Token management self-service
The Airlock IAM Loginapp provides self-service features that allow logged-in users to manage their own Airlock 2FA app devices.
It provides the following features:
- View Airlock 2FA devices.
- Change the display name of the devices.
- Remove devices.
- Add new devices.
The features are provided both as REST API and in the Loginapp UI (single-page login application).
Risk
The Airlock 2FA token management self-service offers security-critical services to the end-user. This is especially true for the service to add new app devices.
Make sure that the IAM configuration guarantees that:
- the self-service is only accessible after strong user authentication.
- that unused services are disabled in the configuration.
