Setup
The role removal feature requires a configuration in the Airlock Gateway and a corresponding configuration in Airlock IAM.
Airlock IAM:
In this example, Airlock IAM is configured with three target applications with their own authentication flows and tags as follows:
- Each target application has its own flow and in the respective identity propagation, the respective role is derived from the tags and added to the Gateway.
- The tags needed to get the roles are shared between App 1 and App 2.
- Target App 3 and the corresponding role are only used for illustration purposes to show an unaffected app/role.
Airlock Gateway:
Airlock Gateway is configured to drop roles if the Anomaly Shield detects anomalous behavior on a particular mapping.
- Anomalous behavior on App 1 will remove both
role1
androle2
. - Anomalous behavior on App 2 will remove both
role1
androle2
. - Anomalous behavior on App 3 will remove
role3
.