Airlock IAM 8.2

Highlights and important changes

Cloud-Native Operating Environments and Active-Active Setups

With IAM 8.2 we have taken another important step towards horizontal scaling and operating in a cloud environment: The externalisation of session state in a Redis cluster has been extended to the areas of SAML, transaction approval, and other important IAM features. In addition, the session state can be encrypted and thus protected against malicious attacks.

Airlock 2FA Online and Usernameless QR Code Login

The new online QR code login provides an ideal login experience while providing optimal security. It can be used as a second factor but it is ideal for passwordless authentication schemes. Online QR code is also available as an approval step to eliminate fraud in transactions and critical IAM self-services.

The new usernameless QR code login feature goes one step further: it eliminates both username and password from the login process and thus provides one of the most frictionless login experiences for web applications.

Further improvements in Airlock 2FA include payload encryption, improved log correlation, and supporting the bypass mode.

OpenID Connect

OpenID Connect Hybrid Flow

OIDC Hybrid Flow is an extension in the OpenID Connect specification that optimizes support for mobile apps and clients deployed as SPA (single-page application) directly in the browser. Airlock IAM has added support for the Open ID Connect Hybrid Flow to allow such clients to integrate with Airlock IAM.

Persistent OIDC Consents

During initial authentication with an OIDC provider, users must consent to the access permissions requested, such as profile information or email address. By supporting persistent OIDC consents, Airlock IAM now remembers the user's consent choices so they don't have to consent repeatedly for the same permissions.

UI Resource Set

In a scenario where a single AIrlock IAM provides services for multiple customers, managing the assets of these different customers becomes important. With UI Resource Sets, the assets are packaged separately for each customer. This optimizes client downloads since only the required assets are transferred and it protects the customer's privacy as no information about other customers is included with the assets. 

Metrics (Prometheus, OpenMetrics)

In this release of Airlock IAM, we have included JVM metrics to allow for real-time observation of all modules of Airlock IAM.

The metrics are independent of health endpoints (needed for orchestrating containers) and of reporting logs (documentation and non-repudiation of events that occurred in the past). 

Scriptable Flow Step

The goal of the scriptable flow step is to quickly and easily extend the functionality of Airlock IAM. A script written in Lua takes input from the IAM, processes that input and returns output to the IAM. It is possible to extend the capabilities of Lua with libraries from the Luarocks repository and add functionality like executing REST calls and more.

The scriptable flow step is an incubating feature and we are looking forward to your feedback on what you expect us to add or change in future releases of IAM.

Various Features

  • End-to-end encryption (E2EE) of passwords now also supports cryptographic material stored in the AWS Key Management Service (AWS KMS).
  • In combination with Microgateway 4.1, IAM can now enforce the IAM OpenAPI specifications. Further, IAM can now process client certificates from the XFCC header.
  • With OIDC prompt=none we now support use-case scenarios where multiple independent clients use the same AS. The user experience is optimized since an authenticated user does not need to interact with the AS.
  • The Loginapp Design Kit (formerly "Login UI SDK") is now also available for the Windows operating system.

Minor Release

Airlock IAM 8.2 is available on Docker Hub and Airlock Techzone. Updating to this minor release does not require any manual adjustments, which means existing configurations can be migrated and activated straight away.

Airlock IAM 8.1 is supported until 06/2025. If you are still using IAM 7.7 or older, we recommend that you plan to upgrade to IAM 8.2 as soon as possible. Note that with the migration from 7.x to 8.x, the old JSP login app must be replaced.

Release video English: 

Release-video German: 

Information for you

-Our whitepapers-

Executive View: KuppingerCole - Airlock Secure Access Hub for applications and APIs

This KuppingerCole Executive View report provides an architectural and functional overview of the Airlock Secure Access Hub, an integrated platform for secure access management - a multicloud-native security tool for web applications, APIs and beyond.

 

Fill out the form now and receive Executive View!

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge