Identity Cloud
ForgeRock Identity Cloud excels in IAM with strong security and scalability.
Track all Identity Cloud installations in your organization with InvGate Asset Management.
Basic Information
ForgeRock Identity Cloud is a comprehensive Identity and Access Management (IAM) platform delivered as a service (IDaaS/SaaS). It was launched around November 2019. As a cloud-native offering, it operates on a continuous update model rather than distinct version releases. The platform integrates core ForgeRock components, including Access Management, Identity Management, and Directory Services. Minimum requirements for end-users involve standard web browsers and mobile operating systems for application access. ForgeRock manages the underlying infrastructure, which is deployed on Google Cloud Platform (GCP) and utilizes Kubernetes. Supported operating systems for client-side interactions include standard desktop environments for web access and iOS/Android for mobile applications. ForgeRock provides deprecation notices for features, typically with at least 12 months' advance notice before end-of-life. Specific end-of-life dates have been announced for certain features, such as the default email provider settings (April 12, 2022), Groovy OIDC custom claims script (April 20, 2022), Duo authentication node (September 30, 2024), OAuth 2.0 introspect endpoint behaviors (July 19, 2024), and the tenant administrator skip 2-step verification option (April 2, 2024). The license type is subscription-based, offering predictable pricing and including three environments (development, testing, and production) for a single license. Its deployment model is cloud-native, supporting hybrid and multi-cloud strategies, and can manage identities across public cloud, on-premises, or hybrid environments.
Technical Requirements
As a Software-as-a-Service (SaaS) solution, ForgeRock Identity Cloud abstracts most technical infrastructure requirements from the end-user. The platform itself is hosted on Google Cloud Platform (GCP) within a distinct GCP and Kubernetes environment. ForgeRock is responsible for deploying, managing, upgrading, and monitoring these software components. Client-side access requires a device capable of running modern web browsers or mobile operating systems (iOS, Android) for dedicated applications and SDKs. The service provides dedicated storage for customer secrets and data. For organizations integrating with the platform, ForgeRock offers SDKs for iOS, Android, and JavaScript. The Identity Gateway component can facilitate integration with applications that do not support open standards.
Analysis of Technical Requirements: The SaaS model significantly reduces the technical burden on enterprises, as ForgeRock manages the complex underlying infrastructure. This allows organizations to focus on integration and identity management policies rather than hardware or operating system maintenance. Client-side requirements are minimal, aligning with modern web and mobile application standards.
Support & Compatibility
ForgeRock Identity Cloud operates on a continuous delivery model, meaning features and updates are rolled out regularly. Client-side compatibility extends to standard web browsers and mobile operating systems, specifically iOS and Android, through dedicated SDKs and the ForgeRock Authenticator app. ForgeRock provides support for its Identity Platform components and offers documentation and resources for developers and administrators. Deprecation notices for features are typically provided with at least 12 months' lead time before their end-of-life date. Specific end-of-life dates for certain features include the Duo authentication node (September 30, 2024), OAuth 2.0 introspect endpoint behaviors (July 19, 2024), and the tenant administrator skip 2-step verification (April 2, 2024). The platform supports various localization options, though specific details are not extensively documented in public searches. ForgeRock provides SDKs for iOS, Android, and JavaScript to aid in application integration. The Identity Gateway can be used for non-intrusive integration with web applications and APIs, including legacy systems that do not support open standards like OIDC, OAuth 2.0, or SAML 2.0.
Analysis of Overall Support & Compatibility Status: ForgeRock Identity Cloud demonstrates strong compatibility with modern web and mobile ecosystems through its SDKs and continuous updates. The clear deprecation policy helps organizations plan for changes. Its ability to integrate with legacy systems via Identity Gateway is a significant advantage for enterprises with diverse IT landscapes. Support is available around the clock.
Security Status
ForgeRock Identity Cloud is designed with robust security features. It employs a multi-tenant architecture with full tenant isolation, ensuring that each customer's environment is a dedicated trust zone with no shared code, data, or identities. All data is encrypted both at rest (natively by GCP) and in transmission. The platform supports data residency requirements, allowing data placement in chosen regions. It adheres to privacy regulations such as GDPR and CCPA, offering capabilities for user consent management and self-service data control. Security features include a full OAuth 2.0 authorization framework, token validation, and dynamic, personalized user flows. Authentication methods are extensive, encompassing Single Sign-On (SSO), Multi-Factor Authentication (MFA) with options like OATH-based tokens (HOTP/TOTP), push notifications, biometrics, Web Authentication (WebAuthn), and passwordless authentication. Contextual and risk-based authentication can dynamically challenge users based on risk scores. Passwords are stored using one-way hash functions with salt and pepper, making cleartext retrieval practically impossible. ForgeRock has confirmed that Identity Cloud is not vulnerable to the OpenSSL 3.0 vulnerabilities (CVE-2022-3602 and CVE-2022-3786) as it uses OpenSSL 1.x or does not directly use OpenSSL. While a past RCE vulnerability (CVE-2021-35464) affected older versions of the on-premise ForgeRock Access Manager, this does not directly apply to the managed Identity Cloud service. The platform supports various certifications, with a "Certified Professional - PingOne Advanced Identity Cloud" exam available for administrators. General recommendations include secure data storage, tenant isolation, least privilege access, and continuous monitoring. ForgeRock advises encrypting all sensitive data.
Analysis on the Overall Security Rating: ForgeRock Identity Cloud exhibits a high overall security rating due to its architectural design emphasizing tenant isolation, comprehensive encryption, and robust authentication mechanisms. Its compliance features and proactive vulnerability management (as seen with OpenSSL) further strengthen its security posture. The platform's focus on passwordless and adaptive authentication methods addresses modern threat landscapes effectively.
Performance & Benchmarks
Specific benchmark scores, real-world performance metrics, power consumption, or carbon footprint data for ForgeRock Identity Cloud are not publicly detailed in the provided search results. However, the platform is engineered for scalability and high availability, designed to manage millions of identities efficiently. It aims to accelerate deployment, scale to meet demand, and reduce operational complexity for enterprises. In comparisons with similar assets like Okta and Ping Identity, ForgeRock Identity Cloud is recognized for its comprehensive IAM and Identity Governance and Administration (IGA) services, scalability, and customization capabilities. While some competitors may offer simpler initial deployment or user interfaces, ForgeRock often excels in handling complex enterprise environments and providing deeper customization.
Analysis of the Overall Performance Status: While explicit benchmark numbers are not available, the design principles of ForgeRock Identity Cloud—scalability, high availability, and comprehensive feature sets—suggest strong performance for enterprise-level identity management. Its focus on supporting complex use cases and large-scale deployments indicates a robust performance profile, particularly in demanding environments where extensive customization and governance are critical.
User Reviews & Feedback
User reviews and feedback highlight several strengths of ForgeRock Identity Cloud. It is praised for its comprehensive suite of IAM and IGA services, including an AI-driven platform. Users appreciate its scalability and extensive customization options, making it suitable for complex enterprise needs. The platform's multi-tenant architecture with full tenant isolation and strong security features are frequently noted. Self-service capabilities, flexible user journeys, and support for hybrid and multi-cloud environments are also considered significant advantages. The availability of robust APIs and SDKs for integration, along with its DevOps-friendly approach, is well-received. The cost-effectiveness of including development, testing, and production environments within a single license is also a positive point. However, some feedback points to weaknesses, primarily concerning deployment complexity and potentially higher initial costs compared to some competitors. The extensive customization, while a strength, can also necessitate more expertise during setup. Recommended use cases for ForgeRock Identity Cloud include managing diverse user identities (customer, workforce, IoT), securing access to various applications and resources, ensuring compliance with regulatory requirements (like GDPR and CCPA), and modernizing legacy IAM systems within hybrid and multi-cloud infrastructures.
Summary
ForgeRock Identity Cloud is a robust, comprehensive, and highly scalable Identity and Access Management (IAM) platform delivered as a service. Its strengths lie in its full-suite, AI-driven capabilities for IAM and Identity Governance and Administration (IGA), offering extensive customization and supporting complex enterprise environments. The platform's architecture ensures strong security through full tenant isolation, data encryption at rest and in transit, and advanced authentication methods including passwordless and adaptive MFA. It excels in managing identities across hybrid and multi-cloud deployments and provides flexible tools like SDKs and Identity Gateway for seamless integration with diverse applications, including legacy systems. The continuous update model and clear deprecation policies contribute to its long-term viability and security. However, its comprehensive nature can lead to a higher initial deployment complexity and potentially greater upfront costs compared to some more streamlined competitors, requiring a deeper level of expertise during implementation. Overall, ForgeRock Identity Cloud is an excellent choice for large enterprises and organizations with complex identity management needs, stringent security requirements, and a demand for extensive customization and scalability across varied deployment models. It is particularly well-suited for those looking to modernize their IAM infrastructure and ensure compliance with global data privacy regulations.
Information provided is based on publicly available data and may vary depending on specific device configurations. For up-to-date information, please consult official manufacturer resources.