The ForgeRock Identity Platform - What’s New?
Today we are introducing our latest version of the ForgeRock Identity Platform, designed to be a unified solution that supports and enhances any of your digital services and digital transformation initiatives. It offers end-to-end identity and access management capabilities, which scale into the billions of identities, and support you not just now, but for years into the future.
In particular, the new release includes features that help address the complex challenges of data privacy and protection as well as emerging security challenges of the IoT. As more digital services and the Internet of Things (IoT) devices come online, there is a greater need for a higher level of dynamic security and that is responsive to changing circumstances and proactively protects uses, devices and sensitive data.
The platform is built from open source projects, namely from OpenIDM, OpenAM, OpenIG, OpenDJ, and OpenUMA.
There are numerous improvements and new capabilities in the ForgeRock Identity Platform, we’d like to highlight some of them here.
What’s New in Common Services
In this release of the ForgeRock Identity Platform, we are introducing some new Common Services and enhanced some existing ones. Having shared or common services across all components of a platform does not only benefit how we develop product, but especially how you extend functionality and deploy the platform. These include:
- Common REST Framework:
The ForgeRock Identity Platform delivers one common REST API framework across the entire platform to provide a single, common method to invoke any of our identity services. Most importantly, it makes it simple to connect our platform to any digital thing, from mobile devices and cars to set-top boxes and machines. The number of exposed APIs has been increased, and there now is API versioning.
- Common UI (User Interface):
For commonly used user interfaces, such as end user pages, administrative console, user self-registration, and password reset pages, the same framework is used for easy familiarity, and for a modern, simplified way to customize pages.
- Common Scripting:
- Common Self-Service:
This lets you easily implement and customize your processes and user interfaces for easy-to-use user self-services. You can plug in elements (reCaptcha, email, KBA out of the box), you can include workflows for approvals for example, and you can easily customize the user interface (Bootstrap-based). Four standard functions are supported: registration, password reset, forgotten user name, and profile management.
- Common Audit:
Tracing and auditing any identity, authentication, or authorization transactions has always been crucial. Now, with the new common audit framework, extract and aggregate log data across the entire platform with an unique ID so that it can be tracked holistically rather than product by product. Open and extensible, you can leverage audit logging and reporting capabilities for integration with third-party systems including SIEM, email service providers, CRM systems, and marketing automation systems.
What’s New in Identity Management?
ForgeRock’s Identity Management solution, built from the OpenIDM project, allows you to manage the complete identity lifecycle of users, devices, and things. From identity to device registration, provisioning, synchronization, reconciliation, and more, your users and customers can move between devices. New capabilities include:
- 360 Degree View of Identity:
Identity Management now is the single place to go, and view all collected identity data. It provides a 360 degree view of customers (or employees, or devices, or whatever), as it collects data from various sources, such as databases, HR systems, files, Active Directory, SaaS applications, IDPs, etc.
ForgeRock Identity Management leverages the common user self-service framework described earlier.
- Password Management:
Fine control password management is now implemented to ensure consistency across all applications and data stores, such as Active Directory and HR systems. It lets you enforce access rights with password policies and rules that can specify strength, aging, reuse, and attribute validation.
- Developer and Dev-Ops Friendly:
With a modular and pluggable architecture, you can choose to use only what you need. More than 35 preconfigured examples are included for different use cases and deployment scenarios. Administrators can choose to manage it over REST, with files, or through the Admin GUI.
What’s New in Access Management?
ForgeRock Access Management, built from the OpenAM project, let’s you use one solution to cover all your flexible and secure access needs: for users, devices, things, applications, and services. New capabilities include:
- Continuous Security:
You can now extend your contextual and strong authentication needs with the ForgeRock mobile authenticator app, and the corresponding new authentication module. The app is available on both iOS and the Android, and can be easily set up by the end user by just scanning a QR code.
Watch a short demo of this:
- You now can bring federated identities into your contextual authentication framework with the new SAML authentication module. Furthermore, you now can build context-based intelligence into authorization policies to protect resources at the time of access, not just based on context during authentication. This is to ensure authenticity of users, devices, things, and services at all times with contextual and continuous authorization that can mitigate risk whenever an anomaly is detected, even during existing sessions. In addition, with new universal authorization, you can define your own resource types (such as door locks and light bulbs) with custom actions, enabling you to build solution-specific policies.
- Privacy and Consent:
The ForgeRock Access Management solution now can act as a fully compliant UMA (User-Managed Access) Authorization Server. With its centralized federation authorization architecture, it enables consumers and employees to selectively and securely delegate fine-grained access to their data from cloud, mobile, and IoT sources.
Watch a short demo of this:
- Internet of Things:
The now supported OAuth2 Device Flow is a de-facto standard for pairing devices with user identities, used by many manufacturers and service providers, and is ideal for devices with no input and limited output capabilities.
Watch a short demo of this:
- Scalability and Performance:
From traditional user sessions to more complex access requirements due to the expansion of the Internet of Things (IoT), organizations need flexible solutions that support business critical systems and that can scale to manage hundreds of millions of identities. The ForgeRock Identity Platform can do both with a stateless and stateful session architecture that also enables “five 9’s” availability for large-scale and mission critical deployments. The new stateless architecture is optimal for elastic cloud-based and massive scale deployments and can scale into the hundreds of millions and even billions of identities.
ForgeRock Access Management leverages the common user self-service framework described earlier.
- Ease of Use:
Powerful improvements have been made to the administration console, which now allows for easier configuration using the new XUI framework, provides realm-centric administration, and you can use common task wizards for things like configuring OAuth2 Providers.
Even more REST endpoints are now provided to extend developer flexibility, more scriptable extension points are available for easy customization, and a new SOAP-STS (Secure Token Service) is provided for integration with older generation systems.
What’s New in Identity Gateway?
ForgeRock Identity Gateway, built from the OpenIG project, provides a flexible policy enforcement point to support your current environment while migrating towards a modern, standards-based platform, letting you connect digital assets across your ecosystem, with minimal-to-no changes.
- Privacy and Consent:
The ForgeRock Identity Gateway can now act as an UMA (User-Managed Access) Resource Server, which provides an enforcement point over any number of services or APIs. We call this UMA Protector.
- Throttling and Monitoring:
Access to protected resources can now be throttled, whether globally or per protected API or application. This delivers improved security by ensuring that no one is able to use more resources than they are allocated. Monitoring of access activity, as well as throughput and response time statistics has been improved.
- Other Improvements:
Scalability and performance have been increased, Identity Gateway is now easier to configure, and the password replay functionality has been simplified. Auditing has been improved by leveraging the ForgeRock Identity Platform-wide new audit framework.
What’s New in Directory Services?
ForgeRock Directory Services, built from the OpenDJ project, is rethinking how data is stored with massive data scale and high availability, providing developers with ultra-lightweight ways to access customer identity data, in order to personalize services and transform how customers engage with the world. It was designed to provide and manage digital identities across platforms. New capabilities include:
- Database Backend:
We’ve added a new database backend to Directory Services, which provides better disk efficiency, better performances, and was tuned for OAuth2 and OpenID Connect services.
Improvements in replication include a new ChangeLog that uses less disk space and now implements a smarter cleanup. This ensures data availability with highly robust replication that helps to provide consistent, reliable access to identity data at all times.
These are just some of the highlights.
In summary, the latest release of the ForgeRock Identity Platform includes new features that aid organizations in addressing the growing demand for control over data. The platform also provides improved security measures that give organizations a more convenient and reliable way to address the security challenges of our connected world.