The Airlock IAM Loginapp provides self-service features that allow logged-in users to manage their own Airlock 2FA app devices.
It provides the following features:
- ●View Airlock 2FA devices.
- ●Change the display name of the devices.
- ●Remove devices.
- ●Add new devices.
The features are provided both as REST API and in the Loginapp REST UI (single-page login application).
There is no web front-end in the Loginapp (JSP). The UI is only available in the Loginapp REST UI (single-page login application).
See 10.2.2.3.3.1. Using the Airlock 2FA self-services UI with the JSP-based Loginapp on how to use the Loginapp REST UI in combination with the Loginapp (JSP).
The Airlock 2FA token management self-service offers security-critical services to the end-user. This is especially true for the service to add new app devices.
Make sure that the IAM configuration guarantees that:
- ●the self-service is only accessible after strong user authentication.
- ●that unused services are disabled in the configuration.
