ForgeRock Identity Platform

The ForgeRock Identity Platform addresses the complex challenge of managing identities and access across diverse systems and users by providing a unified, comprehensive solution for access management, identity management, user-managed access, directory services, and an identity gateway.

Technically, the platform is composed of several key modules, including ForgeRock Access Management (AM), Identity Management (IDM), Directory Services (DS), and the Identity Gateway (IG). These modules can be deployed in containers on various Kubernetes platforms such as Google Kubernetes Engine (GKE), Amazon Elastic Kubernetes Service (Amazon EKS), Microsoft Azure Kubernetes Service (AKS), and IBM RedHat OpenShift. ForgeRock provides a reference toolset in the forgeops Git repository to automate the deployment of these components, ensuring interoperability and consistency across different environments.

Operationally, customers are responsible for building and running containers using supported operating systems and software dependencies. While ForgeRock offers reference Docker images for testing and development, these should not be used in production environments. The platform also supports high-availability configurations through external configuration stores in ForgeRock Directory Services and secure token services that bridge identities across web and enterprise IAM systems.

Key technical details include the use of the OAuth 2.0 authorization framework for standards-based authorization, particularly in IoT scenarios, and conformance to the UMA 2.0 standard for federated authorization and customer-centric use cases. The platform's Common REST API provides a unified way to access web resources and collections of resources across the platform. However, operational considerations include the need for a support contract with the Kubernetes platform vendor to address infrastructure-related issues, and the potential for increased complexity in managing multiple identity stores and synchronization processes.