Matrix card authentication

Matrix cards (also called "grid cards") are used as a second factor to authenticate users. A user has a list of codes - typically printed on paper - that are requested to be entered in the authentication process.

Airlock IAM offers the following services for matrix cards:

• Authentication
• Self-Services (see Matrix card self-service (JSP-Loginapp))
• Generation of matrix cards

The following types of matrix cards are supported:

• Matrix card (a grid card with codes organized in a coordinate system):



• Indexed TAN-list (an indexed sequence of codes, so every code has an associated index):

Note that the "TAN list" mode without indices will be removed in future versions of Airlock IAM. It has serious security draw-backs and has therefore be deprecated.

• During the authentication process the user is required to enter one or more matrix codes.
• Depending on the configuration, it is either a coordinate (matrix card) or an index (indexed TAN-list).
• The user then enters the code which he is able to retrieve from the printed list of matrix codes that was sent to him.
• After entering the correct matrix code(s), the user is authenticated successfully.

• Configuration in the Loginapp REST UI: Use the Matrix Authentication Step in the authenticaiton flow.
• Configuration in the JSP-Loginapp:
• Matrix card configuration in the JSP-Loginapp
• Matrix card self-service (JSP-Loginapp)
• Configuration in the Adminapp: Matrix card management in the Adminapp
• Configuration in the Service Container: Matrix card generation in the Service Container