Your Passage to the Future
What is ForgeRock Identity Gateway?
See How ForgeRock Identity Gateway Works
Related Blog Posts
IAM Owner? We’ve Got Your Back
Do It Non-Intrusively with Identity Gateway
API Security: Applying the Separation of Concerns Design Principle
API Security: Awareness and Moderation are Key
Support a Zero Trust Security Model
Organizations struggle to deliver real-time, continuous authentication and authorization that leverage a Zero Trust Security and continuous adaptive risk and trust assessment (CARTA) model. ForgeRock supports these deployment architectures, capturing context at authentication and storing it on the user’s session. Whenever a user attempts to access a protected resource, the context is reassessed to determine the level of trust. A change in context — such as IP address or geolocation — triggers events such as re-authentication, and can be used by Identity Gateway for contextual data redaction.
To allow or deny access based on context, risk, and behavioral data, configure Identity Gateway to work with ForgeRock Access Management. Identity Gateway also enables you to contextually redact data in real time to better protect user privacy and secure the experience when risk levels are high.
Integrate and Modernize Legacy Apps
Not all organizations have the ability to immediately migrate to modern systems. That’s why it’s critical to have the flexibility to coexist with legacy systems and apps, so you can modernize and migrate at your own pace. Whether you are making a quick move or migrating gradually, Identity Gateway enables legacy and greenfield systems and apps to talk to each other fluidly and securely, so you can focus on modernization efforts.
In some cases, there are apps where no code changes are permitted, like those using web policy agents or owned by third parties where no agents are available. ForgeRock Identity Gateway establishes a virtual perimeter around these apps and acts as a reverse proxy, enforcing authentication and authorization. This provides better security and enables organizations to use the latest industry standards to consistently enforce authorization across apps, APIs, and microservices.
Identity-enable APIs for secure integration and to enforce authorization for APIs. Leverage rate limiting and monitoring to maintain healthy services.
Identity-Enable Legacy Apps
Bring single sign-on (SSO) to legacy web applications without the need to edit, upgrade, or recode.
Ensure authenticity of people, things, and services in real time, and mitigate risk whenever an anomaly is detected based on contextual, behavioral, and risk-based factors.
Federated Service Provider
Enable integration with business partners across your complex organization on premises, off premises, in the cloud, and on mobile devices, using the latest standards.