The following table provides information about the availability of JSP-Loginapp features in the Loginapp REST UI and high-level migration hints (where available).
Information about the availability of upcoming releases is indicative and subject to change.
Please note the additional information on discontinued functions (see link below).
Version information about features not yet available will be updated or clarified as soon as known.
Note that the specified release versions are indicative and subject to change.
The following notation is used to indicate release versions (examples):
- ●7.7: planned for IAM 7.7
- ●> 7.7: planned for an IAM release after 7.7
- ●>= 7.7: planned for IAM 7.7 or later
Check password
Feature | Version | Description and migration hints |
Check password on database | 7.3 | Check password against database using IAM hash functions. Migration hint Combine the following plugins in the authentication flow:
|
Check password with LDAP server | 7.3 | Check password against an LDAP directory. Migration hint Combine the following plugins in the authentication flow:
|
Check password with MSAD | 7.3 | Check password against an MS Active Directory. Migration hint Combine the following plugins in the authentication flow:
|
Username-dependent password check | 7.3 | Username determines how to check the password. Migration hint Combine the following plugins in the authentication flow:
|
Check policy on login | 7.3 | Check if the password policy is met when checking passwords during login. This may be used to force a password change to meet new policy requirements. Migration hint Set property Policy To Check On Login in plugin Password Authentication Step in the authentication flow. |
Check password with RADIUS server (AI-13443) | 7.7 | Check user passwords by calling a 3rd party RADIUS server as done by the RADIUS Authenticator plugin. |
Password frequency checker | on request only | Heuristic detection of horizontal password guessing attacks (Attack Detector settings in JSP-Loginapp). |
Check password against configuration (AI-13444) | on request only | Check username and password against a list of users and passwords stored in the configuration. |
Change password
Feature | Version | Description and migration hints |
Mandatory password change | 7.3 | Force the user to change the password during the login process. Migration hint Use plugin Mandatory Password Change Step in the authentication flow. |
Password change without old password | 7.4 | If the password change is performed during the login process, the old password does not need to be entered again (if enabled in configuration). Migration hint Use the property Old Password Required in Mandatory Password Change Step >> Mandatory Password Change Config (in the authentication flow). |
Voluntary password change | 7.4 | Password change self-service for authenticated users. Migration hint Define a password change flow in Loginapp >> Protected Self-Services >> Protected Self-Service Flows and use the pluginPassword Change Self Service Step. |
Password change button on login page (AI-13446) | 7.7 | Show a password change button on the login page, so users can choose to log in and then change the password. |
Password reset self-service
Feature | Version | Description and migration hints |
Password-reset self-service | 7.3 | Password reset self-service in general. Migration hint Define a flow in User-Self-Service Settings >> Password Reset Flow. |
User verification: OTP via email | 7.3 | To verify the user identity, send an OTP via email. The user types in OTP in the same browser session. Migration hint In the password reset flow use the E-Mail Identity Verification Step. |
User verification: Link via Email (AI-13448) | 7.7 | To verify the user identity, send a link via email. The user clicks on the link. The verification may take place in a new browser session. The link may also originate from the Adminapp issued by the helpdesk. |
User verification: Secret questions | 7.3 | To verify the user identity, ask for answers to secret questions. Migration hint In the password reset flow use the Secret Questions Identity Verification Step. |
User verification: mTAN/SMS | 7.3 | To verify the user identity, send an OTP via SMS to the user and verify it (in the same browser session). Migration hint In the password reset flow, use the SMS Identity Verification Step. |
User verification: based on auth method | 7.3 | Choose one of the above user verification types based on the user's current authentication method. Migration hint In the password reset flow, use a Selection Step for Password Reset with a condition involving the Active Authentication Method plugin. |
2nd-factor check Airlock 2FA | 7.4 | Use Airlock 2FA as a 2nd-factor check in the password reset flow. Migration hint In the password reset flow, use the Airlock 2FA Factor Step. To select one of multiple 2nd-factor, use the Selection Step for Password Reset with a corresponding condition (e.g. Active Authentication Method). |
2nd-factor check Cronto | 7.3 | Use Cronto as a 2nd-factor check in the password reset flow. Migration hint In the password reset flow, use the Cronto Factor Step. To select one of multiple 2nd-factor, use the Selection Step for Password Reset with a corresponding condition (e.g. Active Authentication Method). |
2nd-factor check mTAN | 7.3 | Use mTAN (SMS) as a 2nd-factor check in the password reset flow. Migration hint In the password reset flow, use the mTAN Factor Step. To select one of multiple 2nd-factor, use the Selection Step for Password Reset with a corresponding condition (e.g. Active Authentication Method). |
Restriction providers | 7.3 | Restrict the password reset feature to users with certain properties (e.g. locked users). Migration hint Use the property Restrictions in the Password Reset Flow plugin. |
Feedback if user does not exist (user enumeration protection) | 7.3 | Configure feedback given to the end-user in the case that the specified user does not exist. This can be used to either enable or disable user enumeration protection. Migration hint Configure plugin Default Password Reset Restrictions in the property Restrictions in the Password Reset Flow plugin. |
Username transformation | 7.3 | Transform the user name provided by the end-user. Migration hint Use property Username Transformers in the Password Reset Flow plugin. |
CAPTCHAs (AI-13449) | 7.7 | The end-user must solve a CAPTCHA before being able to start the password reset flow. |
Order password letter | 7.4 | Option to let the user order a new password letter instead of setting a new password. Migration hint In the password reset flow, use the Password Letter Order Step (Password Reset) plugin. Combine it with a Selection Step for Password Reset to give the end-user a choice. |
Other features
Feature | Version | Description and migration hints |
Password hash functions | 7.3 | All password hash functions of the JSP-Loginapp are still available and can be configured in the corresponding flow steps. |
Password policy checks | 7.3 | All password policy checks of the JSP-Loginapp are still available and can be configured in the corresponding flow steps. |
Show link to password reset self-service | 7.3 | Show link to the password reset self-service on the login page (if the service is enabled). Migration hint Go to In the affected Authentication & Authorization UI plugin, add a custom step UI of type Password Authentication UI (for the affected authentication step). In the Password Authentication UI plugin, set the Password Reset Flow Link. |
Show link to self-registration | 7.3 | Show link to the user registration self-service on login page (if the service is enabled). Migration hint Go to In the affected Authentication & Authorization UI plugin, add a custom step UI of type Password Authentication UI (for the affected authentication step). In the Password Authentication UI plugin, set the UUser Self-Registration Link. |
End-to-end encryption (UI only - AI-13077) | On request only | End-to-end encryption support in the web UI. The Loginapp REST API supports password end-to-end encryption. The feature is thus available for custom web UIs but not yet for the Loginapp REST UI. |