Identity Management at Internet Scale
The Modern Magic Wand

It’s not witchcraft and wizardry: Now, everything has a connected identity, from your broomstick, to your books, to your watches, and more. ForgeRock understands that as billions of users, devices, services, and things get online, you need better tools to manage the relationships between them, at scale.

Download Identity Management White paper

ForgeRock Identity Management, built from the OpenIDM open source project, allows you to manage the complete identity lifecycle of users, devices, and things. From identity to device registration, provisioning, synchronization, reconciliation, and more, your users and customers can move between magic. Turns out, you don’t have to be a wizard to manage it all.

How to Buy

Get our platform

Free Trial

Try our platform

Identity Provisioning

Manage the Registration and Provisioning of Users, Devices, and Things Across Multiple Environments

Provisioning users, devices, and things is a repetitive and potentially time-consuming task that has a significant impact on security and user access. Ensuring the right access to the right service (or user, or device) is the essential step in Identity Management. It’s critical for you to correctly manage roles and entitlements assigned to users, devices, or things, based on your organizational need and structure (such as job function, title, and geography) and assign and remove entitlements and resources consistently and rapidly.

With the ForgeRock Identity Platform, you can:

  • Use a responsive framework that can be deployed on-premises, in the cloud, or in hybrid environments. 
  • Manage previously disparate data repositories, network applications, and user data stores anywhere in the infrastructure stack.
  • Add the ForgeRock Open Connector Framework and flexible workflow engine to provision and assign relationships to users, devices, and things.
  • Easily customize and manage the registration and provisioning of users, devices, and things.  

More on identity provisioning


A More Streamlined Customer Experience

Basic tombstone identity management to complex identity credentials is expensive to manage, regardless of how well your service is developed. While streamlined registration and login experiences can reduce the need to manage user accounts, passing that capability to users through a self-service module to enable registration, password reset, and self-service access requests provides a more streamlined experience and a significant cost reduction in identity support.

  • Features a single, scalable web-app styled UI using Backbone, jQuery, and Handlebars that is easy to customize using standard, out-of the-box templates.
  • Streamlines registration and access requests to an external source such as applications and logs request events for auditing.
  • Enables you to implement user self-service to significantly reduce help desk costs and increase user productivity by automating password reset and enforcing an auditable centralized password policy.
  • Offers an out-of-the-box end user self-service and registration UI that can be easily customized.

Password Management

Ensure Consistency Across All Applications and Data Stores

It’s essential you get the basics right. That’s why a single, common way to manage passwords and password policies is a critical element to the security of any user, device, or thing. You can ensure the right password protocols like change, duration, and other policies are made and enforced everywhere. Consistent password policies enable you to ensure that passwords are being enforced everywhere and that password security is consistent.

  • Enforces access rights with password policies and rules that can specify strength, aging, reuse, and attribute validation.
  • Gives you the ability to intercept and synchronize passwords changed natively on ForgeRock Directory Services and Active Directory over an encrypted channel.
  • Enables fine control password management to ensure consistency across all applications and data stores, such as Active Directory and HR systems.

Synchronization and Reconciliation

Ensure Consistent and Accurate Identity Data is Available Across All Lines of Business

In most identity stores whether they be on-premises or in the cloud, they are often two exclusive services that do not communicate. This forces you to spend double the time managing and aligning two disparate data sources. It would be preferable for you have a platform that can immediately synchronize and reconcile changes to all configured mappings.

The ForgeRock Identity Platform’s synchronization and reconciliation services provide you with the ability to synchronize data in real-time and schedule the reconciliation of identity data at any point. You can then seamlessly integrate and ensure consistency and high availability of identities across your entire identity infrastructure.

      • Synchronization delivery guarantees enable rollback if one or more remote systems become unavailable.
      • Synchronization utilizes either on-demand or scheduled resource comparisons.
      • Reconciliation discovers new, changed, deleted, or orphaned accounts to determine user access privileges.
      • Allows internal business processes to drive custom methods, workflows, or rules.
      • Detect and synchronize changes to accounts, entitlements, and passwords, and perform user access remediation tasks.
      • LiveSync capabilities capture changes that occur on a remote system, then pushes those changes to the defined mappings to replay the changes where they are required – either in the ForgeRock repository, or on another remote system, or both.

Identity Visualization

Pictures Are Worth More Than a 1000 Words

We live in a connected world. That connectivity is expected to have a seamless experience by end users. But, as we all know, that’s not always the case. So how does one begin to provide seamless experiences for a customer? Understanding the attributes, roles, and relationships between users, devices and things is a big first step. But it can be extremely complex. Getting it wrong will lead to inaccurate assignment of policies, cause security and compliance gaps, and lead to poor customer experiences. What if you could visualize identities that enable you to quickly notice anomalies, eliminate potential issues, and provide status updates of managed identities in a more meaningful and visually rich way? With ForgeRock, you can.

      • Visualize identity relationships of any user, device or thing.
      • Build custom dashboards based on business requirements and easily share reports and dashboards with others.
      • Gain a deeper understanding of managed identities by embedding reports built from the Kibana open source data visualization platform, right into the administrator’s console.
      • Drill down on each node or object for more detailed information.

Relationship Visualization

With IoT introducing millions of new connected devices into your digital ecosystem, tools like Identity Relationship Visualization are critical in order to manage complex relationships between users, devices, and things.

Workflow Engine

Define Business Processes That Meet the Needs of the Business

The key to any identity management solution is the ability to provide workflow-driven provisioning activities, whether for self-service actions such as requests for entitlements, roles or resources, running sunrise or sunset processes, handling approvals with escalations, or performing maintenance.

The ForgeRock Identity Platform has the ability to manage and integrate, simple and complex workflow operations – approvals, requests, changes, integrations, all via standards-based (Business Process Modelling Notation 2.0) workflow tools. For simple integration, organizations are able to use REST calls to interact with the ForgeRock Identity Platform, for example, integrating with ticketing or help desk systems.

      • Simple RESTful interfaces provide a common API for managing all core functions of user administration, synchronization, and reconciliation.
      • Pluggable server-side scripting engine provides Javascript and Groovy support out of the box.
      • Embedded Activiti module that includes many different workflow templates and can be used for modeling, testing, and deployment.
      • Provides workflow-driven provisioning and deprovisioning activities, whether for self-service actions such as requests for access, or for admin actions such as updating entitlements, on/off boarding, bulk sunrise or sunset enrollments, and handling approvals with escalations.
      • Industry-standard BPMN 2.0 process definition models, can be easily created and edited using any BPMN graphical editor, or execute on any BPMN 2.0-compliant engine.

The ForgeRock Identity Platform

Typical identity products don’t play well with others. These legacy systems are made up of piece parts acquired and duct taped together, with limited functionality and scalability. They were built for thousands of employees, not the millions of identities coming online.

We built the ForgeRock Identity Platform from the ground up, designed from the outset as a unified model to integrate with any of your digital services. We offer end-to-end capability designed to scale into the billions and support you not just now, but years into the future. You get the feeling it was all built to work together, because it was.

How to Buy

Get our platform

Free Trial

Try our platform