webinar: access management with the forgerock identity platform - so what’s new?
TRANSCRIPT
© 2016 ForgeRock. All rights reserved.
Access Management with the ForgeRock Identity Platform
So What’s New?
Andy Hall, Director of Product ManagementMarkus Weber, Senior Product Marketing Manager
© 2016 ForgeRock. All rights reserved.
• Fastest-growing open source identity security software company in the world
• Founded: 2010• Headquartered in San Francisco with offices
in 6 countries• Employees: 350+• Customers: 400+ Enterprises in 30+ countries• Global Reach: ~50% international revenue• Hybrid Revenue Model with low Churn: <5%• Funding to Date (thru Series C): $52M• Investors: Accel Partners, Foundation Capital
and Meritech Capital Partners
Key Facts Mission Statement
ForgeRock: At a Glance
The forgerock identity platform currently powers
more than 500 million identities. It is our goal to become the market leader
in digital transformation and security for enterprise
identity worldwide.
© 2016 ForgeRock. All rights reserved.
Shared Services : User Interface, Self-Service, REST API, HTTP, Scripting, Audit and Logging
Federation Synchronization
Authentication & Strong Authentication
Identity Provisioning Application & Service Gateway
Authorization & UMA Provider
Workflow Engine IoT Identity Gateway
Adaptive Risk Self-Service Password Capture & Replay
UMA Protector
Access Management Identity Management Identity Gateway
Data Store
High Availability
Data Segmentation
LDAP / REST
Directory Services
Open Standards, High Availability, On-Premises, Cloud, Hybrid
The ForgeRock Identity Platform is built from the open source projects OpenAM, OpenIDM, OpenIG and OpenDJ
The ForgeRock Identity Platform
© 2016 ForgeRock. All rights reserved.
Access ManagementThemes
• Smarter Security• Privacy and Consent• Internet of Things• Scalability and Performance• Ease of Use• Developer-friendly
© 2016 ForgeRock. All rights reserved.
Smarter SecurityAuthentication
• Mobile Authenticator App and Authentication Module
• iOS and Android• Strong 2FA based on OATH
standard• Easy to setup using QR codes• Integrated with Contextual
Authentication
© 2016 ForgeRock. All rights reserved.
Smarter SecurityAuthentication
• SAML Authentication Module• Brings federation into
authentication framework• Contextual Authentication now
applied to federated identities
© 2016 ForgeRock. All rights reserved.
Smarter SecurityContextual Authorization
• Enhanced Policy Editor supporting Scriptable Conditions
• Custom logic integrated into Policy decisions
• Supports Javascript or Groovy• REST-calls to external Policy
Information Points (PIP)
Access Management Session
Contextual Change
System Detects
New Location
System detects change during session and
requests further authentication
© 2016 ForgeRock. All rights reserved.
Smarter SecurityUniversal Authorization
• New Resource Types• Define arbitrary resource
descriptions using patterns and actions
• Policies can apply to multiple Resource Types
© 2016 ForgeRock. All rights reserved.
Smarter SecurityCommon Audit Framework
• Common Audit Framework• Complete view of activity
across all products• Extensible architecture
delivering CSV, JDBC, Syslog• Realm-specific Auditing• Fine-grained control of logging
ForgeRock Identity Platform
Common System & Activity
Logs
Access Management
Identity Management
Identity Gateway
Directory Services
© 2016 ForgeRock. All rights reserved.
Privacy and ConsentUser Managed Access
• Putting users in control of access to their data
• Fully compliant UMA Authorization Server
• REST APIs and User Resource Pages
• Supporting:• Resource Set Registration• Resource Sharing• Resource Labeling• Pending Requests• Audit history
© 2016 ForgeRock. All rights reserved.
Internet of ThingsOAuth2 Device Flow
• De-facto standard for pairing devices with user identities
• Ideal for devices with no input and limited output capabilities
• Revocation controlled by user
© 2016 ForgeRock. All rights reserved.
Scalability and ElasticityStateless Sessions
• New deployment option• Per-Realm attribute• JWT-based sessions• Ideal for Elastic Cloud-based
deployments• Massive horizontal scalability
12:00
:00 A
M
1:00:0
0 AM
2:00:0
0 AM
3:00:0
0 AM
4:00:0
0 AM
5:00:0
0 AM
6:00:0
0 AM
7:00:0
0 AM
8:00:0
0 AM
9:00:0
0 AM
10:00
:00 A
M
11:00
:00 A
M
11:59
:59 A
M
Demand
Clus
ter S
ize
Elastic Load Balancer
© 2016 ForgeRock. All rights reserved.
Ease of UseNew Administrator and End-User Interfaces
User• Rich user experience with latest XUI • Contextual tools to streamline UX• Extended self-service capabilities
Administrator• Powerful improvements to Administration
Console• Easier configuration using XUI• Realm-centric administration• Common task wizards e.g. OAuth2
Providers
© 2016 ForgeRock. All rights reserved.
Developer-friendlyForgeRock Platform Services
• More REST endpoints to extend developer flexibility
• More Scriptable extension points• Consistent and Responsive User
Interfaces• New SOAP-STS • Standards conformance
• OpenID Certified
© 2016 ForgeRock. All rights reserved.
ForgeRock Access ManagementSummary
• Smarter Security• Privacy and Consent• Internet of Things• Scalability and Performance• Ease of Use• Developer-friendly