Identity Gateway

Consolidate identity and security solutions with an identity gateway for a more manageable and simple system-wide identity and access management (IAM) strategy

Download Product Brief

Your Passage to the Future

To keep up with customer demand, organizations are embracing digital transformation. Your business teams may own hundreds, if not thousands, of customer-facing applications that are critical for your digital transformation mandate. You need an agile process to provide digital identity and security consistently across all lines of business at a global scale. 

ForgeRock Identity Gateway, part of the ForgeRock Identity Platform, streamlines IAM efforts and helps organizations manage identity and security for web apps, APIs, and microservices with a single solution. An identity gateway keeps your infrastructure agile and responsive to a continually changing security landscape. With ForgeRock, you can ensure that your applications satisfy identity and security protocols at any scale without impacting business requirements. This enables you to secure data and transactions, and future-proofs your changing needs, standards, and technologies.

Download Identity Gateway Whitepaper

Identity Gateway - manage stakeholders


What is ForgeRock Identity Gateway?

See How ForgeRock Identity Gateway Works

API Security Diagram

Protect Against Malicious Activity With API Security

The volume of cyber attacks has exploded over recent years, as hackers continuously evolve techniques, launching more sophisticated attacks that impact organizations and customers. Fraud and malicious activity aren’t limited to authentication exploits. Unsecured APIs are also targets. API breaches are often caused by a lack of authorization and insight into system health.

With ForgeRock Identity Gateway, you can quickly protect your APIs and users by leveraging a gateway to front APIs. Identity Gateway serves as both a reverse proxy and as an authorization enforcement point for any type of traffic. To help maintain healthy services and protect against breaches and distributed-denial-of-service (DDoS) attacks, leverage Identity Gateway to monitor API traffic, throttle traffic volume, and detect anomalies.

Learn More


ForgeRock Is the Leading Identity API Platform Vendor

ForgeRock is recognized by KuppingerCole as the overall Identity API Platform Market Leader in all categories including Product, Innovation, and Market Leadership. 

Read the report to learn more about API security leaders and why ForgeRock ranks the highest.

Download Report

Related Blog Posts


IAM Owner? We’ve Got Your Back


Do It Non-Intrusively with Identity Gateway


API Security: Applying the Separation of Concerns Design Principle


API Security: Awareness and Moderation are Key


Support a Zero Trust Security Model

Organizations struggle to deliver real-time, continuous authentication and authorization that leverage a Zero Trust Security and continuous adaptive risk and trust assessment (CARTA) model. ForgeRock supports these deployment architectures, capturing context at authentication and storing it on the user’s session. Whenever a user attempts to access a protected resource, the context is reassessed to determine the level of trust. A change in context — such as IP address or geolocation — triggers events such as re-authentication, and can be used by Identity Gateway for contextual data redaction.

To allow or deny access based on context, risk, and behavioral data, configure Identity Gateway to work with ForgeRock Access Management. Identity Gateway also enables you to contextually redact data in real time to better protect user privacy and secure the experience when risk levels are high.

Learn More

Integrate and Modernize Legacy Apps

Not all organizations have the ability to immediately migrate to modern systems. That’s why it’s critical to have the flexibility to coexist with legacy systems and apps, so you can modernize and migrate at your own pace. Whether you are making a quick move or migrating gradually, Identity Gateway enables legacy and greenfield systems and apps to talk to each other fluidly and securely, so you can focus on modernization efforts.

In some cases, there are apps where no code changes are permitted, like those using web policy agents or owned by third parties where no agents are available. ForgeRock Identity Gateway establishes a virtual perimeter around these apps and acts as a reverse proxy, enforcing authentication and authorization. This provides better security and enables organizations to use the latest industry standards to consistently enforce authorization across apps, APIs, and microservices.

Learn More

API Security

Identity-enable APIs for secure integration and to enforce authorization for APIs. Leverage rate limiting and monitoring to maintain healthy services.

Identity-Enable Legacy Apps

Bring single sign-on (SSO) to legacy web applications without the need to edit, upgrade, or recode.

Contextual Authorization

Ensure authenticity of people, things, and services in real time, and mitigate risk whenever an anomaly is detected based on contextual, behavioral, and risk-based factors.

Federated Service Provider

Enable integration with business partners across your complex organization on premises, off premises, in the cloud, and on mobile devices, using the latest standards.