Terms and conditions
12.5. Terms of service (ToC)

Airlock IAM can be used as a central enforcement point for terms of service (ToC) before applications can be accessed.

It provides the following features:

  • Definition of multiple ToC texts in multiple languages.
  • Ensure user consent to ToC before granting access to applications
  • Re-assure user consent after changing ToC
  • Different ToCs for different applications
  • Each application may ask for multiple ToCs

How it works

  • For each ToC, a tag (an arbitrary string) is defined in the configuration.
  • Examples:

    • eBankingToC-2018-1
    • ^portalDisclaimer-5
  • For each accepted ToC the corresponding tag is stored in the user record.
  • Each target application defines whether and which ToC are relevant for access.
  • If an application is accessed via IAM, all ToC tags required by the application must be present for the user. If not, the corresponding ToCs are displayed after login.
  • In order to perform the check, the login application must be configured such that it is involved every time an application is accessed for the first time within a session.

    Usually, this means that only the Airlock Gateway (WAF) roles/credentials required for the accessed application are granted.

Further information and links

  • Configuration in the Loginapp REST UI: Use the Terms Of Services Step in the authentication (or authorization) flow of the affected applications.
  • Configuration in the JSP-Loginapp: Application Settings >> target application >> Terms of Services.