Our Identity Orchestration Journey

ForgeRock explains its evolution in identity orchestration

A 13-year quest to save our customers money and improve their security.

"Most people overestimate what they can achieve in a year and underestimate what they can achieve in ten years." This quote, often attributed to Bill Gates, came to mind as I looked back on the last 13 years at ForgeRock. It continues to amaze me how our customer focus first led us to redefine the IAM space, and then to introduce many innovations that have since become universally acknowledged as critical capabilities.

For ForgeRock's birthday, I wanted to take a trip down memory lane with a focus on a specific area that is near and dear to my heart: our identity orchestration journey (or is it our Journeys journey?).

It all started when some of our earliest customers wanted to provide different login experiences for different types of users. We took inspiration from the Linux Pluggable Authentication Modules (PAMs) and introduced the ability to add Java code to the login flow. We called this capability Chains, and our customers loved it because it allowed them to change login behavior as they desired. However, it required a lot of custom Java coding.

To reduce the customer development time and make orchestration more flexible, we took it to a whole new level with a drag-and-drop designer UI and the ability to branch out in multiple directions based on different conditions. Our engineers called this orchestration engine Trees (branching…Trees, get it?). Even though we named the product Intelligent Authentication and built in many capabilities around context and device data collection, dynamic decisioning, and continuous authentication, many customers still call it Trees. We also started shipping a number of pre-built actions called Nodes that make it easy for customers to build orchestration journeys for different needs without coding.

But ForgeRock customers didn't stop there. They decided to use our orchestration engine to not only integrate with their home-grown systems but also with third-party vendors for multi-factor authentication (MFA), user and entity behavior analytics (UEBA), and identity verification, just to name a few. When we found out that many customers were repeatedly building the same set of integrations, we decided to save them some time and money by delivering integration capabilities to everyone. That's how our Trust Network started more than five years ago. Back then, the notion of having a Marketplace was still new in the IAM space. We did it anyway and today we have the largest ecosystem of integration partners with 200+ integrations available from the ForgeRock Marketplace. This is the reason a leading bank threw away their homegrown orchestration and decided to start leveraging ForgeRock Orchestration.

Our Orchestration Journey

When the IAM market evolved and customers started asking for a single platform to provide full identity fabric capabilities along with governance, we delivered ForgeRock Intelligent Access. Intelligent Access extended our orchestration engine to simplify user self-service capabilities, such as registration, forgotten password, password reset, and so on. [Have you ever created an account on a site, and it immediately turns around and asks you to enter the just-created login and password again? That's because the site's identity management system that created the account and the access management system that secures the access are not talking to each other properly. I don't like that experience at all. With an integrated platform like ForgeRock, your users don't have to experience that friction.]

A couple of years after we launched our cloud service, our customers asked us to add a UEBA engine to it. Since we accumulate many signals as part of the cloud service during authentication, the addition of UEBA made a lot of sense, so we launched our Autonomous Access service. Even there we made it easy to consume the capabilities delivered by a powerful AI engine with easy-to-use nodes that can be integrated into any orchestration journey with a simple drag-and-drop UI.

Over the years, we have also added many orchestration capabilities based on customer feedback — along with our own security and product best practices — resulting in multiple patents in this area. What I love most about these investments is the sheer number of nodes we now ship with our service, the volume of pre-built journeys that incorporate security and usability best practices, and our improvements to the architecture that have helped many customers save countless hours of development and integration time. We hear from new customers again and again that they chose ForgeRock because of our strong orchestration capabilities. 

But we are not stopping there. Our vision is an orchestration engine that drives all the users' IAM journeys, whether for authentication or for access request approvals and beyond. We're building a future where every action within an IAM platform, from configuration management to application onboarding, will be driven by orchestration. By sticking to our founding principles, built on a persistent focus on our customers' needs, we'll continue to innovate on their behalf. 

Want to learn how our years of investment and expertise can help you save money and improve security?  Read about the latest ForgeRock Orchestration capabilities here.