Identity Management with the ForgeRock Identity Platform - So What’s New?

© 2016 ForgeRock. All rights reserved.

ForgeRock Identity Platform Identity Management

• Tim Sedlack, Sr Product Manager• Rob MacDonald, Product Marketing Director


ForgeRock: At a Glance

• Fastest-growing open source identity security software company in the world

• Founded: 2010• Headquartered in San Francisco with offices in

6 countries• Employees: 350+• Customers: 400+ Enterprises in 30+ countries• Global Reach: ~50% international revenue• Hybrid Revenue Model with low Churn: <5%• Funding to Date (thru Series C): $52M• Investors: Accel Partners, Foundation Capital

and Meritech Capital Partners

Key Facts Mission Statement

The forgerock identity platform currently powers

more than 500 million identities. It is our goal to become the market leader

in digital transformation and security for enterprise

identity worldwide.


Perimeter-Based Security Identity-Centric Security

Enables Digital Business

Untrusted

Trusted

Inhibits Digital Business

Old Security Model is Broken. Security Must Now Be Identity-Based.

Enables Digital BusinessInhibits Digital Business


Changes are adding Complexity

Employees

Employees &Partners

PerimeterPerimeter Federation

Things

Perimeter-lessFederation

CloudSaaS

Mobility

Consumers

Perimeter-lessFederation

Cloud / SaaS

Com

plex

ity o

f Sca

le

Complexity of Experience


Identity Access ManagementCustomers(millions)

On-premises

People

Applicationsand data

PCsEndpoints

Workforce(thousands)

Partners andSuppliers

Customers(millions)

On-premises PublicCloud

PrivateCloud

People

Things(Tens of millions)

Applicationsand data

PCs PhonesTabletsSmart

WatchesEndpoints

Forrester Report Nov 2015: Market Overview: Customer Identity And Access Management (CIAM) Solutions

Identity Relationship Management

Business Has Changed: Enterprises Now Require Identity Relationship Management (IRM)

Business Has Changed: Enterprises Now Require Identity Relationship Management (IRM)


Enterprise AppsMobile Apps Things Cloud

Single Architecture | Next Generation | Open | Chip-to-Cloud Deployments | IRM

Identity ManagementAccess Management Directory Services Identity Gateway

Platform Strategy


Shared Services : User Interface, Self-Service, REST API, HTTP, Scripting, Audit and Logging

Federation Synchronization

Authentication & Strong Authentication

Identity Provisioning Application & Service Gateway

Authorization & UMA Provider

Workflow Engine IoT Identity Gateway

Adaptive Risk Self-Service Password Capture & Replay

UMA Protector

Access Management Identity Management Identity Gateway

Data Store

High Availability

Data Segmentation

LDAP / REST

Directory Services

Open Standards, High Availability, On-Premises, Cloud, Hybrid

The ForgeRock Identity Platform is built from the open source projects OpenAM, OpenIDM, OpenIG and OpenDJ

The ForgeRock Identity Platform


ForgeRock UI FrameworkUI LayerForgeRock RESTAccess Layer

Provisioning

Auditing

Workflow

Synchronization

Policy

Scheduler Task Scanner

Password Management

Reconciliation

Services/Routing Layer

Attributes Users Roles Groups Organizations Accounts Things Custom ….Object LayerObject broker (managed – system – aggregated)Broker Layer

Business Logic Layer

Self-Service UI Admin Console

OpenICF

customchip | thing

External Resources Layer

…

ForgeRock Identity Platform: Identity Management


Release Focus

User Administration

Security & Visibility

Platform Experience

Connectivity

© 2016 ForgeRock. All rights reserved. 10

New UI

• Bootstrap based Responsive UI framework• Simple to customize and theme• Device independent – mobile friendly!• Smaller footprint – less bandwidth

• Segregated Administration and Self-Service model• Admin UI greatly expanded• Easy to demo and communicate core concepts

• Improved and visualized workflow management


Simplified Object Model

• Quick and visual object creation – beyond users• Design your objects quickly and visually – including schema• From Simple to complex, related to unrelated• JSON/File based still supported

• Model your objects in the UI• Simple icon model• Relate objects to each other• Many to one, one to many, many to many, one to one• Once added, you can manage directly in the UI


Intrinsic Relationship Model

• Create and model relationships• Parent-Child, User-Groups, Owner-Devices, etc• New schema item type: relationship• Allows for “reverse” relationship dependency

• Relationship Endpoints


Role Management

• Design, assign and manage roles in an intuitive and visual manner

• 2 types:• Provisioning Roles – describes how assignments are used in external

systems• Authorization Roles - used to specify rights on managed objects in

OpenIDM


(Multi) Account Linking

• Use case: Link multiple accounts on a single resource to a single managed identity

• User Account and Admin account • Agent and Consumer

• Create with the new “Link Qualifier”• Mapping->Properties• Static or Dynamic (preferred)

• Static – Production and Dev accounts for each managed user

• Sample – Insurance Agent and Customer


Self-Service and Password Management

• Customizable Process and UI• Pluggable processing chain

– reCaptcha, email, KBA out of the box

• Bootstrap (commons) based UI foreasy customization

• 4 standard functions• Registration• Password Reset• Forgotten User Name• Profile Management

• Enables you to implement user self-service to significantly reduce help desk costs and increase user productivity by automating password reset and enforcing an auditable centralized password policy.

• Implements fine control password management to ensure consistency across all applications and data stores, such as Active Directory and HR systems.

• Quickly branded to give customers a personalized experience


Self-Service and Password Management


What we didn't cover

• Password/Attribute Hashing v. encrypting• Commons Auditing• OpenAM Session Auth Module• Upgrade/Update Framework• New Documentation• IBM DB2 as a repository


Next Steps

• New release available NOW on ForgeRock.com• https://www.forgerock.com/downloads

• Download, install, PLAY!• Run through all the samples – updated and new


Thanks!

Software

Identity Management with the ForgeRock Identity Platform - So What’s New?