User transformation configuration hints

There are many processes in Airlock IAM (e.g. a login process) starting with a username. To maximize flexibility, username transformation can be configured separately in different places.

The following configuration entry points allow to configure username transformation (newer IAM versions or deployments containing custom code or additional modules may offer more):


Configuration Entry Point

Used to transform usernames when ...

(Loginapp REST UI)

Loginapp >> Authentication API Settings >> a Flow in a target application

... authenticating end-users in the Login Flow Authentication REST API.


Loginapp >> User Store

... determining the user in the Loginapp REST API.


Loginapp >> User Store >> LDAP Connector

... adding or removing pre- and postfixes in usernames in hybrid (DB/LDAP) scenarios.


Loginapp >> Authentication Settings

... authenticating end-users in the Loginapp (JSP) (form-based).


Loginapp >> Password Settings >> Password Settings

... determining the user for password reset self-service in Loginapp (JSP) (form-based).


Loginapp >> Password Settings >> Password Settings >> Reset Self-Service >> a user verification plugin

... determining end-user for channel verification (e.g. email) during password self-reset.


Loginapp >> Authentication Settings >> HTTP Basic Auth Service

... authenticating end-users via HTTP Basic Auth.


Loginapp Settings >> NTLM Front-Side Settings

... authenticating end-users via front-side NTLM.


Loginapp >> OAuth 2.0/OIDC Client >> JSP Client Settings >> an OAuth or OIDC client configuration

... authenticating end-users via OAuth 2.0 or OpenID Connect (IAM as Client or Relying Party)


Loginapp >> SAML Settings >> SAML Sp Settings

... authenticating end-users via SAML 2.0 (IAM as service provider)


Loginapp >> Airlock One-Shot Authentication >> a target application configuration

... extracting credentials from HTTP requests in "one-shot" authentication (only in selected extractors).

Service container

Service Container >> RADIUS Service

... authenticating end-users via RADIUS (IAM as RADIUS server).

Transaction approval

Transaction Approval >> Transaction Approval Flow

... approving transactions for end-users.


Adminapp >> REST API Configuration

... determining end-users in REST resources of the Adminapp REST API.