Airlock IAM 7.4

Airlock IAM 8.0

New features and highlights

Moving full throttle to the cloud

Our main goal for version 8.0 was to take a big step towards full cloud capability with Airlock IAM, including horizontal scalability and improvements for running in Kubernetes. 

We have also added support for PostgreSQL, a popular database in modern cloud environments. To better support multi-instance IAM deployments, the user trail log is now written to the database instead of traditional log files. To improve automation and support Infrastructure as Code, we have added config variables which can be initialized by scripts during the startup of an IAM instance. The underlying Apache webserver now logs to stdout to simplify the integration with cloud logging services. Last but not least we have given the Adminapp UI a brushup to make it more modern.

Zero Trust Segmentation with OAuth 2.0 Token Exchange

Complex web applications often consist of several servers with different tasks. For example, a frontend server may contact a backend server running in a different security zone on behalf of the user. If each zone has its own access tokens, the frontend server cannot simply forward the existing token. For this purpose, the OAuth 2.0 Token Exchange allows a valid token to be exchanged for a new token at the authorisation server. With this segmentation of the token domains, an attacker can be prevented from accessing other servers from a compromised system.

Improving the Adminapp

The Adminapp has been upgraded to the latest Angular release and a some notable features were added:
 

  • User Management Extension: Using this new Javascript API, additional tabs can be added to the user management UI. These tabs typically contain external data and functionalities a helpdesk might need.
     
  • The search performance in very large databases has been dramatically improved with a much more fine granular configuration of the search behavior. It is now possible to have the default search use entire word matching and take full advantage of specialized indexes. 
     
  • Validation speed: Our engineers have worked hard to speed up the validation and activation process, which is particularly welcome when working with large and complex configuration files.

Keeping your Users informed

Event notifications were extended with every release since IAM 7.5. This release also includes three new features:
 

  • Login from a new device
    If someone logs in from a previously unknown browser, the user can be notified about this. This SMS or email can contain the location or further browser information.
     
  • Device token change events
    Adding, modifying, and deleting device tokens will now also generate event notifications and an event subscriber can be configured to inform users about these events.
     
  • Send event notifications to remote server
    The last contribution is a new event subscriber that can send information about the configured event to a remote REST endpoint. 

Security Improvements

True to its DNA, the security of Airlock IAM was improved in these areas:
 

  • Tight WAF security rules
    The mapping templates for Airlock Gateway have been updated to better protect the REST API of Airlock IAM. This requires a configuration change in Airlock Gateway after upgrading Airlock IAM.
     
  • Hardened Content Security Policy
    With the push to the cloud, we see much more use case scenarios where also the Adminapp is exposed to remote users. To support such scenarios more securely the Adminapp CSP has been strengthened.
     
  • No misleading log4j warnings
    log4j was patched by Ergon immediately after the log4shell vulnerability was communicated. With IAM 8.0 we have upgraded our code to use the latest release of log4j to ensure that scanners no longer report false positives about this library.

 

Benefit from the new Loginapp

No matter how complex your business or security requirements - with the IAM Loginapp, you can realize user-friendly login flows quickly and securely: Numerous standard modules can be flexibly arranged and adapted to support complex authentication and authorization scenarios and a wide range of self-services, from a simple password reset to managing 2nd factor devices.

The Loginapp Design Kit is a UI simulator that allows designers and front-end developers to easily adapt the look and feel of Loginapp to the corporate identity. They and customize all screens directly on their local workstation, without access to an IAM system.

Major Release

IAM 8.0 was published on Docker Hub and the Airlock Techzone in early April 2023. This major release includes a number of significant changes. Some deprecated features have definitely been removed, including the JSP Loginapp. In preparation for upgrading to IAM 8.0, we recommend reading the release notes including the upgrade instructions. Airlock IAM 8.0 is expected to be supported until 12/2024. If you are still using IAM 7.6 or older, we recommend you upgrade as soon as possible.

 

At the Airlock IAM 8.0 webinar we presented all the main innovations in detail. You can watch the recordings here:

IAM 8.0 Release Webinar German

IAM 8.0 Release Webinar English

Information for you

-Our whitepapers-

Executive View: KuppingerCole - Airlock Secure Access Hub for applications and APIs

This KuppingerCole Executive View report provides an architectural and functional overview of the Airlock Secure Access Hub, an integrated platform for secure access management - a multicloud-native security tool for web applications, APIs and beyond.

 

Fill out the form now and receive Executive View!

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge