The Future is Now: The ForgeRock Identity Platform, Early 2017 Release

© 2016 ForgeRock. All rights reserved.


Daniel Raskin SVP, Product Management

The Future is Now: The ForgeRock Identity Platform

Jessica Morrison Senior Director, Product Marketing


Disclaimer

The presentation represents ForgeRock’s current view of its product development cycle and future directions. It is intended for information purposes only, and should not be interpreted as a commitment on the part of ForgeRock. ForgeRock makes no warranties, expressed or implied, on future functionality and timeline.


2010 Founded

10 Offices worldwide with headquarters in San Francisco

400+ Employees

600+ Enterprise Customers

50% Americas / 50% International commercial revenues

30+ Countries

ForgeRock The leading, next-generation,

identity security software platform, driving digital business.


Everyone And

Every Thing

Identity For

Customer Identity Relationship Management


Frictionless

Personalized

The New Customer Experience

Device / IoT


ForgeRock Identity Platform

UMA Provider Mobile App Synchronization Social Identity

LDAPv3 REST/JSON

Replication Access Control

Schema Management

Caching

Directory Proxy

Monitoring

Groups

Password Policy

Active Directory Pass-thru

Reporting

Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2

Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2

Adaptive Risk Stateless/Stateful Registration Aggregated User View

Message Transformation

API Security Scripting

Built from Open Source Projects:

UMA Resource

Access Management Identity Management Identity Gateway

Directory Services

Com

mon

RES

T AP

I

Com

mon

Use

r Int

erfa

ce

Com

mon

Aud

it/Lo

ggin

g

Com

mon

Scr

iptin

g


Build trusted identity relationships across users, things, & cloud services


What’s New in ForgeRock Identity Management?


Authorization Federation

Identity Workflow Self Service

Authentication

Identity Synchronization

Adaptive Risk

Identity Store

User-Managed Access

Identity Gateway

Q1 Platform Release – New Modules

Social Identity

Identity Proxy


Identity Horizons: Key Focus Areas

Unified Platform

Cloud Native

Customer Identity Unified Platform

DevOps / Containers Privacy & Consent

Internet of Things Microservices

SOLUTION AREAS DELIVERY FLEXIBILITY


Cus

tom

er V

alue

Completeness of Vision

Customer Identity Core Business

Privacy & Consent Adjacent Growth

Internet of Things Exploration in to New Market

Identity Horizons: Solution Areas

Enterprise Traditional IAM


Cus

tom

er V

alue

Completeness of Vision

Customer Identity Core Business

Privacy & Consent Adjacent Growth

Internet of Things Exploration in to New Market

Identity Horizons: Solution Areas

Enterprise Traditional IAM

RELATIONSHIP MANAGEMENT




LDAPv3 REST/JSON


Schema Management

Caching

Directory Proxy

Monitoring

Groups

Password Policy


Reporting







UMA Resource


Identity Store

Com

mon

RES

T AP

I

Com

mon

Use

r Int

erfa

ce

Com

mon

Aud

it/Lo

ggin

g

Com

mon

Scr

iptin

g


Common REST API Descriptor


ForgeRock Common Audit Framework

Available Audit Handlers

Handlers Publishes to

CSV CSV files

Syslog The syslog daemon

JDBC A rela7onal database

Elas7csearch An Elas7csearch store

JMS JMS topics

JSON JSON files

Splunk Splunk database


DevOps Guide Containerized Images, Cloud Orchestration and Docker / Kubernetes Samples


2H 2017 1H 2017 Platform 2017 Roadmap

5.0 Release Developer •  API Explorer for Common REST

DevOps •  DevOps Guide •  Docker Samples •  Kubernetes Samples •  Cloud Foundry Service Broker

More Audit Handlers •  Splunk, JMS, JSON Handlers

5.5 Release Platform •  ForgeRock Persistence Layer •  Common Schema

DevOps •  Docker Repository / Images •  Configuration as Artifact •  Reference Deployments

Serviceability •  Support forensics




LDAPv3 REST/JSON


Schema Management

Caching

Directory Proxy

Monitoring

Groups

Password Policy


Reporting







UMA Resource


Identity Store

Com

mon

RES

T AP

I

Com

mon

Use

r Int

erfa

ce

Com

mon

Aud

it/Lo

ggin

g

Com

mon

Scr

iptin

g


Architecture provides … •  Simpler component topology •  Elastic Architecture •  Parallel instantiations •  Phase 1: DevOps (5.0) •  Phase 2: Elastic (5.5)

AM AM AM AM

ELB

…

Autonomous Servers Cloud-friendly Architecture


DevOps Support For Automated Deployments

• AMster •  New lightweight CLI tool •  Remote configuration over REST •  Export/Import config as json

• Dynamic Boot params •  Supply boot params via

environment variables •  Great for containerization •  Docker container becomes

generic

• Keystores •  Boot passwords can be stored in

secret volumes

AMster

AM AM AM

DevOps Tool of Choice


IoT and Security Secure OAuth2 Tokens

•  OAuth2 widely used in IoT •  Bearer token security critical •  New “Proof-of-Possession” support •  Resource server can verify Access

token belongs to client

Resource Server

Authorization Server


2H 2017 1H 2017 Access Management

5.0 Release 5.5 Release Cloud •  Autonomous Servers Phase 2 – Elastic

Customer Identity •  Smart Decision Trees •  Push Authorization •  User Managed Access 2.0 / Pluggability

Securing Microservices •  Authentication Microservice •  Token Validation Microservice •  Token Exchange Microservice

Internet of Things •  OAuth2 Security Token Service •  OAuth2 Client Registration

Cloud •  DevOps Friendly CLI (Amster) •  Autonomous Servers Phase 1 - DevOps

•  CTS Session Affinity •  Docker / Kubernetes Samples

•  Cloud Foundry Service Broker

Security •  New Stateless Encryption Modes •  New Stateless Encryption Algorithms

Internet of Things •  OAuth2 Proof of Possession




LDAPv3 REST/JSON


Schema Management

Caching

Directory Proxy

Monitoring

Groups

Password Policy


Reporting







UMA Resource


Identity Store

Com

mon

RES

T AP

I

Com

mon

Use

r Int

erfa

ce

Com

mon

Aud

it/Lo

ggin

g

Com

mon

Scr

iptin

g


Social Identity Module

Select social provider for registration.

Authorize data to be shared from social provider.

Accelerate registration and build common user profile.

1 2 3


Social Identity Module Seamless Integration with ForgeRock Access Management


Profile and Consent Management User’s Ability to view and manage privacy policies

Configurable User Preference


Marketo Connector for Lead Scoring

•  Out-of-the box Connector •  Synchronize any managed user to

Marketo •  Configure through the Admin UI. •  IDM Users deselecting marketing

preference removes them from Marketo Lead database

Marketo Web service endpoint to the leads database.


Marketo

Marketo Connector for Lead Scoring

•  email •  first name •  last name •  gender •  country •  city •  locale •  time zone •  age-range •  Opt-in/opt-out •  facebook ID •  linkedIn ID •  Google ID

Total

Lead Scoring

Behaviors

Demographics

Actions/# of web clicks

Actions/opt-in/opt-out

Title

Location

Time zone

Marketo CONNECTOR


Social IDPs Q1 Q2 Q3 Q4

Google ✔

Facebook ✔

LinkedIn ✔

Yahoo ✔

Instagram ✔

Microsoft Live ✔

Foursquare ✔

Salesforce ✔

WeChat ✔

Vkontaktes ✔

RenRen ✔

Twitter ✔

Sine Weibo ✔

Wordpress ✔

Paypal ✔

Amazon ✔

Verisign ✔

Bloggger ✔

Flickr ✔

Social Registration IDPs 2017 Roadmap


Connector Q1 Q2 Q3 Q4

Marketo ✔

Docusign ✔

Eloqua ✔

SAP Hybris ✔

Adobe Marketing ✔

Demandware ✔

SCIM ✔

Shareware ✔

Interscope ✔

Neo4j ✔

Marketing Connectors 2017 Roadmap




LDAPv3 REST/JSON


Schema Management

Caching

Directory Proxy

Monitoring

Groups

Password Policy


Reporting







UMA Resource


Identity Store

Com

mon

RES

T AP

I

Com

mon

Use

r Int

erfa

ce

Com

mon

Aud

it/Lo

ggin

g

Com

mon

Scr

iptin

g


2H 2017 1H 2017 Identity Management 2017 Roadmap

5.0 Release 5.5 Release Customer Identity •  More Social Registration IDPs •  More Marketing Connectors •  Self Service Email Templates •  GDPR Profile Management

Cloud •  Dynamic Clustering •  Configuration as Artifact •  SCIM 2.0 Connector

Internet of Things •  IDM Graph Connector

Customer Identity •  Social Registration •  Consent Synchronization •  Configure AM as OIDC IDP •  Marketo Connector

Cloud •  IDM DevOps Guide •  Docker Images •  Kubernetes samples

Ease of Use •  Simplified upgrade


Identity Gateway Developer Studio Enable developers and evaluators to construct configuration artifacts

you can create routes to authenticate and authorize users' access to protected applications, and throttle the rate of requests.

Through Studio …


2H 2017 1H 2017 Identity Gateway 2017 Roadmap

5.0 Release 5.5 Release Developer •  Design Studio Phase 1 •  Filter Chains •  Conditional Filters

Cloud •  IG DevOps Guide •  Mutable / Immutable Modes •  Docker / Kubernetes samples

Customer Identity •  Support for Step-up Authentication •  SSO with AM

Developer •  Design Studio Phase 2

Cloud •  Cloud Foundry Route Services •  IG DevOps Reference Architect

Internet of Things •  AuthN/AuthZ over MQTT •  AuthN/AuthZ over COAP




LDAPv3 REST/JSON


Schema Management

Caching

Directory Proxy

Monitoring

Groups

Password Policy


Reporting







UMA Resource


Identity Store

Com

mon

RES

T AP

I

Com

mon

Use

r Int

erfa

ce

Com

mon

Aud

it/Lo

ggin

g

Com

mon

Scr

iptin

g


Identity Proxy Server Distributed Identity Architecture

The proxy provides …

•  A single point of access with choice of using REST or LDAP to access underlying LDAP databse services.

•  High service availability, hiding implementation details from LDAP client applications.

•  LDAP load balancing and failover strategies to handle referrals, connection failures, and network partitions.

•  Can be deployed with any LDAPv3 identity store.

LDAP or REST

Tenant 1

Proxy Service

Tenant 2 Tenant 3 Tenant 4

LDAP


Supporting JSON

• Added support for JSON Syntax myA$r: { "_id":"bjensen", "_rev":"123", "name": { "first": "Babs", "surname": "Jensen" }, "age": 25, "roles": [ "sales", "admin" ] }

•  JSON Validation configurable • Added JSON Matching Rules

ldapsearch … "(myA$r=age lt 30 and name/first sw ’b')"

• Can be indexed • Can be customized for finer indexing and matching • Search JSON values using Common REST query filters


2H 2017 1H 2017 Identity Store 2017 Roadmap

5.0 Release 5.5 Release Cloud / Scale •  Identity Proxy Services Phase 1 •  Docker & Kubernetes Samples •  DevOps Guide

Database •  JSON Syntax for LDAP

Directory Proxy •  Dynamic Server Discovery •  Coarse Grained Access Control •  Load Balancing

Cloud / Scale •  Core Token Service Optimization •  Replication Optimization •  DevOps Reference Architecture

Database •  Platform Persistence

Directory Proxy •  Fine Grained Access Control •  Advanced Load Balancing •  Elastic Proxy Features



Thank You

Technology

The Future is Now: The ForgeRock Identity Platform, Early 2017 Release