webinar: forgerock identity platform preview (dec 2015)

Copyright © 2015 ForgeRock, all rights reserved. 1

ForgeRock Identity Platform- A Sneak Preview -

Markus WeberSenior Product Marketing Manager


Agenda

Topic Speaker

Intro and ForgeRock OverviewForgeRock Identity PlatformShared Services across the PlatformIdentity ManagementDirectory ServicesAccess ManagementIdentity GatewayQ & A

Markus WeberMarkus WeberMarkus WeberTim SedlackLudovic PoitouAndy HallLudovic PoitouAll


Founded: 2010 Headquartered in San Francisco with

offices in 6 countries Employees: 350+ Customers: 450+ in 30+ countries Global Reach: 50% international revenue Investors: Accel Partners, Foundation

Capital and Meritech Capital Partners

Key Facts Mission Statement

THE FORGEROCK IDENTITY PLATFORM CURRENTLY POWERS

MORE THAN 500 MILLION IDENTITIES. IT IS OUR GOAL TO

BECOME THE MARKET LEADER IN DIGITAL TRANSFORMATION AND

SECURITY FOR ENTERPRISE IDENTITY WORLDWIDE.

ForgeRock: At a Glance


Legacy World:

• Employee Scale

• Users Only

• “Doorway” Security

• Identity Fragments

• Static Relationships

• Months/Years

• Massive integration

• High TCO

ForgeRock World:

• IoT Scale

• Users, Things, Services

• Continuous Security

• Single View of Customer

• Contextual Relationships

• Weeks/ Months

• Pre-integrated

• Low TCO

The ForgeRock Difference


Shared Services : User Interface, Self-Service, REST API, HTTP, Scripting, Audit and Logging

Federation Synchronization

Authentication & Strong Authentication

Identity Provisioning Application & Service Gateway

Authorization & UMA Provider

Workflow Engine IoT Identity Gateway

Adaptive Risk Self-Service Password Capture & Replay

UMA Protector

Access Management Identity Management Identity Gateway

Data Store

High Availability

Data Segmentation

LDAP / REST

Directory Services

Open Standards, High Availability, On-Premises, Cloud, Hybrid

Single Integrated, Open Platform

ForgeRock Identity Platform


Shared Services : User Interface, Self-Service, REST API, HTTP, Scripting, Audit and Logging

Federation Synchronization

Authentication & Strong Authentication

Identity Provisioning Application & Service Gateway

Authorization & UMA Provider

Workflow Engine IoT Identity Gateway

Adaptive Risk Self-Service Password Capture & Replay

UMA Protector

Data Store

High Availability

Data Segmentation

LDAP / REST

Open Standards, High Availability, On-Premises, Cloud, Hybrid

Single Integrated, Open Platform

ForgeRock Identity Platform

Copyright © 2015 ForgeRock, all rights reserved.

Shared Services

Markus WeberSenior Product Marketing Manager


Need For Common ServicesBuilding an App is Complex

Core Application Services

REST APIs

Authentication

Logging Configuration

Business Logic and Extensions

User Interface Mobile Apps

UI Framework Client SDK

Dev

elop

er S

ervi

ces

HTT

P Se

rvic

es

Database


ForgeRock CommonsSimplify, Standardize App Development


Common REST (CREST)

Common AuthN Framework

Commons Audit Configuration

Common Scripting


ForgeRock UI Mobile SDK

API

Des

crip

tor

OpenDJ

Com

mon

HTT

P F

ram

ewor

k


Commons Projects ForgeRock REST (CREST) HTTP Framework REST End-Point Protection (Auth Filters) Scripting API Descriptor Audit UI Framework Self-Service


Common REST (CREST)

Common AuthN Framework

Commons Audit Configuration

Common Scripting


ForgeRock UI Mobile SDK

API

Des

crip

tor

OpenDJ

Com

mon

HTT

P F

ram

ewor

k


Identity ManagementTim Sedlack,Senior Product Manager,OpenIDM


OpenIDM – Identity Management

Seamlessly manage identities of users, devices and things across all channels, on premises, in the cloud and on mobile

• Identity Provisioning• User Self – Service• Password Management• Synchronization and Reconciliation• Customizable workflow engine• Connector framework

• REST based• Lightweight and embeddable• Pluggable / modular design• Developer friendly – hooks/scripting• High capacity / high scale• Open Source

Simple, flexible, open source identity management to handle the lifecycle of identity for users, devices and things


OpenIDM – Self Service and Password Mgmt

Customizable Process and UI Pluggable processing chain – reCaptcha, email, KBA out of the box Workflow enabled throughout the process Bootstrap (commons) based UI for easy customization

4 standard functions Registration Password Reset Forgotten User Name Profile Management


OpenIDM – Developer and DevOps friendly!

Developer oriented REST first design APIs, Hooks, Script points, pluggable, modular

Use what only what you need Preconfigured examples provided – more than 35 samples

Configuration management the way you want it Self-contained configuration started with a –p option Manage over REST, file based, or through the Admin GUI


OpenIDM – Identity Standardization Collect data from various sources

On-Prem: Databases, HR, Files, AD, etc Cloud: SAAS applications, IDPs, etc

Centralize, normalize all identity data 360 degree view of customers (or employees, or devices, or whatever) Single place to go (view) for all collected data

Insert workflow into the process Automated email, point in time calculations, etc Request/approval framework Certification process


Directory ServicesLudovic Poitou,Director France, Product Manager,OpenDJ


Database Backends

New backend called “PDB” Local-backend moved to

similar structure, called “JE” Better disk efficiency Better performances Tuned for Oauth2 and

OpenID Connect services


Replication Improvements

New Replication ChangeLog Less disk utilization Smarter cleanup

High Availability and Failover for “cn=changelog”


Several improvements

Certificate Matching Rules & GSER (Community Contribution)

PKCS5S2 Password Storage New privilege to access cn=Changelog New audit capabilities

(across ForgeRock platform)


Access ManagementAndy Hall,Director of Product Management,OpenAM


Smarter SecurityAuthentication

ForgeRock Authenticator App and Authentication Module iOS and Android Strong 2FA based on OATH standard Easy to setup using QR codes Integrated with Contextual Authentication

SAML Authentication Module Easy integration of federated identity into

authentication framework Contextual Authentication now applied to

federated identities


Smarter SecurityAuthorization

Contextual Authorization Enhanced Policy Editor supporting

Scriptable Conditions Custom logic integrated into Policy

decisions Supports Javascript or Groovy REST-calls to external Policy

Information Points (PIP) New Resource Types

Define arbitrary types and actions Fine-grained policy definitions

OpenAM Session

Contextual Change

System Detects

New Location

System detects change during session and

requests further authentication


Privacy and ConsentUser Managed Access

Putting users in control of access to their data

Fully compliant UMA Authorization Server

REST APIs and User Resource Pages Supporting:

Resource Set Registration Resource Sharing Resource Labeling Pending Requests Audit history


Scalability and ElasticityStateless Sessions

New deployment option Per-Realm attribute JWT-based sessions Ideal for Elastic Cloud-based

deployments Massive horizontal scalability

12:00

:00 A

M

1:00:0

0 AM

2:00:0

0 AM

3:00:0

0 AM

4:00:0

0 AM

5:00:0

0 AM

6:00:0

0 AM

7:00:0

0 AM

8:00:0

0 AM

9:00:0

0 AM

10:00

:00 A

M

11:00

:00 A

M

11:59

:59 A

M

Demand

Clus

ter S

ize

Internet

Elastic Load Balancer


Identity GatewayLudovic Poitou,Director France, Product Manager,OpenIG


Identity Gateway

Improved support for OpenID Connect Discovery Registration

Centralized Authorization Policywith OpenAM

Simplified Password Replay


OpenIG as API Gateway

Throttling Global Per protected API or Application

Monitoring Status Throughput and Response Times statistics

Auditing


Other Improvements

Security Control of TLS protocols and

cipher suites Mobile Gateway

Token exchange from OAuth2 to SAMLv2

Better scalability and performances Improved ease of configuration


Where in the World is ForgeRock?

RSA Conference 29 February – 4 March 2016San Francisco, CA

Gartner IAM Summit14 – 15 March 2016London, UK Visit forgerock.com


Q & A

webinar: forgerock identity platform preview (dec 2015)

Technology