Airlock Gateway as Policy Enforcement Point

The Airlock Gateway acts as  Policy Enforcement Point for access decisions. It decides for each request whether the user (technically: the corresponding session) may access an application or not.

Required information

  • To enforce the policy decisions, Airlock Gateway needs the following information on every mapping:
  • Which roles are required to access one of the connected backend applications?
  • The redirect URL to use in case access is denied. Typically the Airlock Gateway will redirect the user's browser to Airlock IAM.

Applied to the example scenario, the Airlock Gateway holds the following access policy information:

Mapping (backend application)

Required role

Public Portal


Customer Portal


Admin Portal


Airlock Gateway configuration

The above information is stored in the Airlock Gateway's mapping configuration.
Refer to the mapping part in the Airlock Gateway online manual, which is accessible through the Gateway management center help links and online