Identity Management
Securely manage the complete user lifecycle — from onboarding to moving and offboarding
What Is Identity Management?
In an increasingly digital world, everyone has multiple digital identities — whether they are an employee, contractor, customer, or parent. This is also true of devices. All of these identities need to be created and managed at the right time, so that they have the right level of access to resources as they switch roles. When appropriate, access has to be revoked and accounts deleted. Depending on the maturity of the organization, identity management can be a cumbersome, costly, and risky process that relies on email, spreadsheets, or other manual methods.
ForgeRock Identity Management automates the entire identity lifecycle, delivering it as a comprehensive and secure service managed from a central location. This approach to identity management enables you to collect the appropriate level of user information from HR systems, users, or third-party applications, at the appropriate time. Users still retain the control to manage their own profiles, passwords, and privacy settings.
The Identity Management solution extends these user lifecycle management capabilities with the ability to manage a web of meaningful user and account relationships. This relationship lifecycle management delivers an exceptional user experience, increasing productivity while maintaining high security standards.
Empower Users With More Control and Choice
In today’s connected world, users want to work from anywhere, anytime, and on any device. When they need new access to do their jobs or want to change their passwords, they want to be able to do it themselves. They prefer not to reach out to the IT department or help desk. More importantly, you don’t want them to call the help desk. Help desk calls are expensive, time-consuming, and impact productivity and morale.
Instead, you can empower users to perform actions themselves, saving administrators and IT staff time. Giving users the ability to change passwords, perform password resets, and make profile updates on their own allows them to focus on their jobs and maximizes your corporate resources.
Identity Management enables you to provide these self-service capabilities rapidly and securely. It allows users to manage their profiles, change their passwords, and control what data is shared for privacy reasons through a simple-to-use and highly customizable web interface. Our API-First model provides a single REST API framework across all of these services that can be accessed from your corporate website or portals. This gives your application development teams a common method to invoke any identity or self-service capability without having to worry about multiple programming languages and interfaces.
Just because users are in control does not mean you have to sacrifice security. Identity Management allows you to define password policies, integrate a workflow engine into any profile update process, and log every activity so you can deliver no compromise security. Password policies can be simple or complex, as defined by your business and security needs, and you can configure them via a web interface. Identity Management will check policies during workflow, password reset, and password change processes to ensure that users adhere to them.
Profile updates can also be tied to a standards-based workflow engine. Updates go through appropriate checks and balances to maintain a high level of security. A single common auditing service across the ForgeRock platform gives you the ability to trace the entire lifecycle of users and their activity for better security insight. These logs can be stored in a database for reporting purposes or sent to standard security information and event management (SIEM) solutions for further analysis.
Manage Identity and the Relationship Lifecycle
Traditional identity management solutions bridge various identity and user data silos across a wide variety of systems and services to deliver a single view of the user identity. These traditional solutions are insufficient for workforces or customers who regularly share devices or for employees who work from home and access sensitive corporate data or who use personal devices at work.
Identity Management is purpose-built for today’s digitally connected world where all these things are simply expected. We provide a flexible, scalable identity model and extend it beyond users to devices and things. All identities and objects are managed as first-class citizens within the Identity Management platform. We combine our flexible identity model and lifecycle management with relationship management and the relationship lifecycle layer above the core identity engine.
Identity Management enables you to set up data aggregation from various sources and create the identity relationship model at a granular level (parents, children, friends, and so on). The model can be extended to devices they own or carry and can define a simple relationship (such as a corporate laptop, personal phone, and leased car). This allows you to build solutions that can leverage this relationship data and make business and security decisions appropriately.
ForgeRock Identity Management provides data visualization to identify the relationships of any user, device, or thing to detect anomalies in access or provisioning quickly and efficiently. You can also embed these dynamic visualizations into reports so that administrators or authorized users can review them and drill down to get further details in order to perform analysis or triage.
Privacy and Consent Management
Data breaches are a common occurrence these days. Users are aware of this and are more mindful of their privacy and data rights. Both consumers and employees require control over how their data is shared with third parties. Many regulations, such as the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and the Massachusetts Data Protection Act, have been enacted to protect consumer privacy. Several regulations apply to employee privacy as well.
As part of the user self-service feature, Identity Management provides a simple-to-use Privacy and Consent Management capability. This gives users the ability to review their own personal data, see what portions of it are being shared, and find out who has access to it and for what period of time. Users can also update the data or even completely revoke the consent.
When you provide users with a transparent view of their privacy and data rights, they feel more secure and comfortable. They are also more open to sharing the right level of information about themselves, so you can make more informed decisions about them.
My Digital Identity
Identity in Retail
Customer Privacy
Macy’s: Password Resets Are Not Fancy, But They Are Necessary
Macy’s is a premier omnichannel retailer that operates more than 800 department and specialty stores under multiple iconic brands. When Macy’s wanted a single Identity platform to protect and delight both customer and employee user experience, it turned to ForgeRock. Learn how ForgeRock helped Macy’s start small with a password reset project and use that success to provide better security and user experience in a phased approach.
Dave Fletcher, Chief Technology Officer, State of Utah
Read StoryJeroen Tas, Chief Innovation & Strategy Officer, Philips
Read StoryGrant Fengstad, Director of Information Technology and CIO, City of Richmond, BC, Canada
Read Story
Resources
Blog
Identity Management: Beyond the Basics
Putting identity at the heart of your customer engagement strategy.
Blog
Digital Identity Management and Communications Services
How digital Identity Management platforms take communications services to the next level.
Blog
2019: The Continued Evolution of Identity
What has changed in the last decade and what is in store for the future.
Complete Identity Lifecycle Management
Identity Management provides complete lifecycle management capabilities for any identity for people, services, and things — from the day an employee is set up in an HR system, a service is launched, or a device is registered. Each employee requires multiple accounts with different levels of privileges across a wide range of systems to perform their duties. Identity Management allows you to define policies that govern access from a central location and provides a single-pane view into all those accounts and managed identities. With Identity Management, granting access enables a delightful user experience, and revoking access when it is no longer needed helps you uphold a high level of security.
Social Registration
Social login providers — LinkedIn, GitHub, Facebook, Instagram, and Apple — allow users to leverage their accounts to sign into other websites and choose the data they want to share. Identity Management leverages standards-based integrations with these social networks to register users seamlessly. This flexibility provides an exceptional user experience while reducing the need to manually enter data.
Password Management
Identity Management provides a single, common approach to password management to ensure that the right password controls are enforced everywhere. Typically, policies need to be enforced consistently across multiple directories — HR systems and a host of other databases — all of which have unique ways of defining them. Identity Management allows administrators to set a consistent password policy across all these systems. It also provides users with an easy-to-use web interface to reset their passwords centrally. Passwords are then synchronized across all accounts under management.
User Self-Service
Identity Management provides a simple, customizable web interface and REST API that allows users to view and change their personal information. Empowering users to control their own data improves their experience and reduces the amount of time they may otherwise spend with support teams. Users are more productive, and IT and support costs are kept under control. Just like password resets, changes to user profile information can be synchronized across all target user accounts for consistent data in all relevant systems.
Synchronization and Reconciliation
Identity Management’s synchronization and reconciliation service provides the ability to synchronize data in real time and schedule the reconciliation of identity data as needed. With capabilities like delivery guarantee, on-demand and scheduled resource comparisons, and discovery of new, changed, deleted, or orphaned accounts, Identity Management ensures that consistent user identity information is available across the entire identity infrastructure. Tying synchronization and reconciliation with business process workflows and rules allows for appropriate reviews and administrative actions.
Workflow
Identity Management ships with an integrated, out-of-the-box workflow engine that adheres to the Business Processes Modeling Notation 2.0 (BPMN 2.0) standard. You can use any BPMN graphical editor to quickly and easily create new workflows or edit existing workflows that are delivered as part of the product, and integrate simple or complex workflow operations during the entire identity lifecycle. These workflows include user requests, approvals, account creation, updates, or deletions. You can efficiently handle approvals, manage escalations, and perform preventive maintenance or triage as needed.
Identity Relationship Visualization
Identity Management is the only modern IAM platform that offers identity relationship visualization. At ForgeRock, we understand the importance of context and relationship information, along with user identity, in making security decisions. Identity Management offers the unique capability to visualize the identity relationships of any user or thing under management. Identity relationship visualization helps you understand the attributes, roles, and relationships among different users, as well as a given user and all their devices. This enables you to easily detect anomalies, so you can quickly eliminate potential issues before they turn into security problems.
Privacy and Consent Management
With the Identity Management platform, users manage their privacy and consent settings from a single dashboard. They can correct errors in personal information collected from a social provider, residing in an HR system, or manually entered by an administrator. Users also control who has access to what portions of their data from a single location. The dashboard supports key GDPR requirements, including the right to be informed, right of access, right of rectification, right to restrict processing, right to object to processing, right to withdraw consent at any time, and right of erasure (“the right to be forgotten”).
