Access management with Airlock IAM

Access control for protected services is an important use case of the Airlock Microgateway. Existing identity services can be integrated using JWKS access tokens. However, close integration with Airlock IAM offers many benefits and unlocks a rich set of IAM functionality for Airlock Microgateway deployments.

This chapter provides integration blueprints. Basic knowledge of Airlock IAM is assumed as a prerequisite.

The Airlock IAM Loginapp can be integrated in the Airlock Microgateway as follows:

1. Determine the Airlock Gateway version of the Microgateway release from the release notes section.
2. Download the Airlock IAM mapping templates compatible with the Airlock Gateway version: (Ergon) Online Manual - Airlock IAM Mapping Templates
3. Configure the mapping templates using the DSL attribute apps.mappings.mapping_template_file
4. Parameterize the IAM mappings, e.g., by:
• enabling relevant allow rules using DSL attributes. For further details check Using predefined allow rules.
• The expert setting RolesWhitelist.* must be configured, in case that a different Airlock Microgateway is protecting Airlock IAM than the back-end, but share a common session store (see architecture Protecting Airlock IAM with separate Microgateways and shared session store).
• enabling or disabling header actions using DSL attributes. For further details check Configuration of request and response actions.

• (Ergon) Airlock IAM - Central access management
• (Ergon) Online Manual - Airlock IAM