage with the right CIAM strategy.

 

Request whitepaper

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge