Authentication methods in IAM

Airlock IAM supports many authentication methods that may be combined into authentication flows.

Note that Airlock IAM also provides authentication method-related user self-services - such as token migration and token self-management facilities - and token management features.

 
Info

An authentication method can support one or multiple authentication factors.

Examples:

  • Authentication method mTAN supports OTP as the only factor.
  • Authentication method Airlock 2FA supports the following factors: Push, OTP, QR-Code, and challenge-response.
 
Info

In general, strong authentication requires the combination of at least two different categories of authentication factors.

Factor categories:

  • Possession – something that a person proves to have. This could be a physical or virtual possession such as a hardware OTP token, a certificate USB stick, or a smartphone.
  • Knowledge – something that a person knows. This could be a username/password combination, the correct answer to a challenge, etc.
  • Inherent – some physical attribute that is associated with a person. This could be a fingerprint, iris scan or a voice sample, etc.

Methods

Factor(s)

Comment

  • Password

Usage

  • for weak authentication
  • as 1st factor in multi-factor authentication
  • Push (One-Touch)
  • QR-Code with (mobile app and hardware tokens)
  • Usernameless QR code
  • OTP (Passcode)
  • Challenge-response (mobile-only)

Usage

  • 2nd factor
  • passwordless
  • transaction approval
  • approval step in self-services

Requirements

  • Smartphone or hardware token
  • Airlock 2FA app or custom app.
  • Airlock 2FA service subscription
  • OTP via SMS

Usage

  • 2nd factor
  • transaction approval

Requirements

  • SMS gateway supported by Airlock IAM (or custom plugin).
  • Users need a mobile phone or similar SMS receiver

Other information

  • Not allowed as 2nd factor for banks under PSD2 regulation.
  • Possession of the FIDO Authenticator/passkeys
  • PIN, fingerprint, etc. depending on FIDO Authenticator
  • Supports Windows Hello and others

Usage

  • 2nd factor
  • Passwordless (FIDO2 only)

Requirements

  • Users need FIDO Authenticator hardware keys or FIDO-enabled mobile apps.
  • Push
  • QR-Code

Usage

  • 2nd factor
  • transaction approval

Requirements

  • Smartphone or hardware token
  • Cronto app or custom app
  • Cronto license
  • OTP

Usage

  • 2nd factor

Requirements

  • OATH compatible OTP generator (app or hardware device)
  • OTP

Usage

  • 2nd factor

Requirements

  • OneSpan OTP hardware devices
  • OneSpan license

Other information

  • Limited self-services
  • OTP

Usage

  • 2nd factor

Requirements

  • 3rd party authentication server with RADIUS server interface.

Other information

  • Typically used to check OTPs but challenge-response is also possible.
  • No self-services available.
  • OTP

Usage

  • 2nd factor

Requirements

  • RSA OTP hardware tokens
  • RSA server with RADIUS server interface
  • RSA license

Other information

  • No self-services available.
  • Challenge-response

Usage

  • 2nd factor

Requirements

  • Printed matrix card/TAN list (produced by Airlock IAM).