Identity Management
Securely manage the complete user lifecycle—from onboarding to moving and offboarding.
What Is Identity Management?
In an increasingly digital world, everyone has multiple digital identities — whether they are an employee, contractor, customer, or parent. This is also true of devices. All of these identities need to be created and managed at the right time, so that they have the right level of access to resources as they switch roles. When appropriate, access has to be revoked and accounts deleted. Depending on the maturity of the organization, identity management can be a cumbersome, costly, and risky process that relies on email, spreadsheets, or other manual methods.
ForgeRock Identity Management automates the entire identity lifecycle, delivering it as a comprehensive and secure service managed from a central location. This approach to identity management enables you to collect the appropriate level of user information from HR systems, users, or third-party applications, at the appropriate time. Users still retain the control to manage their own profiles, passwords, and privacy settings.
The Identity Management solution extends these user lifecycle management capabilities with the ability to manage a web of meaningful user and account relationships. This relationship lifecycle management delivers an exceptional user experience, increasing productivity while maintaining high security standards.
What is ForgeRock Identity Management?
Empower Users: Give Them More Control and Choice
In today’s connected world, users want to work from anywhere, anytime, and on any device. When they need new access to do their jobs or want to change their passwords, they want to be able to do it themselves. They prefer not to reach out to the IT department or help desk. More importantly, you don’t want them to call the help desk. Help desk calls are expensive, time-consuming, and impact productivity and morale.
Instead, you can empower users to perform actions themselves, saving administrators and IT staff time. Giving users the ability to change passwords, perform password resets, and make profile updates on their own allows them to focus on their jobs and maximizes your corporate resources.
Identity Management enables you to easily build secure self service trees for registration and password management with a drag-and-drop interface. With self service, users can manage their profiles, change their passwords, and control what data is shared for privacy reasons through a simple-to-use and highly customizable web interface. Our API-First model provides a single REST API framework across all of these services that can be accessed from your corporate website or portals. This gives your application development teams a common method to invoke any identity or self-service capability without having to worry about multiple programming languages and interfaces.
Just because users are in control doesn’t mean you have to sacrifice security. Identity Management allows you to define password policies, integrate a workflow engine into any profile update process, and log every activity so that you do not have to compromise on security. Password policies can be simple or complex, as defined by your business and security needs. You can configure them via a web interface. Identity Management will check policies during workflow, password reset, and password change processes to ensure that users adhere to them.
Profile updates can also be tied to a standards-based workflow engine. Updates go through appropriate checks and balances so there is no compromise on security. A single common auditing service across the ForgeRock platform gives you the ability to trace the entire lifecycle of users and their activity for better security insight. These logs can be stored in a database for reporting purposes or sent to standard security information and event management (SIEM) solutions for further analysis.
Manage Identity and the Relationship Lifecycle
Traditional identity management solutions bridge various identity and user data silos across a wide variety of systems and services to deliver a single view of the user identity. This is sufficient if you have a workforce or customers who never share their devices, or employees who never want to use their personal devices at work or work from home and access sensitive corporate data.
Identity Management is purpose-built for today’s digitally connected world where all these things are simply expected. We provide a flexible, scalable identity model and extend it beyond users to devices and things. All identities and objects are managed as first-class citizens within the Identity Management platform. We combine our flexible identity model and lifecycle management with relationship management and the relationship lifecycle layer above the core identity engine.
Identity Management enables you to set up data aggregation from various sources and create the identity relationship model at a granular level (parents, children, friends, and so on). The model can be extended to devices they own or carry and can define a simple relationship (such as a corporate laptop, personal phone, and leased car). This allows you to build solutions that can leverage this relationship data and make business and security decisions appropriately.
ForgeRock Identity Management provides data visualization to identify the relationships of any user, device, or thing to detect anomalies in access or provisioning quickly and efficiently. You can also embed these dynamic visualizations into reports so that administrators or authorized users can review them and drill down to get further details to perform analysis or triage.
Privacy and Consent Management
Data breaches are a common occurrence these days. Users are aware of this, and are more mindful of their privacy and data rights. Both consumers and employees require control over how their data is shared with third parties. Many regulations, like the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and the Massachusetts Data Protection Act, have been enacted to protect consumer privacy. Several regulations apply to employee privacy as well.
As part of the user self-service feature, Identity Management provides a simple-to-use Privacy and Consent Management capability. This gives users the ability to review their own personal data, see what portions of it are being shared, and find out who has access to it and for what period of time. Users can also update the data or even completely revoke the consent.
When you provide users with a transparent view of their privacy and data rights, they feel more secure and comfortable. They are also more open to sharing the right level of information about themselves, so you can make more informed decisions about them.
My Digital Identity
A digital identity is not just a set of login credentials. It ties an electronic profile of user data with an actual person. Watch this video to understand how digital identity and profile information can add value to your business while respecting user’s privacy and security.
Identity in Retail
Delivering a secure, frictionless, omnichannel experience is key to building strong customer loyalty. In this video, learn why data silos exist and how Identity Management can break them down to help you deliver an exceptional customer experience.
Customer Privacy
Understand key elements of GDPR, such as the right to be forgotten, the right to withdraw consent anytime, and data portability. With a modern identity management platform, GDPR compliance can become a competitive advantage in a dynamic retail market, opening up new business opportunities.
Resources
Guide
Getting Started
Follow this step-by-step guide to installing and evaluating ForgeRock Identity Management.
Guide
Identity of Things (IoT) Primer
Learn how to leverage ForgeRock Identity Management in your IoT ecosystem.
Guide
DevOps Guide
Ready to deploy ForgeRock Identity Management? Start here, using our DevOps and cloud deployment model.
Customer Stories
Macy’s: Password Resets Are Not Fancy, But They Are Necessary
AMER Sports: Becoming Omnichannel
Cox: Balancing User Experience and Security
Dave Fletcher, Chief Technology Officer, State of Utah
Read StoryJeroen Tas, Chief Innovation & Strategy Officer, Philips
Read StoryGrant Fengstad, Director of Information Technology and CIO, City of Richmond, BC, Canada
Read Story
Related Blogs
Blog
Identity Management: Beyond the Basics
Putting Identity at the Heart of Your Customer Engagement Strategy
Blog
Digital Identity Management and Communications Services
How Digital Identity Management Platforms Take Communications Services to the Next Level
Blog
The Continued Evolution of Identity
What Has Changed in the Last Decade and What Is in Store for the Future
ForgeRock Identity Management Components and Capabilities
Complete Identity Lifecycle Management
Identity Management provides complete lifecycle management capabilities for any identity for people, services, and things—from the day an employee is set up in an HR system, a service is launched, or a device is registered. Each employee requires multiple accounts with different levels of privileges across a wide range of systems to perform their duties. Identity Management allows you to define policies that govern access from a central location and provides a single-pane view into all those accounts and managed identities. With Identity Management, granting access enables a delightful user experience, and revoking access when it is no longer needed helps you uphold a high level of security.
Social Registration
Social login providers—LinkedIn, GitHub, Facebook, Instagram, and Apple—allow users to leverage their accounts to sign into other websites and choose the data they want to share. Identity Management leverages standards-based integrations with these social networks to register users seamlessly. This flexibility provides an exceptional user experience while reducing the need to manually enter data.
Password Management
Identity Management provides a single, common approach to password management to ensure that the right password controls are enforced everywhere. Typically, policies need to be enforced consistently across multiple directories—HR systems and a host of other databases—all of which have unique ways of defining them. Identity Management allows administrators to set a consistent password policy across all these systems. It also provides users with an easy-to-use web interface to reset their passwords centrally. Passwords are then synchronized across all accounts under management.
User Self-Service
Give administrators the ability to quickly define and build self-service registration and password management journeys with the Intelligent Access drag-and-drop tree interface. This improves their customer experience and reduces the amount of IT time and resources required to make direct profile updates. Just like password resets, changes to user profile information can be synchronized across all target accounts and relevant systems.
Synchronization and Reconciliation
Identity Management’s synchronization and reconciliation service provides the ability to synchronize data in real time and schedule the reconciliation of identity data as needed. With capabilities like delivery guarantee, on-demand and scheduled resource comparisons, and discovery of new, changed, deleted, or orphaned accounts, Identity Management ensures that consistent user identity information is available across all of the identity infrastructure. Tying synchronization and reconciliation with business process workflows and rules allows for appropriate reviews and administrative actions.
Workflow
Identity Management ships with an integrated, out-of-the-box workflow engine that adheres to the Business Processes Modeling Notation 2.0 (BPMN 2.0) standard. You can use any BPMN graphical editor to quickly and easily create new workflows or edit existing workflows that are delivered as part of the product, and integrate simple or complex workflow operations during the entire identity lifecycle. These workflows include user requests, approvals, account creation, updates, or deletions. You can efficiently handle approvals, manage escalations, and perform preventive maintenance or triage as needed.
Identity Relationship Visualization
Identity Management is the only modern IAM platform that offers identity relationship visualization. At ForgeRock, we understand the importance of context and relationship information, along with user identity, in making security decisions. Identity Management offers the unique capability to visualize the identity relationships of any user or thing under management. Identity relationship visualization helps you understand the attributes, roles, and relationships among different users, as well as a given user and all their devices. This enables you to easily detect anomalies, so you can quickly eliminate potential issues before they turn into security problems.
Privacy and Consent Management
With the Identity Management platform, users manage their privacy and consent settings from a single dashboard. They can correct errors in personal information collected from a social provider, residing in an HR system, or manually entered by an administrator. Users also control who has access to what portions of their data from a single location. The dashboard supports key GDPR requirements, including the right to be informed, right of access, right of rectification, right to restrict processing, right to object to processing, right to withdraw consent at any time, and right of erasure (“the right to be forgotten”).
