Technology Trends

ForgeRock Tops KuppingerCole Leadership Compass for CIAM

Once again, ForgeRock’s Customer Identity and Access Management solution has been recognized as a leader for its ability to help companies deliver exceptional digital experiences while ensuring that security, privacy, and compliance needs are met.  

This time, the honor comes from KuppingerCole, who named ForgeRock an overall leader in the KuppingerCole CIAM Platforms Leadership Compass Report, 2020. In the report, ForgeRock leads the way in product, innovation, market, and overall categories. 

This is the third time in less than two months that our solution has been named by a major industry analyst firm as a leader. This recognition triple crown is a direct result of our commitment to helping people access the connected world safely and simply. It’s what gets us up everyday and keeps us innovating year after year. 

The report gave us high marks for our full suite of identity and access management (IAM) products, including Access Management, Identity Governance, and Privacy and Consent Management. Our approach enables companies to offer consumers amazing personalized digital experiences while protecting their personal information. As KuppingerCole affirms, this is a requirement for any organization seeking a CIAM platform. 

We couldn’t be more pleased with this vote of confidence from KuppingerCole. Take a look at the report and see for yourself why we’re leading the consumer identity space. 

Go ForgeRock!


A 2019 Visionary in Access Management Is Now a 2020 Leader

CEO Perspective 

Gartner has just published the 2020 Gartner Magic Quadrant for Access Management* report, which includes the latest deep marketplace insights on this rapidly evolving sector. 

In the 2020 Gartner Magic Quadrant for Access Management, ForgeRock has just been named a Leader. We were scored among the highest 3 scores across all use cases in the 2020 Critical Capabilities for Access Management.

We believe this is a testament to our philosophy of increasing the pace of innovation while remaining customer focused. In the last 12 months, we have made significant improvements to our Identity Access Management (IAM) platform to move from visionary in 2019 to a leader in 2020. Now, ForgeRock has dozens of new features in our flagship IAM platform, including revolutionary drag-and-drop access trees that help our customers create user journeys faster than ever.

Access management is at the heart of today’s digital ecosystem. Users of all types, consumers, workforce, and things, demand seamless and secure access to applications, services, and resources anytime, anywhere, using any device without disruption and at scale. 

To support these requirements, organizations need to offer easy access while ensuring people can only access what they should. Additionally, given the rise in malicious activity, organizations also need an IAM solution that provides strict security standards that uphold user trust and brand reputation.

ForgeRock provides a single integrated digital identity platform that fuels its entire suite of products and gives organizations a kickstart to convergence. Organizations can use ForgeRock’s modern AI-driven platform as they transition from their legacy solutions. Whether users sign on from a mobile device, connected car, home appliance, or the next innovation, ForgeRock enables a safe and exceptional digital experience.

We believe the report will help IT decision-makers select a partner that supports modern digital identity requirements driven by dynamic and expanding business demands.

Get the right access management solution for your organization. Read the report now.


*Gartner “Magic Quadrant for Access Management” by analysts Michael Kelley, Abhyuday Data and Henrique Teixeira. November 17, 2020. 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from ForgeRock. 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


Consumers Want Easy Access Not Login Red Tape

Results from The New Normal: Living Life Online Volume 2 

We’ve been examining the significant changes in online consumer behavior to ascertain what companies should be doing to help people access the connected world knowing that remote life won’t be going away any time soon. Our first report, ForgeRock New Normal: Living Life Online, provided a look into how the COVID-19 pandemic has permanently changed the way consumers plan to use apps and services. We followed that up with insights about voter preferences and made an appeal for governments to strongly consider digital voting. And now for the sequel, which takes a closer look at what makes people tick when it comes to digital experiences.

In volume 2 of our New Normal report: Living Life Online, we discuss how the rapid adoption of digital platforms affects consumer preferences when it comes to online experiences, including how they register and login and what features are most important for retaining their loyalty. Consumers will not tolerate a tedious registration process or ongoing authentication slowing them down. In fact, they believe being locked out of an account is more infuriating than running out of toilet paper or forgetting their mask at home. We also saw that respondents are beginning to value the apps and services that protect their personal data, but they still want to be recognized and offered a personalized experience. In our new online-centered world, organizations must address these priorities that have typically been at odds with each other.

Here are some key findings from Vol. 2:

  • Almost half of consumers (46%) said they wouldn’t register for a new account if it was too difficult to sign up.
  • Consumers have a short fuse when it comes to poor digital experiences, with 35% cancelling or deleting an app if they have trouble logging in, while 32% said they would switch to a competitive service or app.
  • Getting locked out of accounts is more frustrating for nearly three-quarters (72%) of consumers than forgetting their mask at home (44%) or not finding toilet paper at the store (51%).
  • Globally, consumers are turning away from traditional passwords and usernames, preferring passwordless authentication options like biometrics or multifactor authentication (MFA) to log in where available (57%).
  • Consumers said preventing their data from being resold to third parties is a top priority when considering app features (70%).

So what does this mean for organizations trying to engage with consumers in this new world? Consumers are demanding smooth, uncomplicated experiences. Organizations across industries have their work cut out for them if they want to keep up with rising consumer expectations for a simple, frictionless digital experience. Identity is the key to making sure that every customer can register, access and transact easily.

A well planned consumer identity strategy can make tailoring the user’s onboarding experience to match the right risk and friction levels easy to accomplish. This gives less risky users a smooth, drama free registration process, while riskier users or bad actors will encounter extra steps to acquire access. 

A proper identity infrastructure also allows you to streamline the user authentication process, providing a context driven, passwordless authentication experience. If the system understands context it can determine the best possible way to safely authenticate a user at that moment. This ensures that the user never encounters more friction than is necessary to secure the service they are accessing. With the right identity solution, you can support exceptional login experiences like single sign on (SSO) to your applications and services for your consumers.

Organizations that put consumer identity first will win. Check out our report here to learn how to put identity at the center of your digital strategy to ensure you’re making the best first impression for your consumers. 


Don't Let Retail Bots Spoil Holiday Cheer

Start Planning Now to Ensure Your Customers Aren't Robbed by Resellers

We’ve all heard about the damage malicious botnets, or bots, can cause. When a bot is used for evil, it can overwhelm an entire website and stop business. We’ve recently seen an upsurge of less obviously destructive bots that have a singular purpose: to buy up your stock of the latest must-have items before your customers do and sell them back to your own customers at a markup. These bots can impact your sales and the great customer experience you’ve worked so hard to create. And, with the holiday season just around the corner, retail bots wreaking havoc on the availability of popular items couldn’t come at a worse time. 

How Retail Bots Work

Retail bots automatically monitor stock levels of leading retailers for popular items. As soon as these items are in stock, the bots immediately buy as many of them as they can while masquerading as consumers who are making purchases on your website. The bots add the item to their shopping carts, enter shipping information, and complete payment – all in a blink of an eye. Then they repeat the process over and over again until the targeted items sell out. If you do a little online legwork, you’ll find the items popping up on online auction sites a few hours later being scalped for double or triple your original retail price. 

The Customer Experience Suffers – and so do Retailers

This is a frustrating experience for consumers left empty-handed when online retail shelves are wiped out. Customers don’t forget it. And on top of disappointing your customers, scalpers often end up returning their ill-gotten gains to your website when they aren’t sold, costing you even more time and money in lost sales.

This is not good for your customers, and it’s not good for you. As we approach the 2020 holiday shopping season –  a peak retail period –  we expect to see much more of this activity. But there are steps you can take to prevent bots from spoiling the season.

Who is the Real Customer? Identity is at the Core.

Essentially, we are dealing with an identity problem: How do we know we are dealing with a real customer and not a bot? To answer this question, we need to examine a range of environmental, contextual, and behavioral factors and use these to make decisions in real time. 

The ForgeRock Identity Platform gives you the power to unmask the bots. Using a wide range of data sources, our platform can make decisions in real time and adapt the login or guest checkout journeys to make them more challenging when we suspect a bot is present and hassle-free for legitimate customers.

Don’t let retail bots ruin the holidays for you or your valued customers. Read our white paper Block the Bots to Keep Your Customers Coming Back, which looks at how a retail bot works and how you can leverage the ForgeRock Identity Platform to defend against bots today and as they evolve in the future.

New to Identity Governance? Here’s What to Look for in a Modern Identity Governance Solution

You likely have an identity governance and administration (IGA) solution in place to address data privacy and regulatory requirements. “Identity governance” refers to identity needs like  access request approvals and certifying user access levels, and “administration” refers to the back-end user account provisioning processes in place to meet those needs. In this blog, we’ll look at the requirements that have driven the adoption of identity governance and administration, how the changing identity landscape is posing challenges for legacy IGA solutions, and how modern IGA approaches fill those gaps.

Why You Need an Identity Governance and Administration Solution

You have to manage user access requirements, ensure compliance with an ever-increasing number of regulations, protect your organizational data and intellectual property, and maintain a seamless customer experience across multiple devices. IGA solutions have evolved over the years to address this broad set of needs.

A robust identity governance and administration solution should enable the certification of appropriate user access levels and allow you to govern that access with policy-based controls. Additionally, it should enable your security and compliance teams to handle access requests, access approvals, and role administration. An effective IGA solution should also help your organization achieve regulatory compliance.

IGA Landscape Challenges 

You’ve likely had your existing identity governance and administration solution in place for a long time, and you’ve seen the identity landscape change drastically around it. Accelerating changes in enterprise technologies, cyberthreats, and the user landscape are putting growing pressure on traditional IGA solutions and, in turn, on your security and compliance teams.

The identity landscape today encompasses a growing number and type of users, accounts, devices, applications, and systems. Applications and systems are no longer just on-premises. They live in a dizzying hybrid of on-premises, cloud, and SaaS environments – and your users, encompassing your workforce, consumers, and partners, access them from many different devices and networks. On top of these complexities, you’re protecting your data and users against an increasing number of internal and external threats while the number of compliance regulations mounts. 

You’re left with a critical question: Can your IGA solution keep up? 

  • Identity Silos Leave you with Poor Visibility
    Enterprise IT environments become more complex every year, increasing the number of applications and systems you provide user access to. Most legacy identity governance solutions don’t connect and manage all applications, especially with systems living in a hybrid of on-premises and cloud environments. Combined with your user identity information scattered across multiple identity silos, this can lead to poor enterprise user access visibility, a lack of context, and an inability to recommend appropriate access privileges, like entitlements and role assignments. It’s difficult to secure identities, user access and maintain compliance when you don’t have – and can’t achieve – complete visibility.
  • Compliance Becomes Challenging
    Your IGA solution should enable you to understand who has access to what, but with fragmented visibility, your security and compliance teams don’t have the information needed to be compliant with the increasing number of regulations. Longstanding regulations like the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX) have been joined by new legislation like General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), are increasing the pressure on your security and compliance teams. Breaching these regulations comes at a high cost. Noncompliance with SOX can cost organizations up to $25 million in fines as well as criminal or civil prosecution. It’s estimated that $192 million in GDPR violations have been levied against companies since the legislation went into effect. 
  • Resources are Exhausted
    Identity governance solutions are expected to work across multiple siloed environments with tens of millions of access privileges spread across legacy and modern applications on both on-premise and cloud environments. Automation is critical to preventing your teams from over provisioning or granting inappropriate access privileges. Unfortunately, many legacy systems can’t be automated, resulting in an overflow of access requests for your team. Requests that require manual, human reviews and fulfillment.

The shortcomings of existing  IGA solutions can lead to identity governance fatigue and leave your organization more vulnerable. When considering a new, modern IGA solution, here are a few best practices to look for:  

  • AI-Driven IGA Solution - A modern identity lifecycle management solution that simplifies and automates the access request, access approval, certification and role modeling processes. By leveraging an AI-driven analytics engine, the solution identifies and applies appropriate user access, automates high-confidence access approvals, recommends low risk accounts for certification, re-certifies high-risk accounts, and automates the removal of unnecessary roles. 

A solution that automates access and governance controls to more easily manage the demands of today’s dynamic workforce throughout the entire users’ lifecycle.

  • Data Agnostic - A solution that does not include data bias, a data model that reflects the entire user access landscape. A solution that provides the ability to contextually examine all identity-related data, identify and recommend the right level of user access rights via high, medium, and low confident scores while providing the ability to apply appropriate birthright and or leaver user access rights to accounts, applications, systems, roles, and entitlements across the enterprise. 

A solution that reduces overall request volumes by predicting appropriate user access at the right time, to the right resources. 

  • Extensible Data Model - A solution with a highly scalable identity model for managing all users, devices, and things. A solution that enables data aggregation from diverse identity authoritative sources combined with an identity relationship model. A data visualization model that automatically identifies contextual relationships across users, devices, and things. 

A solution that automates identity orchestration and automation across access management, identity governance, and identity management via AI-based remediation recommendations. 

ForgeRock Identity Governance and Administration

The ForgeRock Identity Governance and Administration solution is an integral part of the  ForgeRock Identity Platform. The solution provides real-time, continuous enterprise-wide user access visibility, control, and remediation. A solution that simplifies the manual access request, access approval, certification, and role mining processes while providing full identity lifecycle management for creating, managing, and restricting identity access to accounts, systems, applications, and infrastructure. A solution you can strengthen your security posture and automatically drive regulatory compliance.

Amplify Your Existing IGA Solutions with AI-Driven Identity Analytics

ForgeRock Autonomous Identity is an AI-driven identity analytics solution that can be layered on top of, and integrated with, your existing IGA solution. The solution provides contextual, enterprise-wide visibility by collecting and analyzing all identity data, enabling contextual insight of low, medium, and high-risk user access at scale. It identifies and alerts your security and compliance teams about high-risk access or policy violations. By automating much of what is being done manually today, your team is freed up to focus on higher priority tasks and projects. And, by automatically examining enterprise-wide identity data, Autonomous Identity helps break down identity silos. You get an always updated contextual view of your entire user access identity landscape - what good access should and shouldn’t look like.

With ForgeRock Identity Governance and Administration and Autonomous Identity solutions, you can overcome identity governance fatigue, keep pace with user access demands, mitigate risk, and achieve regulatory compliance.   

Learn more by watching The Evolution and Modernization of Identity Governance and reading Maximize the Value of Your Identity Solution with AI-Driven Identity Analytics to see how ForgeRock Autonomous Identity can address your dynamic IGA challenges.


Highlights from Global Action Week at ForgeRock

ForgeRockers are a passionate and powerful crew! We showed what we can do to make a difference in our communities during our recent Global Action Week where we took time out of our regular schedules to give back. 

Employees across the globe put on their masks and ventured out into their communities to clean up parks and schools, feed the hungry, mentor, volunteer at animal sanctuaries, advocate for STEM programs in schools, or support the elderly. The pandemic meant a course correction for some of our ideas, but together we logged more than 200 volunteer hours service worldwide over the course of five days. 

ForgeRockers Give Back 

“While this year has been a tough one for everyone, we recognized that it was more important to our employees than ever to give back to the communities, organizations and initiatives that meant the most to them. I am extremely proud of the CSR team’s ability to react to the changing environment and still host a dynamic and rewarding Global Action Week that has empowered so many ForgeRock employees to take action and make a difference.” - Ben Hutchings, CSR Lead & People Program Manager

"I hiked about 42km in the Lake District over three days carrying everything we needed for the trip in our backpacks. During the hike I used the app Charity Miles to raise over $500 for a global organization called Girl Up. I chose Girl Up, as they are a movement to advance girls' skills, rights, and opportunities to be leaders. As someone who identifies as female within both the STEM industry, and hiking community - both areas where female representation is the minority - this is an important cause I feel particularly close with.” - Becky Maund, Senior Support Engineer

“I spent the day volunteering at Odd Man Inn Animal Refuge in Washougal, WA. They are a nonprofit farm sanctuary, adoption shelter, and wildlife rehab center. Odd Man Inn has a special place in my heart for taking in abused animals that have no other place to go. I had the pleasure of making sure all of the animals were happy, healthy, comfortable, and felt safe and right at home by cleaning their living quarters, passing out meals, and providing pets with the love and pampering they deserve.” - Krismy Botkin, Software Engineer

“I took a two man canoe down to the Bristol Harbour and taped some bin bags to the front seat of my canoe, and with the power of oars and a small net I paddled across the harbour cleaning rubbish from the water. Being in the center of the city, it can often fall prey to people mistaking the river for a garbage bin. This is a shame because there is actually a lot of wildlife on and under the water. By the end, I was tired but extremely satisfied with the amount of refuse I had collected. It's something I'd definitely do again.” - George Knight, HR Technology & Data Manager

“A few coworkers and I spent the morning cleaning up Dolores Park in San Francisco. Many San Francisco residents don’t have yards or gardens, so public parks become our refuge when we want to (safely) get some fresh air. A lot of work goes into maintaining these spaces, and I felt that it was important to give back to the place that has helped my mental and physical health during this time.” - Greta Sohn, Content Marketing Manager

ForgeRock Learns

In addition to actively giving back to their communities, ForgeRockers also participated in a speaker series. Throughout the week, we hosted four virtual discussions. We learned about busting the mental health stigma from Tara Robinson from Changes Bristol. We also spoke with Tiffany Dawson about how to promote gender equality in STEM. Felisia Castaneda from Recology San Francisco taught us how we can all make small changes that impact the environment. And we closed out the week with a powerful discussion about racism and DE&I with Kevin Withane

550 Hours Dedicated 

By the end of the week, we had spent more than 200 hours volunteering and more than 300 combined hours learning. Global Action Week is a terrific extension of our purpose as a company to help people access the connected world - safely and simply. 

I’m so proud of our collective efforts and can’t wait to see what we accomplish next year! 

Want to join an amazing team that is changing the way people connect? Check out our careers page.


Balancing Autonomy and Control in API Security with Token Swapping

The question of how much control to retain versus how much to give up is something that occupies the minds of parents, management consultants, and often coaches. A high level of control helps achieve specific objectives, but, at the same time, it may lead to a complex bureaucracy that slows down self-initiative, entrepreneurship, and general productivity. A high level of empowerment, on the other hand, fosters creativity and ownership, but it may lead to unmanageable or risky outcomes. 

In the world of identity and security, organizations across all sectors also face this conundrum. Managing identity involves both controlled (stateful) and autonomous (stateless) security tokens. 

  • Stateful tokens are opaque and can be de-referenced by a central authority only after request (token introspection). The authority manages the state of the token, including revocation. The token depends on the availability and performance of the authority.
  • Stateless tokens are self-contained and can be "unpacked" by any party with the appropriate key material. Stateless tokens can be processed with or without the availability of an authoritative service. 

Knowing which to use is often straightforward, but sometimes what you really want to deploy is something in between.

A Closer Look at Token Swapping Use Cases

Exposing open services and APIs to external clients is a perfect use case for stateful tokens. Because external clients can be located anywhere and security tokens can travel over many networks, more control is needed. With stateful tokens, you can have opaque tokens that don’t carry sensitive content, always introspect tokens against a central authority, and revoke tokens as needed to provide a high level of control. 

However, for Zero Trust architectures that require security checks at every stage, including each microservice-to-microservice call, using stateless tokens makes more sense. That’s because they don’t depend on a central authority, which could impact the ability to scale and to continue operations if the authority is unreachable. 

Token swapping describes the ability to exchange one security token for another in a different, enriched, or restricted form. A gateway can function as the "token swapper." It intercepts requests, validates tokens, and generates new tokens either by itself or in conjunction with other services. 

Let’s look at the example of a financial company exposing APIs to partner organizations. Such a scenario requires a higher level of control and the ability to revoke granted access, so, for these external clients, the financial institution issues stateful tokens. Token swapping allows the company to use those stateful tokens on the front end but then switch to stateless tokens for scalability and other benefits within their microservices environment. 

If you swap a stateful token for a stateless token in the right way and at the right time, you can achieve that delicate balance between control and autonomy to better suit your purposes.

In the aforementioned scenario, ForgeRock Identity Gateway, deployed as a north-south gateway, validates stateful OAuth2 tokens by introspection with ForgeRock Access Management, ForgeRock Identity Cloud, or any other OAuth2 authorization server. After validating the stateful token, Identity Gateway then generates a stateless JSON Web Token (JWT) containing the identity information the downstream services need to proceed autonomously.

Self-contained JWTs are a compelling token type for scenarios that require a high level of scaling, do not have a strong dependency on external services (such as the authority), and can tolerate the absence of token revocation capability. For many microservices scenarios, this is a very effective use case for token swapping. 

Local JWT validation can also be conducted by service meshes, such as Istio, or by ForgeRock Identity Gateway, deployed as an east-west gateway, or Microgateway with the JwtValidationFilter. Note, however, that service meshes support self-contained JWTs but do not integrate well with stateful OAuth2 and remote token introspection. Furthermore, JWTs consumed by service meshes like Istio need to have the appropriate content, which can be built using token swapping. The "token swapper" can aggregate the appropriate JWTs.

Token swapping is not limited to stateful OAuth2 to JWT token swapping. You can create transformations using other token types – such as OpenID Connect, SAML or SSO tokens – and services like the security token service (STS). You can also enrich tokens with user roles, entitlements, or attributes obtained from the authority. 

To learn more about balancing control and autonomy with token swapping, read about the following useful components: JwtBuilderFilter, JwtValidationFilter, IdTokenValidationFilter, OAuth2ResourceServerFilter, TokenTransformationFilter.

With token swapping, you can expand your options for obtaining the right balance in the control versus autonomy dilemma—at least in the identity and security realm. Parents, philosophers, and management will have to look elsewhere.


Three Ways CDR Will Alter the Australian Open Banking Landscape

CDR is here! But don’t panic if your bank isn’t quite there yet. We can help with our new ForgeRock CDR Open Banking Accelerators.

Well, it’s finally here. The Australian government’s Consumer Data Right (CDR) regulation is taking effect – in phases – starting with bank loans and personal information for the Big Four banks. The rest of the industry will follow suit in 2021.

Understandably, the rollout of yet another new regulation tends to be met with a bit of resistance. But CDR has some significant upsides for banks that fully embrace the open standards requirement that come with it. It’s been argued that the open standards can lead to a new wave of greater innovation and consumer services. Here are three ways banks can benefit from CDR:. 

#1. CDR can pave the way to greater uniformity of security and boost consumer confidence. Third-party global banking integrations have been quite loose with regard to security in the past. Lacking application programming interface (API) openness, some developers have resorted to insecure “screen scraping” techniques that left consumer data vulnerable. CDR requires openness, mandating industry-standard, security-conscious protocols that will increase consumer confidence in the way their data is handled. 

#2. CDR can lead to better customer and user experiences (CX/UX). Everything today is digital and online. Even processes previously handled exclusively face to face – like new customer onboarding and enrollment – can now be done remotely, without ever having to set foot in a branch office. Since many customers have an online-only relationship, the digital experience must be optimized. This means speed and security need to be core components of the offering, ensuring that there are no data loss or sync issues between your bank and a third-party provider. Secure uniformity and openness of APIs can help support this.

#3. CDR can help monetize data for new consumer services. A core focus of CDR is putting consumers in charge of their data. But this doesn’t eliminate opportunities for new service offerings and partnerships between banks and third-party API developers or other financial services organizations. When done properly, opening up your APIs – and by extension, customer data –  can lead to new revenue opportunities.

But before any of this can happen, you need to become compliant with CDR. Maybe you’re already there, but is the job really done? Was it a struggle to become compliant because of the legacy IT systems you have in place? Will that solution scale to your current needs, as well as the evolving and changing CDR standard?

No matter where you are in the compliance journey, ForgeRock has solutions – called “Accelerators” – that can help. Let’s take a more detailed dive into some of the specifics so you can see for yourself. 

ForgeRock recently released CDR Open Banking Accelerators to help drastically speed up compliance with the Australian Government's CDR mandate. These accelerators make it easier for you to comply with CDR mandates by providing a fully compliant container-based reference implementation, along with comprehensive documentation. 

Our accelerators are designed to minimize integration efforts, by deploying into your production environment rapidly and in an automated way. Identity architects, DevOps, developers, and project managers report that our accelerators have saved them up to two thirds of their total implementation time and cost. CDR Open Banking Accelerators can help you achieve a rapid ROI and improve the customer experience at the same time. 

ForgeRock CDR Open Banking Accelerators also ensure that the APIs used by financial providers prioritize customer authorization when sharing data with other requested providers. We designed the tools to adhere to CDR guidelines outlined by the Australian government.

ForgeRock can help you overcome compliance hurdles. Here’s how the CDR Open Banking Accelerators addresses four primary use cases within the Open Banking framework:

  • Gives Data Holders a plug-and-play, CDR-compliant endpoint, where Accredited Data Recipients can dynamically register themselves.
  • Provides Data Holders with a compliant, centralized consent engine enabling Accredited Data Recipients to request access to customer data.
  • Provides Data Holders with a MetaDirectory Cache Data Model and Sync Engine to create and maintain the required copy of the Registry. Provides Data Holders with a fine-grained authorization service based on customer consent. This Core Banking API enables you, as an accredited Data Recipient, to access data the customer consents to.

You can decide to simply comply with the CDR regulation, or you can use it as a springboard to compete in the new Open API economy. ForgeRock firmly believes that, in the near future, the quality of CDR implementations and broader API offerings will be a determining factor for customers choosing new services. As Data Recipients begin to offer innovative services using banking APIs, customers will start to expect to make use of these third-party services. Plus, non-mandatory APIs help progressive organizations like yours capitalize on the Open Banking revolution, so it’s a real opportunity to grow and evolve your business. 

We’re grateful to our trusted partner Middleware NZ, whose knowledge of the Australian banking market and technical acumen helped make the CDR Open Banking Accelerators a reality.

With a modern identity and access management (IAM) platform, you can transform your customers’ user experience. They’ll be able to control who can access their data and what can be done with it. And by empowering your customers, you’ll open up new and exciting innovation opportunities for your organization. 

 It’s easy to get started. Click here, and download the ForgeRock CDR Accelerators. If you need help, don’t hesitate to reach out to us.


Need a Killer Strategy for Modernizing IAM in a Hybrid World?

Get Started With Our Identity Platform as a Service Checklist  

Every organization is looking to transition from legacy systems to a more modern IT infrastructure by leveraging cloud for cost savings, better user experiences, new revenue streams, and greater employee productivity. Why then have only 25% of organizations achieved their initial IT modernization objectives? 

According to an IDG survey, “The State of IT Modernization 2020,” organizations struggle to modernize, in part because they lack a clear strategy. Figuring out the best path forward is complicated. Most likely you’ve got a combination of competing priorities, outdated processes and tools, aging infrastructure, lack of in-house expertise, insufficient budget, and operational limitations around application development. 

Modernizing your identity and access management (IAM) toolset is no exception. Determining the best strategy to modernize IAM and leveraging a cloud IAM platform can also be a challenge. Identity drives user experiences, engagement, and productivity. If done right, you defend your organization and users — whether employees or consumers — against compromised accounts and data breaches, as well as differentiate your organization by providing exceptional user journeys. So what steps can you take to modernize IAM while taking infrastructure into account? You can start here by reading our Identity Cloud Checklist: Top 10 Considerations and Best Practices to Strategize IAM in the Cloud.  

Don’t Compromise when Modernizing IAM    

When it comes to modernizing IAM, many organizations settle for one of the following:

  • Switch to a IDaaS-delivered IAM model built on simplicity and ease of use but supports  limited use cases and cannot adequately support legacy, on-premises IAM systems, applications, and things. 
  • Stick with a legacy on-premises identity solution that offers fuller feature sets, but is complex, difficult to maintain, and offers no clear roadmap to get you to the modern security and useability features and functionality you ultimately need. 
  • Build an in-house cloud or hybrid solution – that is, if you have the skill set to build it and then keep maintaining and tuning it. 
  • Acquire multiple point IAM solutions that can only address specific use cases with no feature parity across deployment models, be it on-premises, private cloud, public cloud, hybrid, or multi-cloud

All these options have shortcomings, and none can provide the enterprise functionality that you need to support users and secure on-premises and cloud applications at scale. Additionally, as priorities and strategies shift, you need an IAM solution that can move with you. Cloud has played a significant role in how organizations modernize and secure user experiences but cloud is not a one size fits all solution. Many organizations operate in a hybrid world today, yet traditional options don’t make it easy for you to modernize. In fact, Gartner states the majority of enterprises using data in the cloud will be living in a hybrid — and likely multicloud — deployment world for the foreseeable future. 

Planning for the Future

If you haven’t already, you should start thinking about how to future-proof your IAM strategy. Look for an IAM solution that can be easily deployed across any environment to fit business needs as they evolve. You should also think about use cases and business outcomes. For example, you might find that initially you need to secure identity for employees, and, later, for your workforce, consumers, citizens, and things. 

Tailoring your IAM solution for your industry is also important. For example, if you are in a regulated industry, you will most likely need an identity cloud solution that can coexist with on-premises solutions, provide true data isolation, enable fine-grained transactional authorization, and integrate with leading anti-fraud solutions. If you are in healthcare, you will need to manage identity relationships – such as parent and child and doctor and patient – and incorporate these relationships into access and authorization decisions. 

And, of course, overall functionality, security, feature parity, availability, vendor support, and cost must also be taken into consideration. 

There’s lots to think about. Fortunately, we’ve taken the guesswork out of what to consider as you either start or evolve your identity strategy with our Identity Cloud Checklist. Download it today. 


ForgeTalks: The Future of Cybersecurity Part 2

Hello and welcome back to ForgeTalks and our highly anticipated season finale. In this episode, I continue my conversation with ForgeRock CEO, Fran Rosch, and founder of NightDragon and ForgeRock board member, Dave DeWalt. Once again, my guests offer fascinating insights on a number of topics, including:

  • How Artificial Intelligence has impacted the security industry and the promise it holds for making workforce and consumer access better  
  • Cybersecurity, elections, and whether digital identity solutions can help make voting more secure
  • And insights from Dave DeWalt about the future of ForgeRock

If you missed part 1 of our finale, you can catch up now. I hope you enjoy this episode and learned something new about digital identity from this season of ForgeTalks. We'll be back in 2021 with more great episodes! If you want to subscribe to receive updates about next season, or if you want to check out previous episodes, you can do so here.


ForgeRock Remarks on the Court of Justice of the European Union’s Ruling on Transfers of Personal Data

At ForgeRock we take the security and protection of our customer’s personal data seriously. We know staying abreast of shifting security and privacy laws can be challenging, which is why we have a dedicated team of experts monitoring the landscape to ensure our services help you stay compliant. 

An area we continue to watch closely is the Court of Justice of the European Union (CJEU) ruling from July 16, 2020 regarding the transfer of personal data. As part of the ruling, the court confirmed that the European Commission’s standard contractual clauses (SCCs) remain a valid and lawful method for transferring personal data from the European Union to the United States and other countries. At the same time, it decided to invalidate the EU-US Privacy Shield framework.

The Swiss data protection regulator has followed the CJEU’s ruling and deemed the Swiss-US Privacy Shield framework inadequate for protecting Swiss/US data transfers. 

What is the impact?  

For ForgeRock customers, none. The continued support of SCCs means there is no disruption to the way we do business with you. 

ForgeRock was never certified under the EU-US or Swiss-EU Privacy Shield frameworks. We have always relied on SCCs to safely and legally transfer customer’s personal data from the EU and Switzerland to our services. 

This means our customers can be assured that they may continue to use ForgeRock’s services by relying on the SCCs that are currently in our Data Protection Addendum.

What are SCCs? 

The SCCs are a set of standard contractual terms providing sufficient safeguards for the protection of personal data of EU individuals, when transferred from Europe to the US and other countries. The ruling supports our belief that SCCs stand up to our 'cast-iron' commitment to the security and protection of our customers’ data.

Need more information? 

Please reach out to ForgeRock’s Privacy team ( with any questions you may have on ForgeRock’s data protection practices or the impact of the CJEU’s ruling in this case.

This content is provided for informational purposes. It is not intended to provide legal advice. ForgeRock’s customers should always consult their legal advisers. This information is provided as of the date indicated above, It does not account for post-publication changes.

ForgeTalks: The Future of Cybersecurity

Hello and welcome back to ForgeTalks. Today's episode is part one of a two-part series finale. Joining me for these two episodes are ForgeRock CEO, Fran Rosch, and cybersecurity luminary and founder of NightDragon and ForgeRock board member, Dave DeWalt. It was a wide-ranging discussion that captured their views of the security landscape in 2020 and how digital identity can play a central role in stopping attackers from successfully stealing your data. 

Watch this episode to hear about: 

  • How conditions in 2020 have created a "perfect storm" for cybersecurity threats
  • Why organizations have to move faster than ever to combat the increasing threat
  • And how digital identity can help not only protect organizations from cybersecurity attacks, but also improve their customer experiences and take advantage of unprecedented opportunity

I hope you enjoy this amazing ForgeTalks episode. Make sure you check out next week's episode where I continue my conversation with Dave and Fran. And if you want to view any of our other episodes you can do so here.

IAM 101 Series: What Are Directory Services?

Learn why the backbone of your IT stack may be overdue for an upgrade before it slows down productivity 

The beautiful thing about IT is that it just runs. You open up your laptop, access your applications, and stay productive and focused throughout your day. The technology that goes on behind the scenes is somewhat irrelevant to your average user.

So when I say “directory services,” you may be tempted to move on and watch some cat videos on YouTube. Stay with me, humble reader, for herein lies an important message.

What are directory services?

Directory services are the databases that store some of the most essential information you need to do your job. They are often referred to as data stores, LDAP, and directories. The information stored in these vessels include your username, password(s), authentication preferences and enrollments, user preferences, application data and, more recently, information on devices such as mobile and Internet of Things (IoT). As you can see, much of this information is identity related.

What happens when you fire up an application? Whether it’s a cloud, mobile, or traditional application, and whether you’re using it for work or otherwise, the application is going to reach out to the one definitive source of identity truth in your organization – the  directory. This is to validate that you’re still a legitimate user of the organization, that you’re authorized to access the application and to find out what you can do with it. It’s that simple.

But these days, directory services are under siege. Many organizations deployed their directory services many years ago, in the pre-cloud years, so they are running what we call “legacy” directories. While they still “work” in the traditional sense, there are reasons – both technical and non-technical – to believe we’re headed for a directory slow down.

The first reason is that the amount of information being put into directories is multiplying exponentially. Consider the “Things” in the Internet of Things (IoT). Estimates are that, in 2020 alone, the number of deployed Things will reach 31 billion! That’s at least four times the number of people on the planet. And all this IoT data is being registered in directories. 

The second reason directories are slowing down has to do with the ubiquitous nature of our work and home environments. Where do you work? If you’re like me, your work is anywhere you are. It’s certainly no farther away than your mobile phone or laptop in our hyper-connected world. This reality means directory services need to be distributed and highly available so that you can access the apps and services you need quickly. A slow link or an overwhelmed legacy directory sifting through millions of entries means you’ll wait to be authenticated and connected. Waiting is costly. Waiting is time. The result? Lost customers, decreased productivity for your workforce users, unhappy application owners, and a situation that will only get worse if not addressed quickly.

Directory services – the old iron of the business – need to go the way of the mainframe and green screen applications. They need to modernize!

Unfortunately, that’s easier said than done. Modernizing directory services is probably not high on the list of projects for your IT database administrator this year. Or next year.

But there is a pathway, and real ROI to be realized by modernizing your identity and access management (IAM) solutions. It doesn’t have to be painful. ForgeRock has Accelerator toolkits that help organizations upgrade legacy IAM solutions in a prescribed way, so they can go at their own pace. Accelerators are a complete kit of everything you need to get started. They include documentation, reference architecture, and step-by-step processes that allow you to migrate one app at a time or 10 at a time, or many more.

Using a coexistence or just-in-time (JIT) strategy, you can run ForgeRock IAM alongside your existing directory to make sure there is no loss of data or lack of availability to applications. When you’re ready to cut the cord and move to modern IAM, you can disengage your legacy directory and say goodbye to those hefty maintenance costs.

ForgeRock has one of the few directory services on the market today that offers a deployment option to run in containers. A container is a ready-to-run software package that includes everything you need to run your directory service in a Kubernetes or Docker pod. They can run any cloud (or on premises) and use vastly fewer IT resources in your data center.

ForgeRock also natively supports all the apps you want, provides greater security, offers more fine-grained access control, and works both within and across your data centers. 

For organizations to stay agile and productive, your directory services need to keep up with the growing needs or your users and customers. To learn more visit us online at

ForgeTalks: How to Address Identity Governance Fatigue

Welcome back to another episode of ForgeTalks. This week I met with ForgeRock Senior Director for Product Marketing, Tim Bedard, to discuss how organizations can address their identity governance fatigue. Because of legacy identity governance and administration (IGA) limitations, IT and security teams are exhausted from manually reviewing and approving access requests. These organizations need an identity model that provides visibility into who has access to what and why, eliminating these manual processes. 

In this episode we'll dive into:

I hope you enjoy this episode of ForgeTalks. Coming up next: tune in to part of 1 of our season finale with ForgeRock CEO, Fran Rosch, and titan of the cybersecurity world, Dave DeWalt. And if you want to check out any of our previous episodes you can do so here.

E-Voting Is the Future: Busting Myths and Objections

Demand for Online Voter Registration and Voting Doubles During the Pandemic

The COVID-19 pandemic made people – perhaps for the first time – consider if it is really worth it to leave their homes for many activities. Is picking the right apple at the grocery store worth the risk? As we near the U.S. presidential election, this same question remains, although the stakes are much higher. Constituents shouldn’t have to agonize between choosing their health over casting a vote, or vice-versa, because there’s a better solution. It’s time for the U.S. to bring e-voting to the American people.   

So what’s stopping the U.S. from implementing e-voting? Creating a national system of voting online is very much within the realm of possibility today. We have all the tools and technologies available at our disposal today. Below, we address common myths and objections. 

Myth #1: People don’t want to e-vote.

As the world remains in the grips of a global pandemic, people’s preferences towards digital activities are changing rapidly across industries. In fact, findings from ForgeRock’s New Normal Report show consumer preferences for online voting doubled across all regions. Almost two-thirds of consumers prefer to register to vote online as well. Inarguably, most voters want a modern and secure way to cast their ballot, which means the end of the paper ballot’s exclusivity is likely near. 

At ForgeRock, we believe that digital identity has a huge part to play in this. Digital identity technology can be essential in securing registration, user identification, and authentication – all key steps in ensuring a trustworthy and accurate vote count.

Myth #2: E-voting will enable voter fraud.  

Today, verification of votes is utterly archaic. It relies on polling volunteers to compare signatures on voter cards, which seems absurdly low tech, given the digital world we live in. That said, it is challenging to compromise in-person voting at scale. Fraudsters would have to send pretend “voters” one by one to the polls to pass off the false votes – and that’s a federal felony. For the risk, the reward just isn’t there.  

E-voting, on the other hand, would introduce a much stronger root of trust than we have in the existing voting system. Identity verification technologies, which are widely available on the market today, can quickly validate the authenticity that people are who they say they are. They use a variety of methods that are much stronger than today’s simple signature match. Technologies such as biometrics, device reputation, behavioral signals, and other digital identity capabilities offer a much more accurate validation of a voter’s identity and avoid widespread voter fraud. These digital identity technologies would transparently put every voter through multiple layers of validation that would provide much greater security without adding friction to the voter experience. The Real ID system that has now been adopted in all 50 states in the U.S. is one step forward toward a minimum standard of identity information. Real ID state licenses are required to provide a core set of security and validation features that make state licenses a very strong level of identity validation.

Myth #3: E-voting will create a new attack vector for hackers and invalidate election results. 

One of the reasons that the U.S. voting system is resistant to manipulation today is its decentralized nature. Town to town, state to state, voting methods vary. To create an e-voting system that is resistant to an external digital attack, it, too, must be distributed or decentralized. Blockchain, which is already being utilized for online voting in several countries, is one technology that could be critical. By making it difficult to manipulate individual votes, through containerizing the voting information, utilizing encryption, rotating keys, and leveraging distributed ledger technology, hackers will face a similar challenge to paper ballots – the effort to access a single vote means it would require too much effort to impact the larger voting pool. 

Myth #4: There is no way to maintain anonymity in voting digitally. 

Identity and access management (IAM) solutions are used by the biggest brands every day with a need to balance both privacy and data integrity. A decentralized, blockchain-based recording of votes could be held as an unchangeable backup, similar to the paper backup approach used today, while the information aggregated and shared outside that blockchain removes personally identifiable information (PII). 

Digital voting would likely need to be decoupled into several steps to maintain security and anonymity simultaneously. A user would need to be strongly authenticated. A record that an individual voted would need to be stored in an immutable way that can’t be linked to their actual vote. The individual’s vote would need to be deposited in a different immutable system so that votes can be easily counted and never changed. Maintaining this strict separation ensures that the vote can’t be traced back and linked to the individual who cast it. 

Myth #5: Online voting will disenfranchise those who do not have access to smartphones or computers. 

With voters at risk of exposing themselves to COVID-19, or the potential risk of future pandemics increasing the need for voting alternatives, e-voting should replace in-person voting. While the vast majority would benefit, there would still be measures in place for those who can’t cast an e-vote. New approaches should be introduced to ensure that no one is left behind in the voting process, but providing an e-voting option quickly will give U.S. citizens an opportunity to balance the risks they face between health and patriotism without having to stand in historically long lines, which have already become an issue in the 2020 election. 

As we move towards an e-voting future, the disenfranchised cannot be left behind. Rather, our focus should be on re-enfranchising these communities while ensuring alternative solutions are in place so that every voice is heard and the digital divide doesn’t become the civic divide. These efforts will be well worth the investment in the end. 

At ForgeRock, we have a big hammer in our ForgeRock Identity Platform, but voting is a nail-shaped problem that is rooted in identity. The capability to securely identify a person, anonymize and secure their session, and then record their vote is, at its core, digital identity. While identity can't entirely make e-voting 100% viable, as lots of other factors will contribute to its ultimate success, e-voting can’t exist without identity. To create a safe option for citizens to exercise their right and responsibility to vote, the U.S. must make e-voting a reality, starting with the 2024 election. The good news is that the technology is already here.  

To learn more about how consumer preferences are changing, check out the ForgeRock Consumer Survey: The New Normal


ForgeTalks: Citizen Identity & Access Management

Welcome back to another episode of ForgeTalks! All around the world public sector organizations are trying to provide better and more secure digital experiences for their citizens. Here at ForgeRock, we believe that digital identity can help enable these experiences. With the rise of security breaches, online services, remote citizen and workforce user demands, digital transformation is a must. In this week's episode of ForgeTalks, I was joined by Tommy Cathey, ForgeRock VP for Public Sector, to talk about citizen identity and access management.

This week we discussed: 

  • How can digital identity help public sector organizations modernize their digital experiences for their citizens?
  • What are some exciting recent developments for US public sector organizations? And why are they important? 

I hope you enjoy this episode of ForgeTalks. If you want to check out any of our other episodes you can do so here

A Leader in the Wave for Customer IAM

We’ve all experienced the turbo-charged acceleration in digital transformation in the past six months of the pandemic. Working from home, banking from home, shopping from home, and eating your favorite restaurant meals at home are the new normal. We are also living this experience at ForgeRock. We’ve moved to a nearly 100% remote work environment and supported our customers who have relied on us for a seamless and secure online experience over the years. Enabling this transformation for our customers is what drives us as a company. It is also why we are all immensely proud to be recognized by Forrester Research as a Leader in The Forrester Wave: Customer Identity and Access Management (CIAM), Q4 2020. 

Innovation and Execution Matter Most 

Forrester evaluated the 13 most significant identity and access management (IAM) companies against 32 different criteria spanning three categories: current solution offerings, strategy, and market presence.  The evaluation of each company included in-depth reviews of product functionality, demonstration of capabilities, and customer references. ForgeRock was named a Leader in this CIAM evaluation which recognizes both the strength of our current offering as well as having the highest score in the strategy category amongst all vendors evaluated.

Strong Security and a Great User Experience Are Essential for CIAM

One  prominent theme in this report is the shift in CIAM from “just” a security technology to becoming a key component of the online user experience. Forward-looking organizations are seeking identity partners to help acquire and retain customers while providing them with the security, fraud protection, and personalization capabilities to engage and transact across all consumer channels including web, mobile, call center, or in person.  

As a company strongly focused on CIAM, we’ve invested heavily in designing, building, and continually improving our ForgeRock Identity Cloud to meet the needs of our customers. We’ve emphasized the importance of capabilities such as data orchestration and user management, customer identity verification and registration, and consumer self-service. We’ve also invested in high performance and scale because they directly impact the user experience. We enable our customers to securely manage hundreds of millions of identities – with demonstrated performance in excess of 3.6 million authentication transactions per minute – and ensure a seamless user experience.

Looking Ahead

Forrester emphasized future strategy, investment, and execution roadmap as important criteria in their evaluation. It’s all about cloud choice and enabling hybrid deployments. At ForgeRock, we have known this for a while. It serves as a driving force behind our strategy, product, and go-to-market plan. And, it’s what drove our decision to raise $93 million in the first half of the year to continue to invest in our business and the market. 

We believe recognition by Forrester Research is a testament to our momentum and validation of our future  strategy and direction. Increasingly, our platform is becoming mission-critical to the largest organizations in the world – and we take our responsibility to deliver on their expectations seriously. We are incredibly proud that Forrester has named us a leader in CIAM. 

Download a complimentary copy of the The Forrester Wave report here.


ForgeRock Updates GSA Schedule

With the Covid-19 pandemic causing a dramatic shift in how public sector organizations and agencies do their work and provide citizen services, digital transformation has become a priority. Easy, yet secure, remote access for both citizens and employees is no longer a goal for tomorrow, it is a must for today. 

Unfortunately, traditional IT environments struggle to accommodate increased access demands. For example, legacy identity and access management (IAM) and identity governance and administration (IGA) weren’t designed to provide real-time, continuous enterprise-wide user access visibility, control, and remediation, or to collect and analyze identity data to identify security access and risk blind spots. These shortcomings result in error-prone and time-consuming manual work, poor user experiences, and increased risk — making it difficult for public sector organizations to successfully implement their digital transformation initiatives. 

What’s needed is a comprehensive IAM and IGA platform capable of not only modernizing and filling the gaps of legacy identity systems, but also unlocking their value with artificial intelligence (AI) and machine learning (ML). 

At ForgeRock we’re ready to help. I’m excited to announce that the ForgeRock Identity Governance and ForgeRock Autonomous Identity solutions are now available on the GSA Schedule, which means ForgeRock’s complete IAM and IGA platform can be purchased on the GSA Schedule with Carahsoft. ForgeRock has a long-standing partnership with Carahsoft within the public sector market across US Federal Agencies and State Governments. In fact, Rich Savage, Sales Director at Carahsoft, noted “We pride ourselves on helping government agencies find the best technology solutions available. ForgeRock’s AI-powered platform is exactly what IT teams need in the public sector for solving complex digital identity challenges.” 

Both Identity Governance and Autonomous Identity are fully deployable in a DevSecOps environment. You can view the new SKUs on our Carahsoft microsite under ‘Products.’ 

ForgeRock Identity Governance and Administration

Identity Governance and Administration (IGA) is the ability to manage and reduce the risk that comes with excessive or unnecessary user access to applications, systems, and data. Users want to have easy and rapid access to all of the applications they need to do their jobs. As a security-conscious organization, you need to balance requests for immediate application access with security, while reducing the risk associated with this process. 

The problem is, many public sector organizations use manual processes or scripts to grant immediate access to users. However, this leads to a failure to implement proper monitoring and governance controls on access in order to determine whether users should continue to have access. When auditors ask for proof of proper detective and preventive controls, organizations often resort to even more manual processes that involve spreadsheets and emails. Imagine the worst-case scenario, when a security team is triaging and they have to rely on searching through emails and spreadsheets in order to understand the chain of events. Fortunately, there’s a better way.

ForgeRock Identity Governance and Administration is an integral part of the ForgeRock Identity Platform. It simplifies the manual access request, access approval, certification, and role mining processes while providing full identity lifecycle management for creating, managing, and restricting identity access to accounts, systems, applications, and infrastructure. With ForgeRock IGA, you can strengthen your security posture and automatically drive regulatory compliance.

ForgeRock Autonomous Identity 

Legacy IGA solutions operate in ‘identity silos’ based on static data, including assignments, roles, and entitlements. Combined with the increasing volume and type of identities within the public sector, this can leave your already overburdened risk and security teams struggling to keep up as they manually provision access privileges and rubber stamp access requests and certifications.

ForgeRock Autonomous Identity is an AI-driven identity analytics solution that can be layered on top of, and integrated with, your existing IGA solutions to provide real-time and continuous enterprise-wide user access visibility, control, and remediation. By leveraging machine learning techniques, the Autonomous Identity collects and analyzes identity data, such as accounts, roles, user activity, and entitlements, to identify security access and risk blind spots. As a result, public sector organizations gain wider and deeper insight into the risks associated with user access as well as remediation recommendations.

As these product descriptions exemplify, there’s a better way to do Identity Governance and Administration to improve your overall access and security landscape while reducing manual processes and extending the value of your current investments. These solutions, along with ForgeRock’s comprehensive identity platform capabilities, help you achieve the digital transformation required for today’s remote access demands

For example, the State of Utah wanted to gain greater reliability and scalability in its identity and access management (IAM) infrastructure to integrate more data and applications, and expand the number of online services available to employees, citizens, and businesses. Using the ForgeRock Identity Platform, the state integrated more than 900 applications and online services, providing the flexibility and scalability to support all 1,400 of the states online services and a growing variety of additional applications and services, including those running in the cloud. The above and more resulted in a projected savings of up to $15 million due to operational efficiencies. Read the full State of Utah customer story.

You can learn more about the ForgeRock Identity Platform, as well as our newly added Identity Governance and Administration and Autonomous Identity solutions on our Carahsoft microsite under ‘Products’. And, as always, please reach out to us directly with any questions. We and Carahsoft are here to serve you.


Six More Reasons to Love ForgeRock SDKs

The ForgeRock Identity Platform gets better all the time and our focus on delivering software development kits (SDKs) underscores our commitment to helping you build secure apps faster. Earlier this year, we talked about the Six Reasons Why ForgeRock SDKs Make Sense. Today, we are pleased to announce there are now six more reasons you can count on ForgeRock SDKs to make your life easier. 

Let’s take a closer look at SDK 2.0. 

Reason 1: Unlock Intelligent Access

Intelligent Access combines Intelligent Authentication (or authentication trees) capabilities that our customers appreciate with Intelligent Self-Service (self-service trees). Intelligent Access includes new journeys for user registration, password reset, and progressive profiling – to name just a few advanced features. With this new release, our SDKs now support Intelligent Access, effectively doubling the number of supported use cases. Now, developers using SDKs can save time and integrate authentication, registration, and self-service journeys into their apps faster than ever before.

Reason 2: Access Device Context

ForgeRock SDKs can collect contextual information from devices (or browsers) and seamlessly integrate with the new Device Profile Nodes of the ForgeRock IAM Platform. Device context can be used to build sophisticated authentication journeys and detect anomalies such as deviations in previously trusted devices, geo-fence breaches, access from tampered devices, and more. By using the SDKs, you can start building better authentication journeys with device context in no time.

Reason 3: Exceptional User Experiences With Usernameless and Passwordless Authentication


Say goodbye to usernames and passwords with ForgeRock Go while providing great user experiences without compromising security. Our JavaScript SDK now supports FIDO2-based strong authentication with WebAuthn. This enables you to build this secure and seamless login experience into your single-page apps (SPAs) with ease. Our SDK can help you go passwordless faster.

Reason 4: Improve Application Security

Our SDKs do more than just simplify the integration with the ForgeRock IAM Platform. They have native capabilities to improve application security by implementing industry best practices and adopting the latest technologies in the iOS and Android ecosystem. Starting with this release, the ForgeRock iOS SDK uses Apple's Secure Enclave for hardware-backed encryption and storage of tokens. When you use our SDKs, you can be sure that credentials are in good hands. 

Reason 5: Simplify the User Experience With In-App Authenticator

Using one time passwords generated by soft tokens or push notification based approvals are great ways to improve security by introducing a second factor in the authentication flow. Traditionally however this approach comes at the cost of user experience. End users are forced to download and use a dedicated Authenticator app which introduces a lot of friction in the user experience. With the latest version of the SDK, you can now embed these capabilities into your own mobile apps and provide your users a superior, branded and seamless authentication experience. 

Reason 6: Secure High-Value Transactions

Great experiences and proper security during login are paramount, but your customers have come to expect, and are also looking for, that same level of security during each and every transaction. That’s why they need a Zero Trust model or Continuous Adaptive Risk and Trust Assessment (CARTA). With ForgeRock SDKs you can improve security by requiring the user to perform additional verifications when engaging in a high-risk transaction or while performing an action that deviates from their normal behavior. For example, they must reauthenticate by using a second factor or respond to a push notification on their mobile device.

For more information go to our SDK page or get started today with documents that provide you step-by-step instructions for your next integration project:

ForgeTalks: What are Containerized Directory Services?

Welcome back to another episode of ForgeTalks. This week we tackle how to help organizations prepare for unexpected spikes in consumer demand. I sat down with ForgeRockers Jeff Carpenter, director of product marketing and Ludovic Poitou, director of product management, to discuss the importance of scalability for millions of identities. They explained how our Containerized Directory Services can help you handle massive transaction volumes and millions of identities at thousands of transactions per second. 

We'll be answering questions like: 

  • What role does Directory Services play in identity?
  • What are the risks of ignoring Directory Services?
  • How is ForgeRock enabling a secure and reliable transition to the cloud with Containerized Directory Services? 

I hope you enjoyed this episode of ForgeTalks. And if you want to check out any of our other episodes you can do so here.