ForgeRock Platform Release - Summer 2016

648 views

Published on

In this webinar we give you an overview of significant updates that will improve your overall security posture and customer engagement practices.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
648
On SlideShare
0
From Embeds
0
Number of Embeds
27
Actions
Shares
0
Downloads
60
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

ForgeRock Platform Release - Summer 2016

  1. 1. © 2016 ForgeRock. All rights reserved. Webinar: Summer 2016 Platform Release John Barco, VP Global Product Marketing
  2. 2. © 2016 ForgeRock. All rights reserved. Platform Release Goals •  Frictionless Identity •  Identity Relationships •  Microservices Security •  Unified Platform •  Ease of Use
  3. 3. © 2016 ForgeRock. All rights reserved. ForgeRock Identity Platform •  Simple •  Scalable •  Modular •  Common platform •  Open source community participation
  4. 4. © 2016 ForgeRock. All rights reserved. Built as Modular Components UMA Provider Mobile App Synchronization Auditing LDAPv3 REST/JSON Replication Access Control Schema Management Caching Auditing Monitoring Groups Password Policy AD Password Pass- thru Reporting Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2 Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2 Adaptive Risk Stateless/Stateful Registration Aggregated View Message Transformation API Security Microservices Built from Open Source Projects: UMA Resource Access Management Identity Management Identity Gateway Directory Services CommonRESTAPI CommonUserInterface CommonAudit/Logging CommonScripting
  5. 5. © 2016 ForgeRock. All rights reserved. Platform Modules Authoriza*on   Federa*on   Iden*ty  Workflow   Self  Service   Authen*ca*on   Iden*ty   Synchroniza*on   Adap*ve  Risk   Directory  Services   User  Managed   Access   Iden*ty  Gateway   Common  Services  
  6. 6. © 2016 ForgeRock. All rights reserved. Platform Common Services Update
  7. 7. © 2016 ForgeRock. All rights reserved. New Audit Framework •  Common audit event framework captures activity of users, devices, things with unique ID label •  New ELK and JMS handlers •  Also CSV, DB, and syslog •  Export to third party services Splunk, ArcSight, FireEye, Palo Alto Networks … Dashboard: User Access Audit
  8. 8. © 2016 ForgeRock. All rights reserved. Access Management Update
  9. 9. © 2016 ForgeRock. All rights reserved. Access Management •  Authentication •  Single sign-on •  Social sign-on •  Strong authentication •  Mobile MFA •  Adaptive Risk •  Federation •  Authorization •  User-Managed Access •  Self-Service 1 web app 15 min. download to install 6 modules 20k+ Authentications per second
  10. 10. © 2016 ForgeRock. All rights reserved. Stateful Session ManagementSession SAML2 OAuth2 OpenAM Server Session SAML2 OAuth2 OpenAM Server FAMRecord FAMRecord OpenDJ OpenDJ Session SAML2 OAuth2 OpenAM Server FAMRecord OpenDJ •  Session failover uses the Core Token Service (CTS) to persist sessions •  CTS is based on OpenDJ and can be embedded or external •  External CTS gives flexibility and control over the topology
  11. 11. © 2016 ForgeRock. All rights reserved. New Stateless Session Management •  Stateless = state information is encoded in JWT token •  High-performance support for microservices or distributed cloud environment - 100K/ sec token validation •  Client can obtain token from any server; Client can validate token on any server 11 OpenAM Server OpenAM Server OpenAM Server AWS1 AWS2 AWS3 Microservices Client App OAuth2, OIDC Tokens PROPRIETARY AND CONFIDENTIAL
  12. 12. © 2016 ForgeRock. All rights reserved. Define Risk Profile of user or device •  Context builds intelligence into policies to protect resources at the time of access and during session •  Scriptable conditions can examine environmental conditions and also call external services to augment the authorization process Scripted conditions flag changes Evaluate context during AuthN/ AuthZ Create policies with risk / contextual parameters Risk is remediated Session resets, forces action Context-Based AuthN & AuthZ
  13. 13. © 2016 ForgeRock. All rights reserved. Advanced Authentication For modern and legacy systems •  20+ out-of-box modules including Google, Facebook, MS •  AuthN methods can be chained together for enforcing different levels or strength of security •  Scripted AuthN modules extend functionality on client side and server side using Groovy and JavaScript Create New Authentication Chain SAML2 Authentication Adaptive Risk / Device ID ForgeRock Mobile Authenticator Save Device Profile
  14. 14. © 2016 ForgeRock. All rights reserved. Adaptive Risk Enables better user experience •  The Adaptive Risk module assesses the risk based on pre- configured parameters •  Over 30 parameters, including IP address, IP history, cookie value, login history, geo- location, etc. •  Can be used in authentication chain or for step-up re- authentication 94 Risk Score
  15. 15. © 2016 ForgeRock. All rights reserved. New Passwordless Authentication •  New update of ForgeRock Authenticator Mobile App for iOS and Android •  Vastly improves the user experience while reducing friction during the user authentication process •  Customize app look and feel or use source code to build your own Swipe, Fingerprint Scan, Custom
  16. 16. © 2016 ForgeRock. All rights reserved. New Passwordless Authentication
  17. 17. © 2016 ForgeRock. All rights reserved. Identity Management Update
  18. 18. © 2016 ForgeRock. All rights reserved. Identity Management •  Workflow-driven provisioning •  Synchronization and reconciliation •  Cloud / Enterprise connectors •  Self-service •  Password management + 1 web app 15 min. download to install 3 modules 72k+ registrations per min.
  19. 19. © 2016 ForgeRock. All rights reserved. New Object Model Visualization •  Identity Management architecture is REST-based with flexible object model •  Visually representing objects and the relationships enables easier access to rich data •  User, device, thing relationships are complex – a visual model helps simplify admin tasks – reduces risks PROPRIETARY AND CONFIDENTIAL
  20. 20. © 2016 ForgeRock. All rights reserved. Identity Gateway Update
  21. 21. © 2016 ForgeRock. All rights reserved. Identity Gateway •  Mobile security •  API security •  Legacy app security •  IoT gateway •  Credential replay •  Federated service provider •  Token translation service •  UMA resource server 1 web app 15 min. download to install 1 module 20k+ requests processed / sec
  22. 22. © 2016 ForgeRock. All rights reserved. Protect REST Endpoints and APIs New Throttling Filter •  Control the rate of requests that clients can make to a Web API based on IP address or request route •  Set multiple limits for different scenarios like allowing an IP or Client to make a maximum number of calls per second, per minute, per hour per day or even per week Identity Gateway Throttling Filter
  23. 23. © 2016 ForgeRock. All rights reserved. New Preview Cloud Foundry Service Broker •  Lightweight, simple way for ForgeRock solutions to protect RESTful microservices running in Cloud Foundry •  Open source code for the service broker preview is accessible through GitHub (https://github.com/ ForgeRock/forgerock-service-broker-cloudfoundry)
  24. 24. © 2016 ForgeRock. All rights reserved. Resources: Downloads / Docs / Support
  25. 25. © 2016 ForgeRock. All rights reserved. Resources: ForgeRock.org community site
  26. 26. © 2016 ForgeRock. All rights reserved. Resources: ForgeRock.com

×