Airlock SaaS concept
This article provides a high-level overview to Airlock SaaS. It describes the setup of the Airlock SaaS solution, shortly introduces the concept of roles and permissions, and gives an overview of the Airlock SaaS service components.
Overview
Airlock SaaS is a cloud service providing Airlock IAM, an authentication and identity management solution for web applications. The Airlock SaaS service allows you to easily manage the Airlock IAM solution protecting your applications as well as the end-users of your applications. To perform these tasks, Airlock Saas provides the Airlock SaaS Management Center. This documentation explains how to work with the SaaS Management Center.
At the core of the SaaS Management Center is the organization, which represents your company's organization. An organization is made up of one or more tenants. A tenant allows you to manage an IAM instance with your applications and the associated end-user data. Each IAM instance behaves according to the IAM configuration deployed to it. The IAM configuration is a set of files that defines the access and identity management settings for your applications.
The tenant managing the IAM instance with your active applications is called the production tenant. To try out new IAM configurations, you may have additional test and staging tenants.
Actors, roles and permissions
In Airlock SaaS, the users that interact with the Airlock SaaS Management Center are called actors. Actors hold certain roles with corresponding permissions. These permissions allow performing the tasks associated with the role. By assigning a role to a user, the corresponding permissions are granted.
The Airlock SaaS service differentiates between users and end-users:
- Users are your company's employees who work with the Airlock SaaS Management Center. They are the actors discussed here.
- End-users are the persons that access and use your application(s). The authentication and identity management settings defined in your IAM configuration apply to the end-users.
In the context of the Airlock SaaS Management Service, currently the most important actor is the administrator. The administrator is responsible for the administration and operation of the Airlock SaaS service. An administrator with the role SaaS Administrator has access to the entire organization, all its tenants and all other administrators. Additionally, this person can manage generic secrets and key pairs used in the IAM configurations.
For a detailed overview of all SaaS actors, roles and permissions, see SaaS roles and permissions.
Components of the Airlock SaaS service
The Airlock SaaS service consists of the following components:
Airlock SaaS Management Center | The user interface and all components that make up the SaaS service. |
SaaS Management Center Loginapp | The SaaS Management Center Loginapp is the access point for all administrators working with the SaaS service; it is where they log in to the SaaS Management Center. |
SaaS Management Center Adminapp | The SaaS Management Center Adminapp is where the administrators of the SaaS service can manage other administrators of the SaaS service. |
Tenant IAM | A tenant IAM is the IAM instance to which this tenant is deployed. Each tenant has its own instance. |
Tenant Loginapp | The tenant Loginapp is the access point for all end-users using your application(s); it is where the end-users log in to your application(s). |
Tenant Adminapp | The tenant Adminapp is where administrators of your SaaS service can manage the end-users of your application(s). |