ForgeRock Identity Cloud

The ForgeRock Identity Cloud is our comprehensive, fully customizable, and extensible identity platform as a service.

Get Your Identity Cloud Questions Answered

Our comprehensive identity platform, as a cloud-delivered service

The Full Power of a True Identity Platform

Most cloud identity as a service (IDaaS) – or even “SaaS-delivered IAM”  offerings – are unable to meet the demands of today’s organizations because they lack critical functionality or configurability. Contrary to these, ForgeRock offers  the full power of the ForgeRock Identity Platform as a service with  ForgeRock Identity Cloud.  As the only full identity platform on the market, Identity Cloud is comprehensive, extensible, and customizable.

With Identity Cloud, you can:

  • Leverage a single platform for all your identity and access needs.
  • Extend cloud security to protect your on premises apps quickly and easily.
  • Gain the most cutting-edge identity capabilities without worrying about maintenance, patching, and upgrading.
  • Provide exceptional and secure digital experiences for consumers and citizens at scale. 
  • Empower an efficient and secure workforce from anywhere in the world.
  • Extend the cloud identity platform to protect devices, things, API, services and more.
  • Address existing and emerging compliance and regulatory needs efficiently.
  • Quickly innovate and grow the business now and into the future.

Read this Whitepaper to Learn More

ForgeRock Identity Cloud

Why ForgeRock Identity Cloud


Cloud without Compromise

  • One subscription, complete freedom
  • Maximum deployment flexibility
  • True IAM platform


No Surprises

  • Predictable pricing
  • Your data under your control
  • Consistent service at any scale


Great Experiences

  • Unparalleled and optimized journeys
  • Zero Trust: Contextual, adaptive and dynamic
  • Any identity, any device

A Comprehensive Identity Platform with Simple-to-Use Capabilities

ForgeRock Identity Cloud provides comprehensive and simple-to-use identity solutions to help you deliver superior experiences, mitigate risk, increase workforce productivity, and reduce costs.

Intelligent User Journeys

Intelligent user journeys are based on ForgeRock’s powerful tree framework that allows you to build registration and authentication flows using an intuitive drag-and-drop interface. This capability allows you to orchestrate user flows with more flexibility, choice, and security. Registration trees allow you to build simple ways to register and onboard new users. Authentication trees allow you to easily configure, measure, and adjust multiple login journeys within a Zero Trust security model using a variety of methods.


ForgeRock Identity Cloud  provides a simple, customizable web interface that allows users to perform password resets and view and change their personal information without having to call the help desk. Empowering users to control their own information improves their experience and reduces the amount of time they spend with support teams. Password changes and updates to user profile information can be synchronized across all target user accounts for consistent data in all relevant systems.

Single Sign-On and MFA

With ForgeRock Identity Cloud, your users can securely access any application from any device from any location. With single sign-on (SSO), they have seamless access to multiple applications whether they are authenticating using credentials stored in the cloud, on premises, or with a third party using federation or social sign-on such as those provided by  Google, LinkedIn, and Facebook. SSO can also be easily combined with a secure multi-factor authentication (MFA) to provide an extra layer of security when needed.

ForgeRock Go

Enabling usernameless and passwordless authentication, you can increase productivity and decrease hassle by giving your users easy, low-friction access to the applications and data they need. Utilizing the latest standards, the ForgeRock Go  capability allows low-risk, high-confidence users to log in to all your backend systems without ever using a password or even entering a username.

Lifecycle and Relationship Management

Traditional IAM solutions bridge various identity and user data silos across a wide variety of systems and services to deliver a single view of the user identity. However, they are inadequate when it comes to handling  employees who regularly share devices, access sensitive corporate data from home, or use personal devices at work. By contrast, ForgeRock Identity Cloud provides data visualization to identify the relationships of any user, device, or thing to detect anomalies in access or provisioning quickly and efficiently.

Synchronization and Reconciliation

With the synchronization and reconciliation service, you can synchronize data in real time and schedule the reconciliation of identity data as needed from your on premises identity repositories to ForgeRock Identity Cloud. With capabilities like delivery guarantee; on-demand and scheduled resource comparisons; and discovery of new, changed, deleted, or orphaned accounts, this service allows consistent user identity information to be available across the entire identity infrastructure, whether on premises or in the cloud.

Identity Gateway

The ForgeRock Identity Gateway enables organizations to secure on premises legacy applications, APIs, and microservices without changing how they work. This enables organizations to fully embrace a hybrid cloud strategy and bring new capabilities like multi-factor authentication and  Zero Trust to legacy applications without a large development effort. ForgeRock Identity Gateway secures data and transactions, and helps future-proofs your changing needs, standards, and technologies. This flexibility and versatility is one of the reasons KuppingerCole named ForgeRock the leader in the Identity API platform vendor.


ForgeRock delivers one common REST application programming interface (API) framework across the entire platform to provide a simple method to invoke any of our identity services. Developer-friendly and lightweight, yet powerful, the REST API framework helps you to eliminate unnecessary identity complexity and increase platform agility.

With software development kits (SDKs) that support iOS, Android, and JavaScript, you can eliminate unnecessary identity complexity and increase platform agility. These SDKs can be used for rapid prototyping, SSO, and even device profiling and jailbreak detection.


Security Overview

ForgeRock Identity Cloud Security

Your data in the cloud is protected with the industry's best practices.


ForgeRock Identity Cloud

Learn how a comprehensive identity platform as a service can meet the challenges of today and tomorrow.

Data Sheet

ForgeRock Identity Cloud

ForgeRock Identity Cloud capabilities and how your organization can benefit.

A Modern Hybrid Cloud Purpose-Built for Today's Reality

Organizations may desire to move completely to the cloud in the future, but, for the present, they must continue to support business-critical applications that are running on premises. Securing these life-blood applications is not negotiable. Therefore, it’s imperative that cloud identity providers accommodate a hybrid cloud strategy. ForgeRock Identity Cloud is designed to deliver delightful, secure, transparent, and frictionless user experiences for this modern reality. 

Identity Cloud treats both cloud and on premises applications the same, removing the need for a major rip-and-replace project that many customers have to go through with cloud-native solutions. Identity Cloud can even coexist with other legacy IAM solutions running on premises. You can also quickly augment legacy systems with new capabilities, such as Intelligent Access and multi-factor authentication (MFA), while you plan and execute on your cloud migration strategy.

Identity Cloud Checklist


Security Is Shared. Data Is Not.

Security concerns – including data sharing and data sovereignty – have been one of the major reasons many large customers have stayed away from moving to a complete cloud IAM platform. ForgeRock Identity Cloud provides maximum security with complete customer isolation in a modern, multi-tenant cloud architecture. 

Robust security starts at the infrastructure level, leveraging the native physical and network security features of the service provider to prevent common threats like distributed denial-of-service (DDoS) attacks against customer environments or services. Each customer environment – which includes the identity data, configurations, and all customization –, is stored within a dedicated trust zone to prevent any accidental or malicious co-mingling. All of this data is also encrypted at rest and in transmission to prevent any unauthorized access and prevent data breaches.

The entire platform is also continuously monitored by dedicated, highly trained ForgeRock experts. ForgeRock also implements a mature information security management system (ISMS), owned by our CISO. This ISMS documents  a set of detailed security policies that all ForgeRock employees must follow. All of these policies and practices are also regularly reviewed and assessed by internal as well as external auditors.

Security also starts with the fundamentals: secure coding practices, least privilege, dependency management, and continuous vulnerability and penetration testing. We systematically evaluate the assets hosted within the service, an attacker’s options for compromising them, and the effectiveness of the service’s security controls at preventing or detecting threats. This is a continuous process that keeps evolving to meet new threats and address customer demands.

Learn More

ForgeRock Identity Cloud Express

Built on top of the full ForgeRock Identity Platform, Identity Cloud Express enables you to accelerate time to market of yourIAM projects by including ForgeRock best practices that have been preconfigured with guardrails to help you focus your energies on developing business value, not creating and running IAM solutions or infrastructure. If you want more capabilities and the ability to customize your cloud environment further, you can always upgrade to the full ForgeRock Identity Cloud.

Identity Cloud Express minimizes the skill sets required to embed security into modern IAM applications. Developers can quickly and easily integrate identities based on OAuth 2.0, OpenIDConnect (OIDC), and WebAuthN into any application with minimal configuration. Identity Cloud Express also leverages ForgeRock's API-first model, providing one common REST API framework across the entire platform. This results in less complexity for internal and external developers since a single, common method can invoke any identity service.

Learn More