This is about the mapping of the protected target application / service (and not about the Airlock IAM mapping).
The following form fields need to be configured to activate one-shot authentication flow on a Airlock Gateway mapping (main mapping tab):