Airlock 2fa Token enrollment using the mobile browser

In a scenario with a desktop browser and a mobile device, it is no problem to scan a QR code with the mobile from the screen. Doing the same thing in a mobile-only scenario will not work.

To support the mobile-only use case, Airlock IAM is able to use the custom protocol mechanism of the Android and iOS operating systems and send the activation challenge directly to the Airlock 2FA app.

An additional button Open Airlock 2FA App is displayed in the token enrollment web UIs (token migration in authentication flow and protected self-service) as shown in the following screenshot.

Airlock2FAMobileEnrollment

Removing the mobile-only button from the Loginapp REST UI

By default, the Loginapp REST UI displays the aforementioned button in the following use-cases:

  • Migration to Airlock 2FA in authentication flow.
  • Airlock 2FA activation in the Airlock 2FA management self-service.

To hide the button from the Loginapp REST UI, follow the instructions below:

  1. In the authentication flow (token migration):
  2. Go to:
    Loginapp >> Authentication Flows >> selected or all authentication flows
  3. Find the Airlock 2FA Activation Step plugin (or plugins).
  4. Make sure that the plugin has a Step ID configured in the Flow Control section.
  5. Go to:
    Loginapp >> UI Settings >> Authentication UIs >> {Flow UIs}
  6. Create and edit an Airlock 2FA Activation Authentication UI in the Customized Step UIs list.
  7. Select the Step ID of the Airlock 2FA Activation Step plugin.
  8. Disable the Show App Device Activation Link checkbox.
  9. The Loginapp REST UI will no longer show the mobile-only button.
  1. In the protected self-services:
  2. Go to:
    Loginapp >> Protected Self-Services >> Protected Self-Service Flows
  3. Find the Airlock 2FA Activation Step plugin or plugins.
  4. Make sure that the plugin has a Step ID configured in the Flow Control section.
  5. Go to:
    Loginapp >> UI Settings >> Protected Self-Service UIs >> {Flow UIs}
  6. Create and edit an Airlock 2FA Activation Step Self-Service UI in the Customized Step UIs list.
  7. Select the Step ID of the Airlock 2FA Activation Step plugin.
  8. Disable the Show App Device Activation Link checkbox.
  9. The protected self-service flow will no longer show the mobile-only button.