This article provides a high-level overview to Airlock as a Service. It describes the setup of the Airlock as a Service solution, shortly introduces the concept of roles and permissions, and gives an overview of the Airlock as a Service components.
Overview
Airlock as a Service is a cloud service that provides Airlock IAM, an authentication and identity management solution for web applications. It lets you manage your Airlock IAM setup that protects your applications and the end users who access them. Airlock as a Service includes the Airlock Console for these management tasks. This documentation explains how to work with the Airlock Console.
At the core of the Airlock Console is the organization, which represents your company's organization. An organization is made up of one or more tenants. A tenant allows you to manage an IAM instance with your applications and the associated end-user data. Each IAM instance behaves according to the IAM configuration deployed to it. The IAM configuration is a set of files that defines the access and identity management settings for your applications.
The tenant managing the IAM instance with your active applications is called the production tenant. To try out new IAM configurations, you may have additional test and staging tenants.
Actors, roles and permissions
In Airlock as a Service, the users that interact with the Airlock Console are called actors. Actors hold certain roles with corresponding permissions. These permissions allow performing the tasks associated with the role. By assigning a role to a user, the corresponding permissions are granted.
Notice
Airlock as a Service differentiates between users and end-users:
• Users are your company's employees who work with the Airlock Console. They are the actors discussed here.
• End-users are the persons that access and use your application(s). The authentication and identity management settings defined in your IAM configuration apply to the end-users.
In the context of Airlock as a Service, currently the most important actor is the administrator. The administrator is responsible for the administration and operation of Airlock as a Service. An administrator with the role SaaS Administrator has access to the entire organization, all its tenants and all other administrators. Additionally, this person can manage generic secrets and key pairs used in the IAM configurations.
For a detailed overview of all SaaS actors, roles and permissions, see SaaS roles and permissions.
Components of Airlock as a Service
Airlock as a Service consists of the following components:
Airlock Console |
The user interface and all components that make up the SaaS service. |
Airlock Console Loginapp |
The Airlock Console Loginapp is the access point for all administrators working with the SaaS service; it is where they log in to the Airlock Console. |
Airlock Console Adminapp |
The Airlock Console Adminapp is where the administrators of the SaaS service can manage other administrators of the SaaS service. |
Tenant IAM |
A tenant IAM is the IAM instance to which this tenant is deployed. Each tenant has its own instance. |
Tenant Loginapp |
The tenant Loginapp is the access point for all end-users using your application(s); it is where the end-users log in to your application(s). |
Tenant Adminapp |
The tenant Adminapp is where administrators of your SaaS service can manage the end-users of your application(s). |