Copyright © 2015 ForgeRock, all rights reserved. 1
ForgeRock Identity Platform- A Sneak Preview -
Markus WeberSenior Product Marketing Manager
Copyright © 2015 ForgeRock, all rights reserved. 2
Agenda
Topic Speaker
Intro and ForgeRock OverviewForgeRock Identity PlatformShared Services across the PlatformIdentity ManagementDirectory ServicesAccess ManagementIdentity GatewayQ & A
Markus WeberMarkus WeberMarkus WeberTim SedlackLudovic PoitouAndy HallLudovic PoitouAll
Copyright © 2015 ForgeRock, all rights reserved. 3
Founded: 2010 Headquartered in San Francisco with
offices in 6 countries Employees: 350+ Customers: 450+ in 30+ countries Global Reach: 50% international revenue Investors: Accel Partners, Foundation
Capital and Meritech Capital Partners
Key Facts Mission Statement
THE FORGEROCK IDENTITY PLATFORM CURRENTLY POWERS
MORE THAN 500 MILLION IDENTITIES. IT IS OUR GOAL TO
BECOME THE MARKET LEADER IN DIGITAL TRANSFORMATION AND
SECURITY FOR ENTERPRISE IDENTITY WORLDWIDE.
ForgeRock: At a Glance
Copyright © 2015 ForgeRock, all rights reserved. 4
Legacy World:
• Employee Scale
• Users Only
• “Doorway” Security
• Identity Fragments
• Static Relationships
• Months/Years
• Massive integration
• High TCO
ForgeRock World:
• IoT Scale
• Users, Things, Services
• Continuous Security
• Single View of Customer
• Contextual Relationships
• Weeks/ Months
• Pre-integrated
• Low TCO
The ForgeRock Difference
Copyright © 2015 ForgeRock, all rights reserved. 5
Shared Services : User Interface, Self-Service, REST API, HTTP, Scripting, Audit and Logging
Federation Synchronization
Authentication & Strong Authentication
Identity Provisioning Application & Service Gateway
Authorization & UMA Provider
Workflow Engine IoT Identity Gateway
Adaptive Risk Self-Service Password Capture & Replay
UMA Protector
Access Management Identity Management Identity Gateway
Data Store
High Availability
Data Segmentation
LDAP / REST
Directory Services
Open Standards, High Availability, On-Premises, Cloud, Hybrid
Single Integrated, Open Platform
ForgeRock Identity Platform
Copyright © 2015 ForgeRock, all rights reserved. 6
Shared Services : User Interface, Self-Service, REST API, HTTP, Scripting, Audit and Logging
Federation Synchronization
Authentication & Strong Authentication
Identity Provisioning Application & Service Gateway
Authorization & UMA Provider
Workflow Engine IoT Identity Gateway
Adaptive Risk Self-Service Password Capture & Replay
UMA Protector
Data Store
High Availability
Data Segmentation
LDAP / REST
Open Standards, High Availability, On-Premises, Cloud, Hybrid
Single Integrated, Open Platform
ForgeRock Identity Platform
Copyright © 2015 ForgeRock, all rights reserved.
Shared Services
Markus WeberSenior Product Marketing Manager
Copyright © 2015 ForgeRock, all rights reserved. 8
Need For Common ServicesBuilding an App is Complex
Core Application Services
REST APIs
Authentication
Logging Configuration
Business Logic and Extensions
User Interface Mobile Apps
UI Framework Client SDK
Dev
elop
er S
ervi
ces
HTT
P Se
rvic
es
Database
Copyright © 2015 ForgeRock, all rights reserved. 9
ForgeRock CommonsSimplify, Standardize App Development
Core Application Services
Common REST (CREST)
Common AuthN Framework
Commons Audit Configuration
Common Scripting
User Interface Mobile Apps
ForgeRock UI Mobile SDK
API
Des
crip
tor
OpenDJ
Com
mon
HTT
P F
ram
ewor
k
Copyright © 2015 ForgeRock, all rights reserved. 10
Commons Projects ForgeRock REST (CREST) HTTP Framework REST End-Point Protection (Auth Filters) Scripting API Descriptor Audit UI Framework Self-Service
Core Application Services
Common REST (CREST)
Common AuthN Framework
Commons Audit Configuration
Common Scripting
User Interface Mobile Apps
ForgeRock UI Mobile SDK
API
Des
crip
tor
OpenDJ
Com
mon
HTT
P F
ram
ewor
k
Copyright © 2015 ForgeRock, all rights reserved.
Identity ManagementTim Sedlack,Senior Product Manager,OpenIDM
Copyright © 2015 ForgeRock, all rights reserved. 12
OpenIDM – Identity Management
Seamlessly manage identities of users, devices and things across all channels, on premises, in the cloud and on mobile
• Identity Provisioning• User Self – Service• Password Management• Synchronization and Reconciliation• Customizable workflow engine• Connector framework
• REST based• Lightweight and embeddable• Pluggable / modular design• Developer friendly – hooks/scripting• High capacity / high scale• Open Source
Simple, flexible, open source identity management to handle the lifecycle of identity for users, devices and things
Copyright © 2015 ForgeRock, all rights reserved. 13
OpenIDM – Self Service and Password Mgmt
Customizable Process and UI Pluggable processing chain – reCaptcha, email, KBA out of the box Workflow enabled throughout the process Bootstrap (commons) based UI for easy customization
4 standard functions Registration Password Reset Forgotten User Name Profile Management
Copyright © 2015 ForgeRock, all rights reserved. 14
OpenIDM – Developer and DevOps friendly!
Developer oriented REST first design APIs, Hooks, Script points, pluggable, modular
Use what only what you need Preconfigured examples provided – more than 35 samples
Configuration management the way you want it Self-contained configuration started with a –p option Manage over REST, file based, or through the Admin GUI
Copyright © 2015 ForgeRock, all rights reserved. 15
OpenIDM – Identity Standardization Collect data from various sources
On-Prem: Databases, HR, Files, AD, etc Cloud: SAAS applications, IDPs, etc
Centralize, normalize all identity data 360 degree view of customers (or employees, or devices, or whatever) Single place to go (view) for all collected data
Insert workflow into the process Automated email, point in time calculations, etc Request/approval framework Certification process
Copyright © 2015 ForgeRock, all rights reserved.
Directory ServicesLudovic Poitou,Director France, Product Manager,OpenDJ
Copyright © 2015 ForgeRock, all rights reserved. 17
Database Backends
New backend called “PDB” Local-backend moved to
similar structure, called “JE” Better disk efficiency Better performances Tuned for Oauth2 and
OpenID Connect services
Copyright © 2015 ForgeRock, all rights reserved. 18
Replication Improvements
New Replication ChangeLog Less disk utilization Smarter cleanup
High Availability and Failover for “cn=changelog”
Copyright © 2015 ForgeRock, all rights reserved. 19
Several improvements
Certificate Matching Rules & GSER (Community Contribution)
PKCS5S2 Password Storage New privilege to access cn=Changelog New audit capabilities
(across ForgeRock platform)
Copyright © 2015 ForgeRock, all rights reserved.
Access ManagementAndy Hall,Director of Product Management,OpenAM
Copyright © 2015 ForgeRock, all rights reserved. 21
Smarter SecurityAuthentication
ForgeRock Authenticator App and Authentication Module iOS and Android Strong 2FA based on OATH standard Easy to setup using QR codes Integrated with Contextual Authentication
SAML Authentication Module Easy integration of federated identity into
authentication framework Contextual Authentication now applied to
federated identities
Copyright © 2015 ForgeRock, all rights reserved. 22
Smarter SecurityAuthorization
Contextual Authorization Enhanced Policy Editor supporting
Scriptable Conditions Custom logic integrated into Policy
decisions Supports Javascript or Groovy REST-calls to external Policy
Information Points (PIP) New Resource Types
Define arbitrary types and actions Fine-grained policy definitions
OpenAM Session
Contextual Change
System Detects
New Location
System detects change during session and
requests further authentication
Copyright © 2015 ForgeRock, all rights reserved. 23
Privacy and ConsentUser Managed Access
Putting users in control of access to their data
Fully compliant UMA Authorization Server
REST APIs and User Resource Pages Supporting:
Resource Set Registration Resource Sharing Resource Labeling Pending Requests Audit history
Copyright © 2015 ForgeRock, all rights reserved. 24
Scalability and ElasticityStateless Sessions
New deployment option Per-Realm attribute JWT-based sessions Ideal for Elastic Cloud-based
deployments Massive horizontal scalability
12:00
:00 A
M
1:00:0
0 AM
2:00:0
0 AM
3:00:0
0 AM
4:00:0
0 AM
5:00:0
0 AM
6:00:0
0 AM
7:00:0
0 AM
8:00:0
0 AM
9:00:0
0 AM
10:00
:00 A
M
11:00
:00 A
M
11:59
:59 A
M
Demand
Clus
ter S
ize
Internet
Elastic Load Balancer
Copyright © 2015 ForgeRock, all rights reserved.
Identity GatewayLudovic Poitou,Director France, Product Manager,OpenIG
Copyright © 2015 ForgeRock, all rights reserved. 26
Identity Gateway
Improved support for OpenID Connect Discovery Registration
Centralized Authorization Policywith OpenAM
Simplified Password Replay
Copyright © 2015 ForgeRock, all rights reserved. 27
OpenIG as API Gateway
Throttling Global Per protected API or Application
Monitoring Status Throughput and Response Times statistics
Auditing
Copyright © 2015 ForgeRock, all rights reserved. 28
Other Improvements
Security Control of TLS protocols and
cipher suites Mobile Gateway
Token exchange from OAuth2 to SAMLv2
Better scalability and performances Improved ease of configuration
Copyright © 2015 ForgeRock, all rights reserved. 29
Where in the World is ForgeRock?
RSA Conference 29 February – 4 March 2016San Francisco, CA
Gartner IAM Summit14 – 15 March 2016London, UK Visit forgerock.com
Copyright © 2015 ForgeRock, all rights reserved. 30
Q & A
Top Related