About the ForgeRock Identity Platform
The ForgeRock Identity is defined as Platform which can be used for offering identity management, directory services, access management, user-managed access, and an identity gateway, unified platform, designed and built as a single.
This article will describe you in general terms the ForgeRock modules that composed of the ForgeRock Identity Platform, and where to find the documentation related to each module.
Types of Forgerock Modules:
| Core Solution | Module |
| ForgeRock Identity Management (IDM) | Self-ServiceIdentity SynchronizationSocial IdentityWorkflow |
| ForgeRock Access Management (AM) | AuthorizationIntelligent AuthenticationUser-Managed AccessFederation |
| ForgeRock Directory Services (DS) | Directory Proxy ServerDirectory Server |
1. Self-Service Module:
This module is used to allow the end users in managing their own profiles and passwords securely in accordance with the predefined policies.
Features of Self-Service Module:
- Password Reset – Mechanisms are allowed for the users to reset their own passwords along with the predefined policies.
- Password Management – End-user self-service UI for resetting and changing passwords that are based on the security questions and predefined policies.
- Forgotten Username – Mechanisms can allow the users in order to recover their usernames along with predefined policies.
- Knowledge-Based Authentication – Verification for user identities based on predefined and end user-created security questions.
- Progressive Profile Completion – Short forms used to simplify registration and incrementally collect profile data over time.
- Consent and Preference Management – Configurable user preferences.
- Profile and Privacy Management Dashboard – Dashboard for managing personal user information.
- Terms and Conditions (or Terms of Service) Versioning – Manage multiple terms and conditions.
2. Identity Synchronization:
This module can serve as the foundation for provisioning and identity data reconciliation. Synchronization capabilities are available as a service and through REST APIs to be used directly by external applications. Activities occurring in the system can be configured to log and audit events for reporting purposes.
- Reconciliation – Alignment between accounts across managed data stores.
- Discovery and Synchronization – Synchronization of identity data across managed data stores.
- Directory Services and Active Directory Plugins – Native password synchronization plugins for ForgeRock Directory Services and Microsoft Active Directory.
- Password Synchronization – Near real-time password synchronization across managed data stores.
- All Connectors – Extensible interoperability for identity, compliance, and risk management across a variety of specific applications and services.
3. Social Identity Module:
With this module, you can allow users to register and authenticate with specified standards-compliant social identity providers. These users can also link multiple social identity providers to the same account, thus establishing a single consumer identity.
- Authentication – Social login for identity management.
- Registration – User registration with social identity accounts.
- Attribute Scope Management – Administrators can include any or all scopes available, by social identity provider.
- Account Linking – Users can select specific social identity providers for logins.
4. Workflow Module:
This module can be used to visually organize identity synchronization, reconciliation, and provisioning into repeatable processes with logging and auditing for reporting purposes.
- BPMN 2.0 Support – Standards-based Business Process Model and Notation 2.0 support.
- Activity Workflow Engine – Lightweight workflow and business process management platform.
- Workflow-Driven Provisioning – Define provisioning workflows for self-service, sunrise and sunset processes, approvals, escalations, and maintenance.
5. Authorization:
This module will help you create powerful, context-based policies with a GUI-based policy editor and with REST APIs to control access to online resources. Resources can be URLs, external services, or devices and things.
- Web and Java Agents for Enforcement – Access enforcement for online resources with the capability to require higher levels of authentication and session upgrade when accessing sensitive resources.
- Entitlement Policies – Modern web-based policy editor for building policies, making it possible to add and update policies as needed without touching the underlying applications.
- Transactional Authorization – Requires a user to perform additional actions such as reauthenticating to a module or node, or responding to a push notification, to gain access to a protected resource.
6. Intelligent Authentication Module:
This module will help you build secure, robust, centrally managed single sign-on services. The user, application, or device signs on once and then is granted appropriate access everywhere.
- Authentication Modules – AM provides more than 25 authentication modules, including multi-factor and strong authentication, to handle different modes of authenticating users or entities.
- Authentication Trees and Nodes – Authentication trees provide fine-grained authentication, social authentication, and multi-factor authentication.
- Session High Availability – Persistent access management sessions, authenticating the user until the session expires.
- Adaptive Risk Module – Risk assessment based on predetermined characteristics to determine whether to complete further authentication steps in a chain.
- External Configuration Store – Configuration storage in ForgeRock Directory Services for high-availability.
7. User-Managed Access Module:
This module consists of a consumer-facing implementation of the User-Managed Access (UMA) 2.0 standard. The standard defines an OAuth 2.0-based protocol designed to give individuals a unified control point for authorizing who and what can access their digital data, content, and services.
- UMA Protector – ForgeRock Identity Gateway protection for resources and services with the UMA 2.0 standard.
- UMA Authorization Server – Authorization server with dynamic resource set registration, end user control of resource sharing.
- UMA Standard Conformance – Conformance to the UMA 2.0 standard for interoperability with organizational and partner systems.
8. Federation Module:
This module will help you extend SSO capabilities across organization boundaries based on standards-based interoperability.
- SAML 2.0 SSO and SLO – Web Single Sign-On and Single Logout profile support.
- SAML 2.0 IDP and SP – Identity federation with SaaS applications, such as Salesforce.com, Google Apps, WebEx, and many more.
- OpenID Connect – OpenID Connect 1.0 compliance for running an OpenID Provider, including advanced profiles, such as Mobile Connect.
- Social Login – For acting as an OAuth 2.0 client of social identity providers, such as Facebook, Google, and Microsoft.
9. Directory Proxy Server:
- High Service Availability – LDAP services with reliable crossover and DN-based routing.
- Single Point of Access – Uniform view of underlying LDAPv3 directory services for client applications.
- Protection For Directory Services – Secure incoming and outgoing connections, and provide coarse-grained access control.
- REST APIs – HTTP-based RESTful access to user data and server configuration.
10. Directory Server:
- REST APIs and REST to LDAP Gateway – HTTP-based RESTful access to user data and server configuration.
- High-Availability Multi-Master Replication – Data replication for always-on services, enabling failover and disaster recovery.
- LDAPv3 – Compliance with the latest LDAP protocol standards.
- Embedded Databases – Choice of Oracle Berkeley DB or ForgeRock DB.
Conclusion: Hope you got complete information/details about Forgerock along with its modules. Any queries? Comment below.