Report: Simplifying a Business Identity Crisis

ESG Lab Validates the ForgeRock Identity Platform’s Ability to Help Drive Business Value and Strengthen Customer Relationships

Businesses today want more from identity and access management (IAM) services besides traditional, internal employee use cases.

In fact, “In today’s interconnected, interdependent environments, an IAM solution must serve employees, customers, partners and devices, regardless of their location, with awareness of the relationships between all,” according to Tony Palmer, senior analyst for Enterprise Strategy Group’s ESG Lab. “As times have shifted to multi-device-owning, always-connected mobile users, the limitations and potential for vendor lock-in of legacy IAM solutions has become increasingly apparent.”

In a recent report, ESG Lab, the well-known IT analyst and business strategy firm, validates the ability of the ForgeRock Identity Platform™ to bridge identity to cloud and mobile applications—with a focus on ease and speed of deployment.

ESG Lab performed hands-on evaluation and testing of the ForgeRock Identity Platform (OpenAM, OpenDJ, OpenIDM, OpenIG) with a goal of highlighting how its solution differentiates from traditional identity and access management solutions. It examined whether a single, open-source, all-in-one security platform like ForgeRock’s can serve as the ultimate solution.

Key findings of the report include:

  • The shift from internal, on-premises IAM to identity relationship management (IRM) - The ForgeRock Identity Platform was found to address the shift from traditional IAM to IRM — with a goal of providing public-facing, secure and accessible identity as a business enabler.
  • Ease of deployment - ESG Lab validated the features of the ForgeRock software platform, including OpenAM and OpenIDM’s ease of deployment and configuration, in an Amazon EC2 hosted environment.
  • Scalability and resiliency - ESG Lab confirmed that the ForgeRock Identity Platform can be deployed to achieve hardware redundancy. Eliminating single points of failure enables businesses to better meet customers’ expectations.
  • Usability and manageability - Using a sample project file, ESG Lab was easily able to bi-directionally synchronize users – making a common use-case simple to execute and manage.
  • Simple self-service and strong authentication and authorization - ESG Lab was able to configure self-registration in seconds and third-party social authentication in minutes. In all, it took less than 10 minutes of console time to configure user self-service, password recovery and third-party authentication.

ESG’s third-party research validates how ForgeRock uses identity to break down organizational silos and create a single, company-wide view of the customer or end user. Our model is intended to eliminate the cost of acquiring legacy products, while enabling developers to adapt the solution to fit the needs of their business – and ultimately reduce deployment time and costs.

The complete ESG Lab Report, including details on the fully configured test bed (which was created in the Amazon EC2 cloud), is available at

To download the ForgeRock solutions, visit!/.


Worth a special mention, we recently simplified our product and community open source project logos. Be assured, nothing else has changed, same open source license and same open source projects, we value our customer and community support.


ESG Lab Report Methodology

ESG Lab performed hands-on evaluation and testing of ForgeRock’s Identity Relationship Management platform with a goal of highlighting how its solution differs from traditional IAM solutions. Key areas of focus included ease of deployment, usability, manageability and high availability, with an overarching theme of how ForgeRock enables organizations to leverage a single platform that enables identities everywhere and on everything.

Testing in the ESG Lab was completed using both OpenAM 11 and OpenAM 12. OpenAM 12 expands on the feature set of OpenAM 11 with added functionality, including self-service user management, social authentication, integration with OpenID Connect Mobile Profile, fine-grained authorization, a REST-based security token service and streamlined token handling.