Identity Federation

With federation and the ForgeRock Identity Platform, you can quickly extend access to shared services beyond organizational boundaries repeatedly and scalably

Grow Business by Extending Access Beyond Organizational Boundaries

Federation allows you to securely share identity information across heterogeneous systems or domain boundaries using standard identity protocols. Users can access services that span the cloud and mobile devices, on premises and off, eliminating the need for multiple passwords, user profiles, and the added complexity that frustrates users and slows adoption.

With federation and the ForgeRock Identity Platform, you can:

  • Utilize open standards to deliver seamless federation across and beyond organizations.

  • Use OpenID Connect, which makes it easier and faster to build solutions requiring additional identity information.

  • Incorporate SAML2 federation into authentication chains, enabling the use of federated identities in stronger multi-factor authentication scenarios.

  • Leverage ForgeRock Identity Gateway to enable federation for applications that do not support SAML2



Federated Single Sign-On

Federated single sign-on (SSO) gives you the ability to grow your business and competitive advantage by providing frictionless, secure account access to users outside your organization —  citizens, customers, and partners. 

Federated SSO relies on open standards, including OAuth, WS-Federation, WS-Trust, OpenID Connect, and SAML to pass authentication tokens between organizations’ identity providers. The ForgeRock Identity Platform is comprised of multiple standards-based components and is built on a common framework using best-in-class open technologies. 

Federated SSO is widely used to provide single and same sign-on for applications within organizations and for applications outside the organization. It generally follows a fast and easy integration pattern. ForgeRock supports all major federation standards, including:

  • Federation protocols: SAML 2.0 (SP, IdP, ECP and IdP Proxy) and WS-Federation (asserting, relying party).

  • Next-generation federation standards for cloud and mobile use cases, including full implementation of: OpenID Connect, Mobile Connect, OAuth 2.0 (consumer, provider, authorization server) and User-Managed Access (UMA).

  • All web services security standards: Liberty ID-WSF, WS-I Basic Security Profile and WS-Trust (STS) 1.4.

  • GOV.UK Verify Identity Assurance Hub Service SAML profile.

  • FICAM (Federal Identity, Credential, and Access Management) compliant. This is an initiative defined by the U.S. Federal Government to simplify identity and access management across government systems.

Learn More About Single Sign-On »


ForgeRock Named Overall Leader in KuppingerCole Leadership Compass

Access Management and Federation, 2019



Download Report »