10.6.1. User transformation configuration hints

There are many processes in Airlock IAM (e.g. a login process) starting with a username. To maximize flexibility, username transformation can be configured separately in different places.

The following configuration entry points allow to configure username transformation (newer IAM versions or deployments containing custom code or additional modules may offer more):

Module
Configuration Entry Point
Used to transform usernames when ...
Loginapp
(Loginapp REST UI)
Loginapp >> Authentication API Settings >> a Flow in a target application
... authenticating end-users in the Login Flow Authentication REST API.
Loginapp
 
Loginapp >> User Store
... determining the user in the Loginapp REST API.
Loginapp
Loginapp >> User Store >> LDAP Connector
... adding or removing pre- and postfixes in usernames in hybrid (DB/LDAP) scenarios.
Loginapp
(JSP-Loginapp)
Loginapp >> Authentication Settings
... authenticating end-users in the Loginapp (JSP) (form-based).
Loginapp
(JSP-Loginapp)
Loginapp >> Password Settings >> Password Settings
... determining the user for password reset self-service in Loginapp (JSP) (form-based).
Loginapp
(JSP-Loginapp)
Loginapp >> Password Settings >> Password Settings >> Reset Self-Service >> a user verification plugin
... determining end-user for channel verification (e.g. email) during password self-reset.
Loginapp
Loginapp >> Authentication Settings >> HTTP Basic Auth Service
... authenticating end-users via HTTP Basic Auth.
Loginapp
Loginapp Settings >> NTLM Front-Side Settings
... authenticating end-users via front-side NTLM.
Loginapp
Loginapp >> OAuth 2.0/OIDC Client >> JSP Client Settings >> an OAuth or OIDC client configuration
... authenticating end-users via OAuth 2.0 or OpenID Connect (IAM as Client or Relying Party)
Loginapp
Loginapp >> SAML Settings >> SAML Sp Settings
... authenticating end-users via SAML 2.0 (IAM as service provider)
Loginapp
Loginapp >> Airlock One-Shot Authentication >> a target application configuration
... extracting credentials from HTTP requests in "one-shot" authentication (only in selected extractors).
Service container
Service Container >> RADIUS Service
... authenticating end-users via RADIUS (IAM as RADIUS server).
Transaction approval
Transaction Approval >> Transaction Approval Flow
... approving transactions for end-users.
Adminapp
Adminapp >> REST API Configuration
... determining end-users in REST resources of the Adminapp REST API.