Airlock IAM 7.4

Airlock IAM 7.7

Notable new features

Highlights of Airlock IAM 7.7

In terms of functionality, the new Loginapp REST UI pulls even with the old JSP Loginapp and again offers the migrated features with greater flexibility and capabilities. IAM 7.7 is the ideal release for migrating to the new loginapp because it contains both loginapps for the last time.

The most important feature enhancements are the implementation of the SAML Service Provider, the support of Risk-based Authentication and the Kerberos protocol in the flows. In addition, many other smaller features complete the scope of the new Loginapp.

Replacing the Loginapp

With IAM 7.7 you will find all the important building blocks of the JSP Loginapp also in Loginapp REST. So there is nothing standing in the way of a migration to the new Loginapp.

The Loginapp REST UI has been extended by the following functions in particular:

  • Password reset self-service with email links
  • Front-side Kerberos in flows
  • CAPTCHA support (reCaptcha and hCaptcha)
  • End-to-End-Encryption for passwords
  • Lockout self-service
  • Client fingerprinting-based user account lockout
  • On-Behalf Identity Propagator (SSO for legacy systems)
  • SAML Service Provider

SAML Service Provider

SAML remains a widely and often used federation protocol. With IAM 7.7, the SAML SP has been updated to work with the new Loginapp. This allows IAM to be used both as a SAML service provider and as a SAML identity provider while benefiting from the flexible flow authentication capabilities.

Flow Visualization

Sometimes you can't see the forest for the trees. This can be the case when you need to understand an IAM configuration that you may not have touched for a long time (or have never touched at all).

This is where the new flow diagram comes to the rescue. The graphical display of an IAM flow ensures that even complicated processes become clear and comprehensible. The flow diagram can also be exported as a PNG or SVG graphic for documentation purposes.

Risk-based Authentication

Risk-based authentication has been enhanced to allow the feature to be used more widely and better.

IAM flows can now be controlled by Risk Extractors. These are implemented by IAM itself (IP Address Range, Geolocation, User Agent, Impossible Journey) or in cooperation with an upstream gateway (Anomaly Shield Status, Client Fingerprinting). With Risk Extractors, IAM can optimize the UX during an authentication flow by either performing or skipping a step based on the risk tags.

For example, the gateway can be instructed by third-party systems (like a Fraud Detection System) or via internal functions (e.g., Anomaly Shield) to remove an authorization from the running user session. IAM 7.7 reinterprets these so-called role drops in the flows and forces the user during the authentication flow to regain the lost roles. For example, it is possible to verify a suspicious session by re-authenticating with a second character.

Event Notifications

Event notifications were introduced with IAM 7.5 and are now improved again with IAM 7.7:

  • Event notifications can now also be sent via SMS. If required, the notification is sent to all cell phone numbers that are stored in the user account.
  • The User Locked Event is triggered when an account is locked. In this case, new different notifications can be sent, depending on the cause of the lock (Lock Reason). Both the message and the channel (email, SMS) can differ.

Further innovations

  • Remember-Me self-service: Each user can view the list of all logged-in browsers and force a logout on another device if needed.
  • Username and password can be entered on separate screens. This allows case distinctions to be made after the username is entered.
  • Improved Email OTP Step: The specific phone number or email address can be displayed in the UI, masked if desired.
  • Airlock 2FA device enrollment: A mobile device can be enrolled during the registration flow.
  • Support for multiple transaction approval flows
  • Additional provider for SMS sending: Support for Swisscom SMS Large Account REST Gateway

As always, a full list of changes can be found in the release notes.

Updating is easy

Airlock IAM 7.7 is published on Docker Hub and the Airlock Techzone since early October 2022. Updating to this minor version does not require any manual adjustments: Your existing configuration can be activated without any problems.

Airlock IAM 7.7 is expected to be supported until 06/2024. If you are still running IAM 7.5 or older, we recommend you update soon.

IAM 7.7 Release Webinar German

IAM Release Webinar English

Information for you

-Our whitepapers-

Executive View: KuppingerCole - Airlock Secure Access Hub for applications and APIs

This KuppingerCole Executive View report provides an architectural and functional overview of the Airlock Secure Access Hub, an integrated platform for secure access management - a multicloud-native security tool for web applications, APIs and beyond.

 

Fill out the form now and receive Executive View!

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge