The Airlock IAM Loginapp provides self-service features that allow logged-in users to manage their own Airlock 2FA app devices.
It provides the following features:
- View Airlock 2FA devices.
- Change the display name of the devices.
- Remove devices.
- Add new devices.
The features are provided both as REST API and in the Loginapp REST UI (single-page login application).
There is no web front-end in the Loginapp (JSP). The UI is only available in the Loginapp REST UI (single-page login application).
See Using the Airlock 2FA self-services UI with the JSP-based Loginapp on how to use the Loginapp REST UI in combination with the Loginapp (JSP).
The Airlock 2FA token management self-service offers security-critical services to the end-user. This is especially true for the service to add new app devices.
Make sure that the IAM configuration guarantees that:
- the self-service is only accessible after strong user authentication.
- that unused services are disabled in the configuration.
