License and usage analytics

Airlock IAM can send information about itself to an Airlock cloud service. The collected data will be analyzed using data science methods. This helps Airlock focus on improving the features that matter most to customers.

The data and any insights gained will not be shared with third parties.

 
Notice

License analytics data will always be transmitted to the Airlock cloud service when the License and Usage Analytics plugin is configured in the configuration.

Usage analytics data will only be transmitted to the Airlock cloud service if the License and Usage Analytics plugin is configured in the configuration and the Enable Usage Analytics property is enabled.

Currently this plugin is optional. If it is not configured, no data will be sent. Futhermore, the Enable Usage Analytics property is ignored and no usage analytics data is transferred. However, in accordance with IAM license terms, the plugin will become mandatory in future versions of IAM.

Contents of license and usage analytics

The data transferred is divided into License Analytics and Usage Analytics.

  • License Analytics includes only the data necessary to confirm the proper use of the licensed product.

  • This includes the following information:

    • The license itself
    • The version of Airlock IAM
    • The number of users in the database
    • The deployment form (SCA vs. container)
    • The configuration of the License and Usage Analytics plugin
  • Usage Analytics includes data about the product's configuration.

  • This includes the following information:

    • Anonymized plugin configuration from the medusa-configuration.xml file
    • Anonymized instance configuration from the instance.properties file
    • DB schema information
    • IAM metrics

  • Anonymized means that all configuration files are processed to remove secrets, plugin names, host names, URLs, and any other property values that could identify the customer or reveal information about the system's infrastructure.

Data transfer

The following image explains how the analytics data is transferred from the IAM server to the Airlock cloud service.

The data transfer is implemented as follows:

  1. An administrative user logs in to the Adminapp.
  2. The IAM server determines if a data transfer is required. IAM enforces per server a throttle limit of at most one transfer per day.
  3. IAM prepares the data set and stores a plaintext local copy if a transfer is required. An encrypted copy and the authentication key are sent to the administrative user's browser.
  4. The administrative user's browser authenticates the Airlock cloud service and delivers the encrypted copy of the data.
  5. The Airlock cloud service receives and stores the data locally in blob storage for further processing.

The Airlock cloud service is hosted on Azure in the switzerlandnorth region. This ensures that Airlock only processes this data in Switzerland.

Security

With each version of IAM, two keys are bundled with the product as follows:

  • Authentication key: Symmetric key to authenticate to the Airlock cloud service. This key prevents unauthenticated traffic from congesting the cloud service.
  • Encryption public key: Asymmetric key used to encrypt the data set before it is transferred to the Airlock cloud service. This protects the data against man-in-the-middle attacks.

Transparency

IAM administrators with access to the file system of the IAM server can verify the contents of the license and usage analytics data being transferred.

For each transfer, IAM collects all the data to be included in the transfer and stores it in plain text in the following location:
/iam/instances/<instance-name>/usage/usage-data.json

Storing this information is optional. If the storage location is not accessible, the data transfer will still go through without any issues.

Configuration

  1. In the Config Editor, go to
    Adminapp
  2. In the section Advanced Settings, in the property License and Usage Analytics, create and edit a License and Usage Analytics plugin.
  3. Disable the Enable Usage Analytics property if you do not want to share usage analytics data.

Example license analytics data

The following example shows what data is included in the license analytics data. Note that it has been abbreviated for easier readability.

 
Example
{
  "createdAt": "2025-02-26T16:18:16.393+01:00",
  "iamVersion": "8.4.0",
  "license": {
    "licenseText": "-----BEGIN LICENSE-----\neJyNVtlyo0gW/ZUJP0-----END LICENSE-----
    "structured": {
      "bundles": [
        "API_ACCESS_MANAGEMENT",
        "IDM",
        "FEDERATION_IDP_OP",
        ...
      ],
      "environment": "Development and Integration",
      "issuedOn": "2024-12-01",
      "licensedInstances": 100,
      "licensedMac48Addresses": ["11:22:33:44:55:66"],
      "licensedTags": [
        "OAuthSocialRegistration",
        "OAuthTokenExchange",
        "OAuthAccountLinking",
        "OAuthClient",
        "OAuthServer",
        ...
      ],
      "licensedUsers": 100,
      "owner": "Airlock PD IAM",
      "validFrom": "2025-01-10",
      "validUntil": "2025-03-31"
    }
  },
  "runningInDocker": false,
  "usageAnalyticsEnabled": true,
  "userCount": 12
}