Authentication flow configuration

Applications authenticating against an OAuth 2.0 AS require a corresponding authentication flow. Creating a new authentication flow involves the following steps.


  • The authorization server must already be configured.

Target application

  1. Go to Loginapp >> Applications and Authentication
  2. Create a new Target Application in the Applications section
  3. Configure Application ID and Application Selector
  4. Create an OAuth 2.0/OIDC ID Propagator plugin
  5. Optionally configure Airlock Gateway (WAF) Mapping Roles (Credentials)
  6. The target application is configured with identity propagation but without an authentication flow

Authentication flow

  1. Go to Loginapp >> Applications and Authentication >> your target application
  2. Create an Authentication Flow plugin with the following properties
    • Start the flow with a user-identifying step (e.g. Username Password Authentication Step)
    • Optionally add additional authentication steps (e.g. Airlock 2FA Step for Authentication)
    • Configure the flow to provide the authenticated tag on success
    • Optionally add a skip condition for the authenticated tag
    • Add an OAuth 2.0 Consent Step after the authentication steps
  3. Add tags and conditions based on your previous configuration of "Role Transformation Rules" and "Specific Access Policy in "OAuth 2.0 AS Access Config"

Authorization flow

  1. Optionally, configure an authorization flow including the following steps:
  2. Required Role Step
  3. Terms of Service Step

Authorization server

  1. Go to Loginapp >> OAuth 2.0/OIDC Authorization Servers >> {{AS-ID}} >> OIDC Authorization Code / Hybrid Flow
  2. In the Flow Settings section configure the Flow Application ID with the previously configured Application ID of the target application