General information about Airlock IAM flows

Flow design and flow visualization

Flows are designed (or defined) in the configuration using the Config Editor. In addition to selecting steps and putting them in a particular order, additional flow concepts like various types of conditions, selection, goto, and dynamic step activation allow modeling more complex flows.

The mentioned flow concepts are explained in detail in this chapter.

Consider the following example showing a very simple 2-factor authentication flow in the Config Editor:

Airlock IAM flows can be visualized by clicking the visualizer button next to the flow property – this opens the integrated Flow Visualizer. It creates a flow chart based on the current flow configuration.

Select a flow chart element with a mouse click to display detailed information:

Flows and REST APIs

Flow steps can be interactive and non-interactive. While non-interactive steps are simply processed, the interactive ones expose REST API end-points (see REST API specification for details). The flow state machine in IAM enforces a valid sequence of steps and expects the REST client to act accordingly.

Consider the following password reset flow example:

Public-Self-Service-Password-Reset-Simple

More details can be found in the sub-sections of this chapter.

Starting a flow

The following table shows which URL will start which type of flow:

Flow type	URL
Authentiction flow	`/public/authentication/applications/{applicationId}/access` `/public/authentication/default-application/access/` `/public/authentication/location/access/`
Protected self-service flow	`/protected/self-service/flows/{flowId}/select/`
Public self-service flow	`/public/self-service/flows/flowId/select/`
Self-registraton flow	`/public/user-self-registration/{flowId}/select/`

All the calls in the above table use URLs that start with https://{{host}}:{{port}}/{{contextPath}}/ and all flows are started with a POST.

It is not possible to have more than one flow running simultaneously. IAM will return an error code with information about the active flow and the expected nextStep in the response.

Cancelling a flow

If a flow is to be cancelled before it has run its full course, the following table will show which URL will cancel which type of flow:

Flow type	URL
Authentiction flow	`/public/authentication/flow/`
Protected self-service flow	`/protected/self-service/flow/`
Public self-service flow	`/public/self-service/flow/`
Self-registraton flow	`/public/user-self-registration/flow/`

All the calls in the above table use URLs that start with https://{{host}}:{{port}}/{{contextPath}}/ and all flows are cancelled with a DELETE.

Further information and links

For more information about the IAM flow visualization, see also Flow step plugins in IAM flows.
For more REST API usage examples, see Loginapp REST API and Transaction approval REST API.