Airlock Gateway (WAF) as Access Policy Enforcement Point

The Airlock Gateway (WAF) acts as Access Policy Enforcement Point, i.e. it decides for each request, whether the user (technically: the corresponding session) may access an application or not.

Required information

To do so, it needs the following information:

  • Target Applications
    • what roles are required to access an application
    • what to do, if access is not granted: In this case, the user's browser is redirected to Airlock IAM

Applied to the above example scenario, the Airlock Gateway (WAF) roughly holds the following access policy information:


Required Role

Public Portal


Customer Portal


Admin Portal


Airlock Gateway (WAF) configuration

The above information is stored in the Airlock Gateway (WAF)'s mapping configuration.
Please refer to the mapping part in the Airlock Gateway (WAF) online manual (available in the Gateway (WAF) management center web application and online on the Techzone).