Access Management
The Lord of the Things

Our approach to access management? One system to rule them all: users, devices, things, applications, and services. No orcs required. By one system, we mean one thing to download and deploy, complete with comprehensive access management capabilities. The typical legacy troll offers a grab bag of disparate products to integrate, keeping you in the dark.

Download Access Management White paper

ForgeRock Access Management, built from the OpenAM open source project, bridges the gap.You deploy once, use what you want, and incrementally extend your capability as needed – without jumping through procurement and deployment hoops every time. There really is light at the end of the tunnel.

How to Buy

Get our platform

Free Trial

Try access management

Advanced Authentication

Flexible Authentication for Modern and Legacy Systems

Today’s competitive business environment demands flexible options that offer more protection. With ForgeRock, organizations can authenticate to any digital resource including users, devices, applications, APIs, and things. With over 25 out-of-the box authentication modules, you can be flexible. Agents, standards, and proxies all work to empower you in multiple ways.

  • Choose from endless authentication possibilities with over 25 out-of-the-box authentication modules to fit the needs of your business including device fingerprinting, one-time password, and adaptive risk authentication.
  • Extend authentication to anything in a simple manner with scripted authentication modules.
  • Implement strong multi-factor authentication by chaining modules together.

More on advanced authentication


Control Who Can Do What, to Which Resources, Under Certain Conditions at All Times

Consumers and business users want simple, seamless, and secure access to resources but they don’t want to be burdened with complex security requirements. Additionally, you now have to worry about secure access to smart connected things like doors, switches, lights, and cars.

With the ForgeRock Identity Platform, it’s possible to establish simple and flexible access policies that protect your resources at all times. Ensure authenticity that secures data post-authentication with contextual coarse and fine-grained authorization.

  • Flexible coarse and fine-grained authorization
  • Contextual authorization
  • Continuous authorization
  • Universal authorization beyond URLs
  • High performance policy engine and editor

More on authorization


Extend Your Reach to Broader Populations

Customers, employees, and partners increasingly need to access shared services, regardless of where those services reside. With the ForgeRock Identity Platform, you can quickly extend access beyond organizational boundaries in a repeatable and scalable way. Securely share identity information across heterogeneous systems or domain boundaries using standard identity protocols. Users can access services that span the cloud and mobile devices, on-premises and off, eliminating the need for multiple passwords, user profiles, and the added complexity that frustrates users and slows adoption.

  • Leverage standards to deliver seamless federation across and beyond organizations.
  • Supports OpenID Connect which makes it easier and faster to build solutions requiring additional identity information.
  • Incorporate SAML2 federation into authentication chains, enabling the use of federated identities in stronger multi-factor authentication scenarios.

Single Sign-On (SSO)

Because Users Should Only Have to Log in Once

Your users demand fast, secure, and seamless access to your services without having to remember multiple usernames and passwords. Your organization may have multiple brands under different domains, subdomains or applications and users want to login seamlessly via mobile, with a single username and password. With the ForgeRock Identity Platform, you can enable users to log in once and have access to all systems regardless of which application they logged into first.

  • Provides a variety of flexible options for single sign-on (SSO), whether the requirement is to enable cross-domain SSO for a single organization, or SSO across multiple organizations.
  • Enables a seamless heterogeneous OS and Web application SSO environment with Windows Desktop SSO support.
  • Supports multiple options for enforcing policy and protecting resources, including policy agents that reside on web or application servers.
  • Uses built-in Security Token Service (STS) as a multi-protocol hub, translating for providers who rely on other and older standards.

Adaptive risk

Trust but Verify

Security threats are constantly evolving and users are always on the go with multiple devices. You need an identity solution that is dynamic, not static, and that can respond with advanced, proactive protections for users and sensitive data.

ForgeRock continuously assesses the authenticity of users, devices, and things. Through our own adaptive risk engine, you can combine contextual information to evaluate the risk of users attempting access. If the user is deemed suspicious, you can require a higher level of authentication or identity-proofing such as a one-time password. You’ll get peace of mind knowing you can challenge the user’s identity to guarantee authenticity. This is especially important when a user logs in from a mobile, new, or unrecognized device.

  • Assess risk, requiring stronger authentication mechanisms only when necessary to simplify user experiences while maintaining the security of the system.
  • Enable administrators to integrate and dynamically call third party services including FireEye Threat Analytics Platform, LexisNexis, Experian, Equifax, and Guardian Analytics, for identity profiling.
  • Ensure greater knowledge about who the user is and what their context is by evaluating each attempted login in real-time and generating a risk score based on parameters including user location, time zone, device, IP address, time of day, and account idle time.

Mobile Authentication

Step Up Security That’s Easy to Use

Let’s face it: passwords are too easy to hack. Organizations need an extra layer of protection that doesn’t compromise the user experience by making it time-consuming and complex. With ForgeRock, you can offer security that’s easy to use.

  • Use Push Authentication feature to enable passwordless logins or frictionless additional security using mobile phones.
  • Leverage one-time-passwords for additional security.
  • Get out-of-the box mobile authentication apps for iOS and Android, or customize your own.
  • Integrate with our Adaptive Risk engine.

Mobile Push

ForgeRock’s push authentication technology enables passwordless login for frictionless customer experiences and increased security.

More on mobile authentication

Social Sign-On

Reduce Customer Friction in Minutes

Enabling social sign-on to your applications and services isn’t anything new but with the ForgeRock Identity Platform, you can do it in under a minute! Administrators and developers no longer have to rely on time-intensive custom coding and testing.

This will enable you to reduce user friction and accelerate the adoption of digital technologies by providing a seamless user experience with social sign-on capabilities across new applications, devices, and things in a matter of minutes.

  • Simplify the process of accessing protected resources for new users and attract them by removing the need to complete lengthy registration forms.
  • Integrate with any IDP and social IDP’s such as Google, Facebook and LinkedIn in minutes using a wizard-based configuration tool.
  • Onboard users in a safe and secure manner via one-click registration across a range of platforms using open standards such as OpenID Connect and OAuth2.

Social Authentication Demo


Accelerate Customer and Employee Engagement

More and more users demand instant access to your services and you can’t keep up with the pace of your business. You’re running against the clock but onboarding these users often requires extensive customization and coding that is time intensive. You need a solution that can automate and simplify these common, yet complex functions for millions of users. With ForgeRock, you can reduce the time and effort required to manage users with self-service. This enables administrators to onboard and maintain user accounts with zero input and very little customization required.

  • Self-service capabilities for self-registration and password resets are readily configurable in a matter of seconds.
  • Service is automatic, immediate, and exposed over REST, enabling custom or mobile front-ends to utilize it.
  • Zero administration cycles are needed to onboard and maintain user accounts.
  • Users are empowered to work to their own schedule because they can instantly access critical services.

For more self-service capabilities, check out our identity management advanced self-service page.

Session Management

Five 9’s Availability that Scales

It’s crucial that your customers can quickly log on and seamlessly use your services at any given time, regardless of what device they are using. From traditional user sessions to more complex access requirements due to the expansion of the Internet of Things (IoT), organizations need flexible solutions that support business critical systems and that can scale to manage hundreds of millions of identities. The ForgeRock Identity Platform can do both with a stateless and stateful session architecture that also enables “five 9’s” availability for large-scale and mission critical deployments.

  • Stateful Sessions – Enable complex, multi-site failover environments to be always available to end-users with very high uptime.
  • Stateless Sessions – With the advent of IoT, scaling identity systems is going to become more and more challenging. Stateless architecture is optimal for elastic cloud-based and massive scale deployments and can scale into the hundreds of millions and even billions of identities.

Stateless OAuth2 Token Support

Reduce the complexity of securing hundreds or thousands of microservices and API endpoints using industry standards like OAuth2.

The ForgeRock Identity Platform

Typical identity products don’t play well with others. These legacy systems are made up of piece parts acquired and duct taped together, with limited functionality and scalability. They were built for thousands of employees, not the millions of identities coming online.

We built the ForgeRock Identity Platform from the ground up, designed from the outset as a unified model to integrate with any of your digital services. We offer end-to-end capability designed to scale into the billions and support you not just now, but years into the future. You get the feeling it was all built to work together, because it was.

How to Buy

Get our platform

Free Trial

Try access management