Approval steps

The approval step is the one that actually asks the user for approval. How this is done depends entirely on the configured approval step.

• All approval steps have the following in common:
• Present transaction details to the user using a separate channel (e.g. SMS, push message, QR code).
• Get the user's approval (e.g. enter OTP code, press a button on the phone, scan a QR code.)

Airlock IAM 7.7 supports the approval steps below by default. Custom approval steps may be added.

0. The Airlock 2FA approval step works as follows:
1. Send push messages with transaction information to the Airlock 2FA app.
2. Transaction details are displayed and the user presses the Approve button.

0. Alternative flow if the smartphone is offline:
1. When waiting for user approval, the REST client (e.g. e-banking) may display a QR code containing transaction information.
2. The user scans the QR code with the Airlock 2FA app and enters the displayed code to approve the transaction.

0. Alternative flow for mobile-only (single device) cases:

If the business app (e.g. mobile banking app) and the Airlock 2FA factor reside on one and the same smartphone, the mobile-only transaction approval scheme is used.

1. The business app requests a challenge from the IAM REST API and passes it either to the Airlock 2FA app (app-to-app communication) or to Futurae's app SDK.
2. The user is asked to confirm the transaction. This will call the Airlock 2FA app (or the SDK) to confirm the transaction with the Futurae cloud.
3. The business apps then poll for the decision using the IAM REST API and proceed according to the result.

0. The Cronto Push transaction approval step works as follows:
1. Send push messages with transaction information to the Cronto app.
2. Transaction details are displayed and the user confirms the transaction on the Cronto app.

0. Alternative flow if the smartphone is offline:
1. When waiting for user approval, the REST client (e.g. e-banking) may display a Cronto cryptogram containing transaction information.
2. The user scans the cryptogram with the Cronto app and enters the displayed code to approve the transaction.

0. The mTAN transaction approval step works as follows:
1. Send transaction information and an OTP code via SMS to the user.
2. The user enters the OTP code to approve the transaction.

0. The approval steps with matrix cards work as follows:
1. Display matrix challenge to the user.
2. The user enters code according to the matrix challenge to approve the transaction.


No transaction information is part of this approval step. There is no way for the user to verify transaction information when approving the transaction. This approval is merely a "re-authentication" step.

0. The Kobil TMS transaction approval step works as follows:
1. Send a push message with transaction information to the mobile app.
2. Transaction details are displayed and the user confirms the transaction on the mobile app.

Note that Kobil TMS support has been deprecated: It will no more be supported in IAM 8.0 and later.

• Airlock 2FA configuration overview
• CrontoSign push setup
• mTAN/SMS authentication
• Matrix card authentication
• Kobil AST authentication
• More information about how to implement custom REST services can be found in the IAM Custom Development Guide. You can request the latest version of the IAM Custom Development Guide by opening a support ticket. See (ergon.ch) Techzone - Airlock support process) for more information.