The Airlock IAM Loginapp provides protected self-services to end-users. These services require the end-user to be authenticated.
- Examples of protected self-services:
- Password change self-service.
- Airlock 2FA token management self-service.
- User profile self-service.
To control access to internal services, Airlock IAM supports two mechanisms that can be configured on every individual internal service flow.
- Access control for protected self-services:
- Access Conditions are used to determine if an end-user is permitted to use this particular flow. A long list of plugins is provided for the configuration of access conditions.
Example: A user that does not have a particular authentication means does not need to be able to order an activation letter for such a device. - Authorization Conditions are used to determine if an end-user is sufficiently authenticated to use this flow. Tags are used to verify these conditions.
Example: A user that was only authenticated with a username and password should not be able to use a user profile self-service.