More Related Content Similar to Identity Management with the ForgeRock Identity Platform - So What’s New? (20) Identity Management with the ForgeRock Identity Platform - So What’s New?1. © 2016 ForgeRock. All rights reserved.
ForgeRock Identity Platform
Identity Management
• Tim Sedlack, Sr Product Manager
• Rob MacDonald, Product Marketing Director
2. © 2016 ForgeRock. All rights reserved.
ForgeRock: At a Glance
• Fastest-growing open source identity security
software company in the world
• Founded: 2010
• Headquartered in San Francisco with offices
in 6 countries
• Employees: 350+
• Customers: 400+ Enterprises in 30+ countries
• Global Reach: ~50% international revenue
• Hybrid Revenue Model with low Churn: <5%
• Funding to Date (thru Series C): $52M
• Investors: Accel Partners, Foundation Capital
and Meritech Capital Partners
Key Facts Mission Statement
The forgerock identity
platform currently powers
more than 500 million
identities. It is our goal to
become the market leader
in digital transformation
and security for enterprise
identity worldwide.
3. © 2016 ForgeRock. All rights reserved.
Perimeter-Based Security Identity-Centric Security
Enables Digital Business
Untrusted
Trusted
Inhibits Digital Business
Old Security Model is Broken. Security Must Now Be
Identity-Based.
Enables Digital BusinessInhibits Digital Business
4. © 2016 ForgeRock. All rights reserved.
Changes are adding Complexity
Employees
Employees &
Partners
Perimeter
Perimeter
Federation
Things
Perimeter-less
Federation
Cloud
SaaS
Mobility
Consumers
Perimeter-less
Federation
Cloud / SaaS
ComplexityofScale
Complexity of Experience
5. © 2016 ForgeRock. All rights reserved.
Identity Access Management
Customers
(millions)
On-premises
People
Applications
and data
PCs
Endpoints
Workforce
(thousands)
Partners and
Suppliers
Customers
(millions)
On-premises Public
Cloud
Private
Cloud
People
Things
(Tens of
millions)
Applications
and data
PCs PhonesTablets
Smart
Watches
Endpoints
Forrester Report Nov 2015: Market Overview: Customer Identity And Access Management (CIAM) Solutions
Identity Relationship Management
Business Has Changed: Enterprises Now Require
Identity Relationship Management (IRM)
Business Has Changed: Enterprises Now Require
Identity Relationship Management (IRM)
6. © 2016 ForgeRock. All rights reserved.
Enterprise AppsMobile Apps Things Cloud
Single Architecture | Next Generation | Open | Chip-to-Cloud Deployments | IRM
Identity ManagementAccess Management Directory Services Identity Gateway
Platform Strategy
7. © 2016 ForgeRock. All rights reserved.
Shared Services : User Interface, Self-Service, REST API, HTTP, Scripting, Audit and
Logging
Federation Synchronization
Authentication & Strong
Authentication
Identity Provisioning Application & Service
Gateway
Authorization &
UMA Provider
Workflow Engine IoT Identity Gateway
Adaptive Risk Self-Service Password Capture & Replay
UMA Protector
Access Management Identity Management Identity Gateway
Data Store
High Availability
Data Segmentation
LDAP / REST
Directory Services
Open Standards, High Availability, On-Premises, Cloud, Hybrid
The ForgeRock Identity Platform is built from the open source projects OpenAM, OpenIDM, OpenIG and OpenDJ
The ForgeRock Identity Platform
8. © 2016 ForgeRock. All rights reserved.
ForgeRock UI FrameworkUI Layer
ForgeRock RESTAccess Layer
Provisioning
Auditing
Workflow
Synchronization
Policy
Scheduler Task Scanner
Password Management
Reconciliation
Services/Routing Layer
Attributes Users Roles Groups Organizations Accounts Things Custom ….Object Layer
Object broker (managed – system – aggregated)Broker Layer
Business Logic Layer
Self-Service UI Admin Console
OpenICF
customchip | thing
External Resources Layer
…
ForgeRock Identity Platform: Identity Management
9. © 2016 ForgeRock. All rights reserved.
Release Focus
User Administration
Security & Visibility
Platform Experience
Connectivity
10. © 2016 ForgeRock. All rights reserved.
New UI
• Bootstrap based Responsive UI framework
• Simple to customize and theme
• Device independent – mobile friendly!
• Smaller footprint – less bandwidth
• Segregated Administration and Self-Service model
• Admin UI greatly expanded
• Easy to demo and communicate core concepts
• Improved and visualized workflow management
10
11. © 2016 ForgeRock. All rights reserved.
Simplified Object Model
• Quick and visual object creation – beyond users
• Design your objects quickly and visually – including schema
• From Simple to complex, related to unrelated
• JSON/File based still supported
• Model your objects in the UI
• Simple icon model
• Relate objects to each other
• Many to one, one to many, many to many, one to one
• Once added, you can manage directly in the UI
11
12. © 2016 ForgeRock. All rights reserved.
Intrinsic Relationship Model
• Create and model relationships
• Parent-Child, User-Groups, Owner-Devices, etc
• New schema item type: relationship
• Allows for “reverse” relationship dependency
• Relationship Endpoints
12
13. © 2016 ForgeRock. All rights reserved.
Role Management
• Design, assign and manage roles in an intuitive and visual
manner
• 2 types:
• Provisioning Roles – describes how assignments are used in external
systems
• Authorization Roles - used to specify rights on managed objects in
OpenIDM
13
14. © 2016 ForgeRock. All rights reserved.
(Multi) Account Linking
• Use case: Link multiple accounts on a single resource to a
single managed identity
• User Account and Admin account
• Agent and Consumer
• Create with the new “Link Qualifier”
• Mapping->Properties
• Static or Dynamic (preferred)
• Static – Production and Dev accounts for each managed user
• Sample – Insurance Agent and Customer
14
15. © 2016 ForgeRock. All rights reserved.
Self-Service and Password Management
• Customizable Process and UI
• Pluggable processing chain
– reCaptcha, email, KBA out of the
box
• Bootstrap (commons) based UI for
easy customization
• 4 standard functions
• Registration
• Password Reset
• Forgotten User Name
• Profile Management
• Enables you to implement user self-
service to significantly reduce help desk
costs and increase user productivity by
automating password reset and enforcing
an auditable centralized password policy.
• Implements fine control password
management to ensure consistency
across all applications and data stores,
such as Active Directory and HR systems.
• Quickly branded to give customers a
personalized experience
17. © 2016 ForgeRock. All rights reserved.
What we didn't cover
• Password/Attribute Hashing v. encrypting
• Commons Auditing
• OpenAM Session Auth Module
• Upgrade/Update Framework
• New Documentation
• IBM DB2 as a repository
18. © 2016 ForgeRock. All rights reserved.
Next Steps
• New release available NOW on ForgeRock.com
• https://www.forgerock.com/downloads
• Download, install, PLAY!
• Run through all the samples – updated and new
18
Editor's Notes Demo – UI walkthrough, Admin console, dashboard, Demo Demo Based on intrinsic relationship model
So what’s an Assignment?
Extensible (Demo)
Demo Demo Demo Encode any attribute value using salted hash
Algorithms supported:
MD5
SHA-1
SHA-256
SHA-384
SHA-512
Audit
Common across the platform
Configured (REST) the same way
OpenIDM provides configuration through the Admin Console as well
Event Handlers, Filters, Targets, and more
Upgrade
Managed updates and upgrades!
UI or CLI based updates
Managed process that
Puts OpenIDM into maintenance mode
Validates checksums for every file in the update and in the install location
Backs up files (to *-old<timestamp>)
Reports what changes it’s going to make
Allows administrators to proceed or cancel
Restarts OpenIDM processes once installation is complete
Provides a report on all actions taken
Connectors
New Connector Bundling Services
OpenICF 1.5
New SAP Connector
Certification
AD Connector is deprecated
LDAP connector improved
PowerShell improved (for more complicated, specific scenarios)
Documentation
Brand new guides:
Getting Started with OpenIDM – step by step guide to install and evaluation of OpenIDM
Includes a special “Getting Started” sample in the
Installation and Update Guide
Samples Guide
Updated Integrators guide
Online and PDF versions available
DB2 Support
Added support for IBM DB2 as a repository
Support for Financial customers
Can be used with Kerberos Authentication
Supports financial customers
Version 10.x of DB2 is supported
Adds to technologies supported as a Repository for OpenIDM