Business, education, and government institutions use identity management platforms to regulate the identities of individuals and devices,and their associated attributes, credentials, and entitlements organization-wide. Today, identity relationship management is necessary both on and off-premises, increasingly important for managing users and their devices in mobile, social, and cloud environments. Legacy identity management solutions were not built for cloud compatibility, device-agnostic access, high volume, or customer engagement, and most were built by acquisition, rather than designed to work as a cohesive whole. This makes them inherently:

Solutions must be flexible enough to support new customer-facing mobile, social, web, and cloud app projects, while providing tegration with legacy systems. Platforms should be purpose-built to work together anywhere, so clients are never saddled with the costs of acquisitions. Agile organizations need solutions that are:

Identifying and targeting these solution benefits is especially critical now, during this transition period from traditional, on-premises IAM to mobile, social, web, and cloud-compatible IRM platforms, as businesses make decisions about their future identity strategies. Making a great identity decision will not merely protect company and customer data; it will allow the organization to shift away from the burden of supporting legacy systems, to investment in solutions that accelerate innovation and drive top-line growth.

ForgeRock Access Management, part of the ForgeRock Identity Platform™, is a single, unified solution that provides the most comprehensive and flexible set of services required for consumer facing identity and access management as well as traditional access management capabilities.

What legacy identity vendors have traditionally delivered as several different products – single sign-on (SSO), social sign-on, adaptive authentication, strong and mobile authentication, federation, self-service, adaptive risk, web services security, fine-grained authorization, and so on – is delivered by ForgeRock as a single, unified offering. Organizations can use the access control services they need in a centralized way, and simply “turn on” additional services when ready.

The solution has a unique architecture to support use cases from complex consumer applications with devices and connected things, to multi-protocol federation, to enabling SSO for cloud systems, to enterprise access control, to securing machine-to-machine solutions using microservices. It is especially well-suited for external, customer-facing access requirements. At the highest level, ForgeRock Access Management consists of a single, self-contained Java application, service components such as stateful or stateless session management, client-side APIs and REST, service provider interfaces to enable custom plugins, and policy agents for web and access policies to protect web sites and web applications.

Organizations with existing internal access management solutions can easily integrate ForgeRock Access Management into their environment through API services or through the token translation service. Maintaining all installation and configuration capabilities within one application vastly simplifies deployment of new internally or externally facing services. In addition, agent configuration, server configuration, and other tasks are simplified so they are repeatable and scalable, making it easy to deploy multiple instances of the solution without additional effort. And with support for DevOps and dynamic cloud architectures, ForgeRock Access Management offers push-button deployment, enabling continuous delivery and elastic deployments that dynamically scale for demand peaks and troughs. The embedded ForgeRock Directory Services eliminates the need to configure a separate directory to support the configuration and user stores; if desired, users can utilize other directories such as Active Directory, DSEE or databases.

ForgeRock Directory Services, part of the ForgeRock Identity Platform™, is a lightweight, embeddable directory that can easily share real-time customer, device, and user identity data across enterprise, cloud, social, and mobile environments. Core to the management of identity information, ForgeRock Directory Services are used in many different use ases—whether for large-scale cloud ervice directories, consumer-facing directories, or enterprise or network operating system (NOS) directories.

With an 100% Java code base, ForgeRock Directory Services runs on many platforms, including virtualized environments. All software and data are architecture-independent, so migration to a different OS or a different server is as simple as copying an instance to the new server. This increases the deployment flexibility, as well as the portability between different operating systems and system architectures.

Recognizing the complexity of traditional identity data access, ForgeRock Directory Services provides developers with new options. Developers no longer need to be LDAP experts. ForgeRock Directory Services lets developers choose either LDAP or REST to access identity data, using a single solution that can replicate data across on-premises and off-premises applications. ForgeRock Directory Services combines the security of a proven directory with the accessibility of a database.

ForgeRock Identity Management, part of the ForgeRock Identity Platform™, is built from the OpenIDM and OpenICF open source projects, and is an identity administration and provisioning solution focused on managing relationships across people, services, and things, designed in response to the pain organizations suffer deploying legacy enterprise provisioning solutions. These mostly proprietary solutions are monolithic, heavyweight, painfully slow to deploy, and outrageously expensive; furthermore, they are not prepared for today’s organizational needs, like connecting to cloud infrastructure and internet-connected devices and things. Unlike legacy identity management solutions, ForgeRock Identity Management is the only 100% commercial open source, lightweight, provisioning solution purposebuilt for internet scale.

ForgeRock Identity Management is a modular, plug-and-play identity service so you consume only what you need. In addition, it has a well-defined and simple REST API that is ideal for anyone in need of provisioning across enterprise, cloud, social, and mobile environments.

Utilizing a Java-based architecture that is built on the OSGi framework and therefore (See ForgeRock Identity Management Architecture) is able to provide lightweight, modular services such as automated workflow, user self-service and profile management, social registration, password sync, data reconciliation, and audit logging, all accessible through developerfriendly REST APIs, using standard Java development tools such as Eclipse, NetBeans, Spring, etc.

Providing multi-layered provisioning activities through an embedded workflow and business process engine based on Activiti and the Business Process Model and Notation (BPMN) 2.0 standard. The modular design enables complete flexibility to use the embedded workflow engine and a database or replace these technologies with your selected platforms and services. Designed to have a small footprint, the entire service can itself be completely embedded and custom-tooled to the requirements of the target applications or services. Manage all of your identity sources: external systems, databases, directory servers, and other sources of identity through the built in identity connector framework, eliminating the need to rip and replace data stores.

Historically, the reason for building an internal enterprise user administration and provisioning system was to connect to the HR system. Now, organizations can support both internal employee systems and large-scale customer-facing applications for registration, user selfservice, password reset, and user profile management. The object model is designed to support methods the organization chooses to manage identity information of groups, people, services, and things. Configure the solution to create a virtual identity with links to external systems (data sparse model) or to create a meta-directory that centrally stores (data full a copy of identity attributes including virtual links to other external systems.

ForgeRock Identity Gateway is an incredibly lightweight, flexible and high performance identity gateway that can provide identity services to any web traffic. Built from open source project, and part of the ForgeRock Identity Platform™, the ForgeRock Identity Gateway is, in its simplest form and most basic configuration, a Java-based reverse proxy that runs as a web application. It routes all HTTP web traffic to protected applications through a centralized gateway, verifying the validity of messages, enabling the close inspection, transformation and filtering of each request. In simpler terms, ForgeRock Identity Gateway checks the identity of web traffic as it passes through, stopping those without permissions and letting the rest pass. By enforcing rules, it can determine who, what and when access is allowed to which resource.

Acting as a bridge between legacy and or modern web applications and the identity management platform, the ForgeRock Identity Gateway enables IT to transition the identity integration of the app from legacy to modern. The Identity Gateway identity-enables any target application via OAuth2, OpenID Connect or SAML2. The token transformation and password replay capabilities bridges identity to how the application requires – without installing anything with the target application.

The internet of things (IoT) is revolutionizing industries with connected devices creating a complex web of captured data. These connected devices can streamline processes and allow companies to create innovative operational architectures, but it is not without risk. As systems begin to operate autonomously with automated decisions, it is necessary that IoT devices are trusted and their data is secured. If an automated system is fed incorrect data, whether innocently through simply misidentifying a device, or with bad intentions through falsification, the whole integrity of the system is compromised. This is where ForgeRock Edge Security comes to the rescue.

ForgeRock Edge Security offers identity-driven security by creating trusted identities, and ensuring the ongoing authenticity and authorization of connected devices and their transactions or data streams. Combined with the existing ForgeRock Identity Platform, the new capabilities support highly trusted authentication and granular relationship-based authorization decisions for common IoT design patterns, including device-to-device, device-to-service (i.e. cloud and/or microservice), and user-to-device, among others.

ForgeRock Edge Security can help you close the IoT security gap and build a foundation for trusted identity relationships with a secure solution that includes contextual security, open standards, and IoT-grade scalability.