Username transformation: Login with multiple IDs

Airlock IAM may be configured such that users may log in using different user ids (e.g. a username as well as the email address). This concept is called Username transformation in IAM.

Example

User John Doe is stored in the directory or database with jdoe as the main user name and with john.doe@snakeoil.com in the email address attribute.

Airlock IAM can be configured such that John can log on using either jdoe or john.doe@snakeoil.ch.

In addition to this example, username transformation may also transform entered usernames in other ways.

• Examples:
• Upper- or lowercase transformation
• Applying arbitrary regular expressions (using capture groups)
• Lookups in other systems
• Custom plugin implementations
• Multiple user transformation plugins may be combined.

For user-name transformation to work as expected, it must usually be configured for different use-cases such as

• Authentication
• Password-reset self-service
• OAuth, SAML, and Co.
• Transaction approval
• User management
• RADIUS server

• Configuration example in the Loginapp REST UI: Username transformation configuration in the Loginapp REST API
• Configuration example in the JSP-Loginapp: Username transformation configuration in the JSP-Loginapp
• Configuration in various modules and services: User transformation configuration hints