Access Management
The Lord of the Things

Our approach to access management? One system to rule them all: users, devices, things, applications, and services. No orcs required. By one system, we mean one thing to download and deploy, complete with comprehensive access management capabilities. The typical legacy troll offers a grab bag of disparate products to integrate, keeping you in the dark.

Download Access Management White paper

ForgeRock Access Management, built from the OpenAM project, bridges the gap.You deploy once, use what you want, and incrementally extend your capability as needed – without jumping through procurement and deployment hoops every time. There really is light at the end of the tunnel.

How to Buy

Get our platform

Free Trial

Try access management


Flexible Authentication for Modern and Legacy Systems

Today’s competitive business environment demands flexible options that offer more protection. With ForgeRock, organizations can authenticate to any digital resource including users, devices, applications, APIs, and things. With over 20 out-of-the box authentication modules, you can be flexible. Agents, standards, and proxies all work to empower you in multiple ways.

      • Choose from endless authentication possibilities with over 20 out-of-the-box authentication modules to fit the needs of your business including device fingerprinting, one-time password, and adaptive risk authentication.
      • Extend authentication to anything in a simple manner with scripted authentication modules.
      • Implement strong multi-factor authentication by chaining modules together.

More on authentication


Control Who Can Do What, to Which Resources, Under Certain Conditions at All Times

Consumers and business users want simple, seamless, and secure access to resources but they don’t want to be burdened with complex security requirements. Additionally, you now have to worry about secure access to smart connected things like doors, switches, lights, and cars.

With the ForgeRock Identity Platform, it’s possible to establish simple and flexible access policies that protect your resources at all times. Ensure authenticity that secures data post-authentication with contextual coarse and fine-grained authorization.

      • Flexible coarse and fine-grained authorization
      • Contextual authorization
      • Continuous authorization
      • Universal authorization beyond URLs
      • High performance policy engine and editor

More on authorization


Extend Your Reach to Broader Populations

Customers, employees, and partners increasingly need to access shared services, regardless of where those services reside. With the ForgeRock Identity Platform, you can quickly extend access beyond organizational boundaries in a repeatable and scalable way. Securely share identity information across heterogeneous systems or domain boundaries using standard identity protocols. Users can access services that span the cloud and mobile devices, on-premises and off, eliminating the need for multiple passwords, user profiles, and the added complexity that frustrates users and slows adoption.

        • Leverage standards to deliver seamless federation across and beyond organizations.
        • Supports OpenID Connect which makes it easier and faster to build solutions requiring additional identity information.
        • Incorporate SAML2 federation into authentication chains, enabling the use of federated identities in stronger multi-factor authentication scenarios.

Single Sign-On (SSO)

Because Users Should Only Have to Log in Once

Your users demand fast, secure, and seamless access to your services without having to remember multiple usernames and passwords. Your organization may have multiple brands under different domains, subdomains or applications and users want to login seamlessly via mobile, with a single username and password. With the ForgeRock Identity Platform, you can enable users to log in once and have access to all systems regardless of which application they logged into first.

        • Provides a variety of flexible options for single sign-on (SSO), whether the requirement is to enable cross-domain SSO for a single organization, or SSO across multiple organizations.
        • Enables a seamless heterogeneous OS and Web application SSO environment with Windows Desktop SSO support.
        • Supports multiple options for enforcing policy and protecting resources, including policy agents that reside on web or application servers.
        • Uses built-in Security Token Service (STS) as a multi-protocol hub, translating for providers who rely on other and older standards.

Adaptive risk

Trust but Verify

Security threats are constantly evolving and users are always on the go with multiple devices. You need an identity solution that is dynamic, not static, and that can respond with advanced, proactive protections for users and sensitive data.

ForgeRock continuously assesses the authenticity of users, devices, and things. Through our own adaptive risk engine, you can combine contextual information to evaluate the risk of users attempting access. If the user is deemed suspicious, you can require a higher level of authentication or identity-proofing such as a one-time password. You’ll get peace of mind knowing you can challenge the user’s identity to guarantee authenticity. This is especially important when a user logs in from a mobile, new, or unrecognized device.

        • Assess risk, requiring stronger authentication mechanisms only when necessary to simplify user experiences while maintaining the security of the system.
        • Enable administrators to integrate and dynamically call third party services including FireEye Threat Analytics Platform, LexisNexis, Experian, Equifax, and Guardian Analytics, for identity profiling.
        • Ensure greater knowledge about who the user is and what their context is by evaluating each attempted login in real-time and generating a risk score based on parameters including user location, time zone, device, IP address, time of day, and account idle time.

Strong Authentication

Additional Security That’s Easy to Use

Passwords aren’t enough anymore. Organizations need an extra layer of protection but also one that doesn’t compromise the end user experience by making it time-consuming and complex. You want to give your users an experience that offers additional security and is easy to use. With ForgeRock you can:

  • Evolve and simplify your security with our out-of-the box mobile authentication app, available both for iOS and Android.
  • Integrate with our Adaptive Risk engine.
  • Provide frictionless multi-factor and mobile authentication.

More on strong authentication

Social Sign-On

Reduce Customer Friction in Minutes

Enabling social sign-on to your applications and services isn’t anything new but with the ForgeRock Identity Platform, you can do it in under a minute! Administrators and developers no longer have to rely on time-intensive custom coding and testing.

This will enable you to reduce user friction and accelerate the adoption of digital technologies by providing a seamless user experience with social sign-on capabilities across new applications, devices, and things in a matter of minutes.

  • Simplify the process of accessing protected resources for new users and attract them by removing the need to complete lengthy registration forms.
  • Integrate with any IDP and social IDP’s such as Google, Facebook and LinkedIn in minutes using a wizard-based configuration tool.
  • Onboard users in a safe and secure manner via one-click registration across a range of platforms using open standards such as OpenID Connect and OAuth2.

Social Authentication Demo


Accelerate Customer and Employee Engagement

More and more users demand instant access to your services and you can’t keep up with the pace of your business. You’re running against the clock but onboarding these users often requires extensive customization and coding that is time intensive. You need a solution that can automate and simplify these common, yet complex functions for millions of users. With ForgeRock, you can reduce the time and effort required to manage users with self-service. This enables administrators to onboard and maintain user accounts with zero input and very little customization required.

        • Self-service capabilities for self-registration and password resets are readily configurable in a matter of seconds.
        • Service is automatic, immediate, and exposed over REST, enabling custom or mobile front-ends to utilize it.
        • Zero administration cycles are needed to onboard and maintain user accounts.
        • Users are empowered to work to their own schedule because they can instantly access critical services.

Session Management

Five 9’s Availability that Scales

It’s crucial that your customers can quickly log on and seamlessly use your services at any given time, regardless of what device they are using. From traditional user sessions to more complex access requirements due to the expansion of the Internet of Things (IoT), organizations need flexible solutions that support business critical systems and that can scale to manage hundreds of millions of identities. The ForgeRock Identity Platform can do both with a stateless and stateful session architecture that also enables “five 9’s” availability for large-scale and mission critical deployments.

  • Stateless Sessions – With the advent of IoT, scaling identity systems is going to become more and more challenging. Stateless architecture is optimal for elastic cloud-based and massive scale deployments and can scale into the hundreds of millions and even billions of identities.
  • Stateful Sessions – Enable complex, multi-site failover environments to be always available to end-users with very high uptime.

The ForgeRock Identity Platform

It’s alive! Typical legacy systems with piece parts stitched together, 20 different SKUs, products acquired from who knows where…. and somehow the “identity suite” you’ve been sold is supposed to work as a seamless, unified identity offering that can manage millions of identities for your users, devices, services, and connected things. You have a monster on your hands, with an identity crisis brewing.

Typical identity products don’t play well with others, and were designed with limited functionality and vision. The right hand doesn’t know what the left hand is doing, leaving you to pick up the pieces, put it together, and foot the bill. These “suites” can’t scale, and they were built for thousands of employees, not the millions of identities coming online.

ForgeRock is kicking Frankenstein out of the castle. We built the ForgeRock Identity Platform from the ground up, designed from the start as a unified model to integrate with any of your digital services. We offer end-to-end capability designed to scale into the billions and support you not just now, but years into the future - and that’s no marketing spin! You get the feeling it was all built to work together, because it was. Think Rosie, not Frankenstein.

How to Buy

Get our platform

Free Trial

Try access management