Single sign-on and identity federation

Is there an easy way to integrate web applications with their own user masters into a web single sign-on infrastructure? Yes – Airlock Suite solves this problem too! Airlock allows employees to access in-company services, for example via the internet or from mobile devices. But that's not all: customers and partners can also enjoy unique access rights without a user account or password, or even via a Facebook account.

Here's how the technology works: with Airlock's flexible SSO solutions, user authentication is separated from identity propagation (see the illustration). The user authentication technology operates independently of the standards used to represent users to applications (identity propagation). This opens up a variety of potential access scenarios, and single sign-on is not merely limited to the internal IT infrastructure.

Airlock IAM supports the latest standards such as SAML 2.0, OAuth 2.0 and OpenID Connect, making genuine cross-domain single sign-on possible. The first step is to verify the user's identity and authorization. The methods used to do this vary depending on the user and point of entry. Internal users may already be known to the network because they have logged in at their workplace, so they can be authenticated implicitly with a Kerberos ticket. For access by external employees, an OTP token is often used in addition to the password, while business partners can identify themselves with an SAML assertion. The separation of authentication and identity propagation opens up the way to various combinations of user types, points of entry and target services (in cross-domain scenarios as well). Popular Cloud applications such as Salesforce, Office 365 or Google Docs can be integrated seamlessly into your company's own SSO architecture thanks to standards such as SAML 2.0 or OpenID Connect.

The Airlock Application Portal is a flexible and easy to maintain portal application. Its purpose is to present all applications available to users through the Airlock WAF Web Application Firewall. The Application Portal can be configured to display only applications for which the authenticated user has access rights.


  • Single sign-on
  • Cross-domain SSO and identity federation
  • Cloud SSO (e.g., Salesforce, Office365, Google Docs)
Airlock Web Application Portal