You are here

Airlock IAM 6.1 Overview

Affects product: 
Airlock IAM

Airlock IAM 6.1 brings plenty of new features improving security, user experience, and flexibility for integrating access management functionality in custom applications. In the following, we briefly introduce the most important new features.

Stealth Authentication Mode

Airlock IAM now supports what we call the "stealth authentication mode". In stealth mode, no information is given to the user - or a potential attacker - about what went wrong in a failed authentication attempt. For instance, in a two-factor login scenario, an attacker having only partial credentials does not learn whether the first or second credential (e.g., a password) was correctly guessed. Also, it is not possible to learn whether a given user account is valid or exists at all.

Enabling stealth mode enhances security by preventing user enumeration and DoS attacks based on user account locking. Stealth authentication works with most existing authenticators. Please refer to the documentation for further information.

Stealth authentication

CrontoSign for Vasco Digipass Apps and Devices

CrontoSign, the innovative login solution using 2D barcodes, was integrated into Vasco's official authentication library. Airlock IAM's support for CrontoSign is now extended to Vasco Digipass apps and devices.

CrontoSign

Comprehensive RESTful API

More and more, we see Airlock IAM's central access management functionality being integrated into portals or customer applications. These applications provide the interface towards the user and consume Airlock IAM services behind the scenes. To better support these use cases, Airlock IAM 6.1 comes with a new comprehensive RESTful API, including

- User management services (for searching, editing or locking users)
- Password management services (check status, change, reset passwords)
- Token management services (assign tokens to users, token-specific services such as sending and verifying SMS challenges, etc.). Currently, the focus lies on MTAN tokens.
- Secret Questions Services (query questions, verify answers, etc.)

Functionality of the REST API will be extended continually in future releases.

REST API

 

Secret Questions for Password Reset

Password reset processes are delicate. Of course, one must properly authenticate users triggering a password reset. However, the reason for a password reset is typically the loss of the password credential that would allow proper authentication. Airlock IAM has already supported password reset via email or SMS challenges. Release 6.1 adds another option for securing password reset: the definition of personal secret questions presented to the user.

Airlock Login 6.1

Together with Airlock IAM 6.1, a new version of Airlock Login is released. Airlock Login is the suite's solution for simple upstream authentication and SSO and can be deployed on an Airlock WAF installation.

Integration of Airlock Login on Airlock WAF has been improved by supporting combined license files in the WAF configuration center and providing Single Sign-on between the WAF configuration center and the administration application of Airlock Login.

Airlock Login

Revised User Search

The user search in the Adminapp has at the same time been simplified and become more flexible. The basic search now uses a single search field. Additional search filters can be configured and allow more complex queries. For instance, it is possible to list only blocked users or users that have not logged in for a certain time.

Knowledge Base Categories: