IAM with Microgateway and shared session store
Protecting Airlock IAM with separate Microgateways and shared session store

This setup uses separate Microgateways for each protected service and for Airlock IAM. As a consequence, the different Microgateway deployments are independent. If service 1 must be reconfigured, Microgateways for other services are unaffected. SSO state is synchronized using a common Redis database.

Characteristics of setup

  • Similar to Separate Microgateway for each service, which means, that the same arguments apply here.
  • Separate Microgateway for Airlock IAM and each service.
  • Roles are set using the Airlock Control API. On the Microgateway protecting Airlock IAM, roles must be whitelisted using the expert settings "RolesWhitelist.*"
  • Each Microgateway is connected to the same Redis service for SSO state synchronization, as described in section Session handling.