3. About Airlock IAM

This page and the following give you a very short high-level overview of Airlock IAM and help you to get started quickly.

  • Airlock IAM is a comprehensive authentication and identity management solution for web applications and services focusing on:
  • Authentication and access management for end-users.
  • Single sign-on (SSO) and federation (OAuth 2.0, OpenID Connect, SAML).
  • Management of users, access rights, and authentication tokens.
  • User self-services.
  • OAuth 2.0 and OpenID Connect (authorization server, client, resource server, token introspection end-point, etc.).
  • High flexibility to ease integration into a wide range of environments.
  • Comprehensive REST APIs to facilitate integration with other components.
  • Strong user authentication based on a smartphone app and supporting hardware tokens.
  • Ready-to-use 2-factor mobile app.
  • Transaction approval interface.
  • API client and API key management and decision point.

It consists of the following components (called "modules" in IAM) - see 3.3. IAM modules and databases/directories for more details:

  • Loginapp: Web front-end and REST API to authenticate users, various self-services, web-based single sign-on. OAuth, OpenID Connect, SAML components.
  • Adminapp: administration of users, access rights, tokens, the configuration of all components (web front-end and REST API).
  • Service container: scheduler supporting various flows (e.g. production of letters); RADIUS server.
  • Transaction Approval: REST API for 3rd party systems (e.g. e-banking) to verify transactions with the users' second factors (e.g. payment approval).
  • API Policy Service: REST service called by the Airlock API gateway in order to get information about Tech-Clients.

Custom extensions

Airlock IAM is a highly customizable system that can be adjusted to customer needs primarily by means of configuration. Some use-cases however cannot be realized by pure configuration. In these cases, custom Java code extensions (plugins, custom REST resources, custom flow steps, helper classes, etc.) can be written to achieve the required functionality.

A supplementary Airlock IAM Custom Development Guide is available on request. Please refer to 5.9. Custom extension development for further information.