Directory Services with the ForgeRock Identity Platform - So What’s New?
Transcript of Directory Services with the ForgeRock Identity Platform - So What’s New?
© 2016 ForgeRock. All rights reserved.
Directory Services with the ForgeRock Identity Platform - So What’s New?
• Ludovic Poitou – Product Manager• Rob MacDonald, Product Marketing Director
© 2016 ForgeRock. All rights reserved.
2010 Founded
10 Offices worldwide with headquarters in San Francisco
350+ Employees
450+ Customers
30+ Countries
$52M Funding to date (thru Series C) by Accel Partners, Foundation Capital and Meritech Capital Partners
ForgeRock is the leading, next-generation, identity security software platform.
© 2016 ForgeRock. All rights reserved.
Perimeter-Based Security Identity-Centric Security
Enables Digital Business
Untrusted
Trusted
Inhibits Digital Business
Old Security Model is Broken. Security Must Now Be Identity-Based.
Enables Digital BusinessInhibits Digital Business
© 2016 ForgeRock. All rights reserved.
Changes are adding Complexity
Employees
Employees &Partners
PerimeterPerimeter Federation
Things
Perimeter-lessFederation
CloudSaaS
Mobility
Consumers
Perimeter-lessFederation
Cloud / SaaS
Com
plex
ity o
f Sca
le
Complexity of Experience
© 2016 ForgeRock. All rights reserved.
Identity Access ManagementCustomers(millions)
On-premises
People
Applicationsand data
PCsEndpoints
Workforce(thousands)
Partners andSuppliers
Customers(millions)
On-premises PublicCloud
PrivateCloud
People
Things(Tens of millions)
Applicationsand data
PCs PhonesTabletsSmart
WatchesEndpoints
Forrester Report Nov 2015: Market Overview: Customer Identity And Access Management (CIAM) Solutions
Identity Relationship Management
Business Has Changed: Enterprises Now Require Identity Relationship Management (IRM)
Business Has Changed: Enterprises Now Require Identity Relationship Management (IRM)
© 2016 ForgeRock. All rights reserved.
ForgeRockA Unified, Agile Platform Approach
Legacy SoftwareAcquisition Architecture
Niche Vendors
Component Strategy
FINE-GRAINEDENTITLEMENTS …ADAPTIVE
AUTHNIDENTITY
MANAGEMENTACCESS
MANAGEMENT
IDENTITYFEDERATION
DIRECTORY SERVICES
AUTHORIZATIONSERVICES ? …
IDENTITY PLATFORMAccess Management | Identity ManagementDirectory Services | Mobile and API Gateway
ForgeRock PLATFORM
© 2016 ForgeRock. All rights reserved.
Enterprise AppsMobile Apps Things Cloud
Single Architecture | Next Generation | Open | Chip-to-Cloud Deployments | IRM
Identity ManagementAccess Management Directory Services Identity Gateway
Platform Strategy
© 2016 ForgeRock. All rights reserved.
Shared Services : User Interface, Self-Service, REST API, HTTP, Scripting, Audit and Logging
Federation Synchronization
Authentication & Strong Authentication Identity Provisioning Application & Service Gateway
Authorization & UMA Provider Workflow Engine IoT Identity Gateway
Adaptive Risk Self-Service Password Capture & Replay
UMA Protector
Access Management Identity Management Identity Gateway
Data Store
High Availability
Data Segmentation
LDAP / REST
Directory Services
Open Standards, High Availability, On-Premises, Cloud, Hybrid
The ForgeRock Identity Platform is built from the open source projects OpenAM, OpenIDM, OpenIG and OpenDJ
The ForgeRock Identity Platform
© 2016 ForgeRock. All rights reserved.
Directory Services – Core Capabilities
Data Store
High Availability
Multi-Master Replication
Rest & LDAP
© 2016 ForgeRock. All rights reserved.
REST/JSONAccess Control
GroupsLDAPv3
Caching
Schema Management
Monitoring
Audit LoggingServices Layer
Password Policies
Backend Services Persistence LDIF
Change LogReplication
Dynamic Attributes
Access Layer ForgeRock REST OpenDJ SDK LDAPv3 DSML
Admin ConsoleUI Layer
ForgeRock Identity Platform: Directory Services
© 2016 ForgeRock. All rights reserved.
Database Backend
• New backend called “PDB”• Local-backend moved to
similar structure, called “JE”• Better disk efficiency• Better performances• Tuned for OAuth2 and
OpenID Connect services
© 2016 ForgeRock. All rights reserved.
Replication Improvements
• New Replication ChangeLog • Less disk utilization• Smarter cleanup
• High Availability and Failover for “cn=changelog”
© 2016 ForgeRock. All rights reserved. 13
Splitting Binaries from Data
• At Setup• How ? instance.loc• Still 1 instance for 1 set of
binaries
© 2016 ForgeRock. All rights reserved.
Other improvements
• Certificate Matching Rules & GSER (Community Contribution)
• PKCS5S2 Password Storage• New privilege to access cn=Changelog• Password Update with REST to LDAP• New audit capabilities
(across ForgeRock platform)
© 2016 ForgeRock. All rights reserved.
Demo
© 2016 ForgeRock. All rights reserved.
summits.forgerock.com
© 2016 ForgeRock. All rights reserved.
Thank You