ForgeRock IDM basic Features

IDM software provides centralized, simple, secure management and synchronization of identities for users, devices, and things.

ForgeRock Identity Governance

  • Perform a periodic view of access by users, managers or application or data owners.
  • Set policies on access, risk, and Segregation of Duties(SoD) violations so that reviewers can make informed decisions about whether access is valid or not.
  • Integrates into workflows within IDM so you can take immediate remediation actions.

Audit and report on this data so that you can address audit requirements

Components of identity governance

Access request

  • Employee applies membership to other company facilities.
  • Managers request additional roles to be applied to some or all their direct reports.

Access Review

  • All roles
  • Sensitive or high-risk roles
  • Provisioning roles in IDM that lead to role/group membership on remote systems
  • Roles, access, and entitlements on remote systems
  • Role owners need to periodically sign of:
  • All roles they are responsible for
  • Assignments that are given through the roles they maintain
  • Process owners need sign off:
  • New toxic role combinations of user
  • The prolongation of accepted exceptions

Identity Reporting

  • Certification campaigns
  • Users
  • Certification status
  • Access request
  • chedule reports
  • Automatically send reports to the relevant recipients.

Self-service features

  • Password resets and changes to user profile information can be synchronized across all target user account for consistent data in all relevant systems.
  • The self-service feature uses multi-factor authentication to allow your employees to reset their passwords automatically.


  • Multiple user self-registration flows are supported if you need to set up different portals for customers and partners.
  • IDM leverages standards-based integration with the social networks to register users seamlessly based on the OAuth 2.0 and OpenID Connect 1.0 standards

Data synchronization

1)Managed resources that are stored in the IDM repository.

2)External resources which can be any system that holds identity data

IDM connects to external sources through connectors like MySQL, REST API, CREST(The CREST API is intended for programmatic management of customer and subscription life cycle) API, etc

How IDM synchronizes data

  • Set up a connection between the source and target resource.
    Connector configurations reference a specific connector type and indicate the connection details of the external resource. Connector configurations are defined in conf/provisioner-*.json files. One provisioner file must be defined for each external resource to which you are connecting.
  • Map source objects to target objects.
    Mappings are defined in your project’s conf/sync.json file or in individual mapping files. Mappings are synchronized in the order in which they are specified in the sync.json file. If there are multiple mapping files, the sync after property dictates the order in which they are processed.
  • Configure any scripts that are required to check the source and target objects, and to manipulate attributes

Role-based provisioning

Role Types:

2)Provisioning roles: Define rules for how values are updated on an external system.These rules are configured through assignments that are attached to a provisioning

Identity visualization

If you do not have this information clear in mind, it is easy to assign inaccurate policies and create security gaps.

IDM Workflow

  • Self-registration
  • New user Onboarding
  • Account certification

Workflow driven provisioning activities can include:

  • Requests for entitlement, roles, or processes
  • Running approvals with escalations
  • Performing maintenance tasks

Flowable process engine

  • Compiles with the Business Process Model and Notation 2.0(BPMN 2.0) standard
  • Default workflows provided with IDM use the Vue JS framework for display in the end-user.

For custom workflows:

  • Use the standard Flowable from properties
  • Create a custom form template for more complex functionality.

How to invoke workflows

  • Situations discovered during reconciliation
  • Directly from the end-user UI
  • A script

This article covers basic features of Forgerock IDM, In case you want to explore more (Looking for implementation partner/Learning/work ) please feel free to reach out.

REDCAP Digital solutions is an Information Technology provider which deals in Identity and Access Management, Blockchain development, Software Development.