10.2.2.3.3. Token management self-service

The Airlock IAM Loginapp provides self-service features that allow logged-in users to manage their own Airlock 2FA app devices.

It provides the following features:

  • View Airlock 2FA devices.
  • Change the display name of the devices.
  • Remove devices.
  • Add new devices.

The features are provided both as REST API and in the Loginapp REST UI (single-page login application).

There is no web front-end in the Loginapp (JSP). The UI is only available in the Loginapp REST UI (single-page login application).

See 10.2.2.3.3.1. Using the Airlock 2FA self-services UI with the JSP-based Loginapp on how to use the Loginapp REST UI in combination with the Loginapp (JSP).

The Airlock 2FA token management self-service offers security-critical services to the end-user. This is especially true for the service to add new app devices.

Make sure that the IAM configuration guarantees that:

  • the self-service is only accessible after strong user authentication.
  • that unused services are disabled in the configuration.

Example screenshots

Airlock2FASelfService-List2Devices
Airlock2FASelfService-RenameDevice