What is Identity Orchestration?

Identity orchestration, or just "orchestration," is a way for organizations to quickly build frictionless and secure user journeys. Each time you log into a website, it begins a complex series of activities as the identity and access management (IAM) system assesses whether to grant you access and to which resources. It determines whether your login credentials are correct and whether you are using a known device. It looks for any anomalies, such as an unusual location or multiple login attempts. The variables are practically endless and each one may send you on a different "journey" towards the information you seek.

Determining these journeys is the job of identity orchestration. The website administrator uses building blocks, based on IT and security policy, that orchestrate your experience. If you are logging in at the usual time and location using a known device, you may sail through with passwordless authentication, but if you're using a new device or connecting from the airport Wi-Fi, you may be asked for further proof that you are who you say you are — this is known as "step-up" authentication. If, on the other hand, the login attempt is coming from a suspicious IP address or location (Russia? China?) or appears to be a bot, the attempt will be blocked or sent for analysis and remediation. Any of these actions would be based on how the administrator orchestrated the system's response to various scenarios.

Attend our webinar to learn how well orchestrated experiences can drive revenue

Why has identity orchestration become business-critical?

In the digital enterprise — particularly those that connect directly to customers, constituents, patients, students, and other consumers — user experience cannot be sacrificed in the name of security, nor can security be compromised to create smoother login experiences. Security and experience are two sides of the same coin, and the way to ensure both is through identity orchestration.

User experience

Creating simple, personalized digital experiences is the key to acquiring and onboarding customers faster and building the loyalty that keeps them coming back. The customer identity and access management (CIAM) market has grown dramatically to help enterprises meet the unique needs of consumers.

While CIAM was once largely devoted to marketing, it has become a critical enabler of consumer-facing organizations that must meet increasing expectations for smooth and secure user journeys, as well as personalization. It's been shown that customer experience has become a top brand differentiator, outweighing almost every other factor, including price and product quality.

Frictionless login experiences are equally important for the workforce. If unable to access the servers or files needed to do their jobs, employees become frustrated and productivity suffers. Furthermore, accessibility problems lead to costly helpdesk calls. Modern IAM allows organizations to provide secure and frictionless experiences for the workforce using convenient services, such as single sign-on (SSO), push authentication, and passwordless. This ability is crucial for maintaining productivity now that the remote and hybrid workforce has gone from an exception to business as usual.


Threat protection and fraud prevention are at the top of every organization's priority list, and the most common types of attacks can be stopped by a modern IAM or CIAM solution. According to the 2022 ForgeRock Consumer Identity Breach Report, unauthorized access was the leading cause of breaches for the fourth consecutive year — and unauthorized access is directly related to failures of identity and access management (IAM).

Traditional IAM technologies and outdated practices, both in your organization and at the third-party suppliers with which you do business, open the door for malicious actors using already stolen credentials to scrape even more sensitive data and carry out fraud, such as account takeover (ATO) attacks. Adopting a multi-layered security approach to IAM, powered by artificial intelligence (AI), is more important than ever to protect your customers and your organization from attacks that can result in damaging and costly breaches.

A common challenge for security teams has been protecting against unauthorized access and fraudulent activity — without blocking legitimate users. Again, solving such challenges is the function of modern identity orchestration.

With an orchestration engine powered by AI, your IAM or CIAM platform can monitor login requests in real time. You can automatically direct the secure user journey flow based on the level of risk, granting seamless access for trusted users while prompting step-up authentication for suspicious or unknown users. The system's AI signals rapidly detect anomalies, credential stuffing, bots, suspicious IPs, impossible travel, and more.

How no-code identity orchestration works

In the past, user journeys had to be hard-coded by developers, which was an expensive process that would often take months to get even a few user journeys in place. When the business or security landscape changed, developers would need to be called back in to re-code those journeys.

Modern orchestration involves no coding. This means non-technical IT and identity administrators can design secure user journeys by using a visual editor and simply selecting different nodes and flows based on what they want the journey to be like, depending on various scenarios. These nodes may consist of user attributes, authentication methods, anti-fraud signals, registration events, step-up authentication, services, and much more. Once the nodes have been implemented, journeys can be evaluated, A/B tested, and adjustments can be made on the fly simply by moving the nodes around.

ForgeRock offers the industry's largest library of pre-built (no-code) user journey nodes to provide seamless experiences for legitimate users while preventing fraud and account takeover attacks. You can customize pre-built journeys to fit your business needs or build them from scratch choosing from hundreds of out-of-the-box use cases.

Learn more about identity orchestration and read how it works.

Learn about ForgeRock Intelligent Access, our industry-leading identity orchestration engine.


ForgeRock Recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Access Management


What are the Critical Capabilities of Access Management in 2023?

White Paper

​​An Introduction to ForgeRock Intelligent Access




Intelligent Access Journeys


Introduction to Identity Orchestration


ForgeRock Identity Orchestration Capabilities

Related Products & Solutions

ForgeRock Intelligent Access

Personalize and secure your user journeys with no-code orchestration

Customer Identity and Access Management (CIAM)

Give customers experiences they'll love with the security they need.

Workforce Identity and Access Management

Finally, a unified IAM and governance platform purpose-built for enterprise scale.