PingOne for Workforce

My main use case for ForgeRock  is designing user journeys, specifically customer user journeys, and how they interact with the system.

A specific example of a user journey I designed using ForgeRock  is when we migrated from an older IAM  system, Okta, to ForgeRock. We designed a journey to log into one of the partner portals, where the password was still authenticated via Okta for the first-time migration users. We configured pass-through authentication, and once the user's login is completed, we mark it as a migrated user, synchronizing their password with ForgeRock Directory Server. In that journey, we implemented various configurations such as step-up control and orchestration, where based on the risk level populated via PingProtect service, either a step-up is required via email or via a one-time text message before granting access.

In addition to my main use case, we have multiple use cases, with over 30 journeys live for the different systems that the company uses, including various flows such as forgot password, reset password, and forgot username, which utilize utility journeys that are repetitive in nature.

The best features ForgeRock offers, in my experience, include their directory services, access management, and identity management, along with the Journeys feature that lets you orchestrate and design your user path in various easy ways. They are very configurable using JavaScript, which I find to be the most useful part.

The Journey feature has made my work easier and more effective because, unlike other tools, from the input we receive from the user, such as the username, we can decide whether to prompt them for a password, send a one-time password link, or a one-time passcode. Many actions can be performed at runtime based on the inputs received, which I find quite useful, and for anything that cannot be achieved out of the box, a simple JavaScript can be written to transform data or perform additions for passing to the next node. There are many out-of-the-box nodes available for integrating with other Ping components or calling out to other SaaS services.

The other features are pretty much the same as other components such as Oracle or Ping, but the Journeys in ForgeRock are something that I really appreciate, while the rest of the features are fairly standard across other IAM  components.

ForgeRock has positively impacted my organization by allowing us to migrate from the older system to the newer ForgeRock component, enabling us to go live with many products across geographies, enhancing security as it is all cloud-based, and with the company taking care of availability, it has reduced costs for the company.

In terms of specific outcomes, previously, single sign-on was not implemented, requiring users to remember their passwords across various systems. Now, those issues have been resolved, and users have appreciated this initiative. We centralized all systems from Okta and Microsoft on-premise AD to ForgeRock, which is quite beneficial, and there is also a self-service functionality available for tasks such as resetting passwords or retrieving usernames, leading to a significant reduction in customer service calls.

I wish the JavaScript part could be improved, as not everyone is proficient in JavaScript, so automating that or reducing the reliance on it could be beneficial. Additionally, having only one realm in the cloud version, the alpha realm, feels limiting, and I would prefer having more than one realm as we had in the on-premise version of ForgeRock.

I do not have any other improvements needed for ForgeRock that I have not mentioned.

I have been using ForgeRock for three years.

There seem to be no issues so far with ForgeRock in terms of stability.

Regarding scalability, since ForgeRock is in the cloud, it is pretty scalable.

The customer support is fine; we typically have to go through an online ticketing system on their website. I would rate the customer support eight out of ten.

I previously used Ping Identity before transitioning to ForgeRock.

I do not have the precise price point on the return on investment, but I have heard in management calls that we have reduced the number of employees needed, and money has definitely been saved.

Before choosing ForgeRock, my organization evaluated other options, including Okta, which was previously implemented.

My advice for others looking into using ForgeRock is that it is really good, particularly the Journeys functionality, which allows you to configure user journeys in a more efficient way. I do not have any additional thoughts about ForgeRock. I would rate this review seven out of ten.

At Bank of America, our main use case for ForgeRock  is to manage secure user authentication and authorization for our enterprise platform. For example, we use ForgeRock  to implement OAuth 2.0 authentication flows and ensure that only authorized users can access sensitive onboarding workflows and data. A specific scenario would be when a new user is onboarded. ForgeRock handles the authentication process, enforces multi-factor authentication, and manages user roles and permissions to control access to different stages of the onboarding lifecycle, such as draft, submission, approval, and finalization. This integration helps us maintain regulatory compliance as well as auditability and security with multiple user roles, while also streamlining user experience and reducing the risk of unauthorized access.

Integrating ForgeRock with our onboarding workflows has been a valuable learning experience because there are both smooth and challenging aspects. The smoothest part is ForgeRock's standards-based support for Auth and SAML, which makes it straightforward to set up secure authentication and single sign-on for our onboarding module. ForgeRock's comprehensive documentation and RESTful APIs also help accelerate the integration. One challenge is mapping our complex multi-stage onboarding workflows, where users transition between draft, submission, and approval stages to ForgeRock's role-based access controls and policy configurations. We had to carefully design custom policies and attribute mappings to ensure that only the right users could perform specific actions at each stage, which required close collaboration between our development and security teams. Another tricky aspect is handling legacy user data and ensuring seamless migration to ForgeRock without disrupting existing user access or compliance requirements. Overall, the integration is successful, and the flexibility of ForgeRock's platform allows us to tailor the solution to our specific needs.

One thing that stands out about our main use case and the integration process is how ForgeRock's centralized policy management makes it much easier to enforce consistent security and compliance rules across all stages of the onboarding process. We are able to implement fine-grained access control, so permissions can dynamically adjust based on user roles and the current status of the onboarding request. ForgeRock's auditing and versioning features are particularly valuable for our compliance needs, allowing us to track every access and every modification event. Additionally, the flexibility to integrate with our existing tech stack including Java, Spring Boot , and Apache Kafka  helps us avoid major architectural changes and keeps the project timeline on track. ForgeRock's extensibility and strong support for enterprise standards are key factors in the success of our implementation.

Initially, the primary improvement was security. By implementing standards-based authentication and access controls, we reduced unauthorized access incidents and strengthened our overall security posture. Next would be compliance. Centralized policy management and comprehensive auditing features made it much easier to meet regulatory requirements and pass company compliance audits. Efficiency was another major improvement. Automating user provisioning and access management streamlined onboarding processes, cutting manual administrative work and reducing onboarding cycle time. User experience also improved. The self-service features like password resets and account recovery improved user satisfaction. Another important positive impact was operational stability. The integration with our backend systems and the ability to manage policy centrally led us to fewer configuration errors. ForgeRock enabled us to deliver a more secure and compliant onboarding experience while also improving efficiency.

After implementing ForgeRock, we saw a reduction in onboarding cycle time by roughly twenty-five percent as automated workflows and centralized access management eliminated many manual steps. Security incidents related to unauthorized access or misconfigured permissions dropped by forty percent, and audit preparation time decreased by approximately thirty percent because of ForgeRock's comprehensive logging and reporting features. We also noticed a twenty percent reduction in user support tickets, especially regarding password resets and account recovery due to the self-serving capabilities. While these are rough estimates, they reflect the tangible improvements we experienced in efficiency, security, and user satisfaction.

The most valuable features ForgeRock offers are its support for standards-based authentication and authorization protocols including OAuth 2.0 and SAML, which make it a secure integration. The fine-grained role-based access control has been essential for managing complex user permissions across different onboarding workflow stages. Centralized policy and configuration management allows us to enforce consistent security and compliance. The platform's extensibility, along with RESTful APIs, makes it easier for us to integrate with our existing Spring Boot  backend and other enterprise systems. Multi-factor authentication support and risk-based authentication have added significant value by enhancing security without compromising user experience.

Centralized management makes the biggest difference because it allows us to define, update, and enforce security and compliance rules from a single location, which is crucial given the complexity of our onboarding workflows and the need for strict compliance. This feature reduces manual configuration errors, improves consistency across different modules, and makes it much easier to audit and demonstrate compliance to internal and external stakeholders. It also streamlines collaboration between development, security, and compliance teams since everyone can work from a unified set of policies. Overall, policy management not only improves our security but also accelerates our development.

I wish we had used ForgeRock's adaptive risk-based authentication, which allows dynamic adjustment of authentication requirements based on user behavior. This could have helped us further strengthen our security. Another hidden gem is the built-in support for custom authentication modules and scripting, which gives a great deal of flexibility to tailor authentication flows. The self-service capabilities for password resets and account recovery have been very helpful in reducing support overhead and improving user experience. Discovering and utilizing these features would have definitely made our integration even smoother and would have provided additional value for both our users and our security team.

One area of improvement would be the user interface for policy and workflow configuration, which can become complex and sometimes unintuitive, especially for new administrators. A more streamlined and user-friendly UI would help reduce the learning curve. Enhanced out-of-the-box analytics and reporting would also be valuable, as our current options often require custom development or integration with external tools. While extensibility is a strength, documentation for advanced customizations and integrations could be more comprehensive and easier to follow. Improved support for seamless upgrades and backward compatibility would also help minimize downtime.

In terms of performance, optimizing the platform for high concurrency environments would be beneficial, especially for organizations with large user bases or peak usage periods. Enhanced scalability features such as more granular or horizontal scaling options would provide better support for distributed deployments. For integrations, having more pre-built connectors and easy integration with modern cloud-native services would accelerate adoption. Improved monitoring and real-time health dashboards would help proactively identify and resolve performance bottlenecks.

I have been working in my current field for seven years.

ForgeRock supports integration with legacy systems in our organization by offering a wide range of connectors and APIs. We utilize the identity gateway and REST APIs to bridge modern identity service with legacy platforms. These platforms support standard protocols including LDAP, SAML, and OAuth, which helps us connect with older systems. Custom connectors and scripting capabilities also allow us to tailor integrations with unique applications. This approach enables us to modernize our IAM  infrastructure while still leveraging critical legacy systems.

With scalability in mind, ForgeRock supports both horizontal and vertical scaling to accommodate our growing user bases with increased transitions. We leverage containerization and orchestration tools to deploy ForgeRock components, which allows us to scale services up and down. Load balancing and clustering features ensure high availability and distribute traffic efficiently. Caching mechanisms, such as Redis  cache or Ehcache, are used to reduce database load. One challenge we face is tuning the system for peak loads, especially during onboarding spikes or regulatory deadlines, but by optimizing our infrastructure and monitoring, we are able to address these bottlenecks.

ForgeRock supports multi-factor authentication and risk-based authentication in our organization by allowing us to enforce additional authentication steps, such as OTPs, push notifications, or biometrics. The platform provides flexible authentication trees, enabling us to design custom MFA flows tailored for different user groups and risk profiles.

ForgeRock's customer support team has been responsive and knowledgeable, assisting us during our technical challenges and when we needed guidance on best practices. The support team provides timely assistance. The support portals offer comprehensive documentation, troubleshooting guides, and community forums that have been helpful for resolving common issues independently. Overall, my experience with customer support has been positive, contributing to smoother deployments and ongoing maintenance.

I believe it is important to clearly define and thoroughly assess your organization's identity and access management needs upfront. ForgeRock's flexibility can be both a strength and a challenge if requirements are not clear. It is crucial to pay close attention to initial architecture and design, especially around authentication flows, user journeys, and integration. Additionally, investing in training for your technical team is essential because ForgeRock's platform is powerful but can have a steep learning curve for those new to it. Be cautious about potential complexity in customizations. While ForgeRock is highly extensible, over-customizing can complicate upgrades and maintenance. Ensure you have a solid plan for monitoring, logging, and compliance from the start.

I appreciate ForgeRock for its strong focus on security, which is critical for organizations handling sensitive data. My overall review rating for this solution is an eight.

I am using ForgeRock  for standard support, policy configurations, and documentation clarity.

The pricing, setup cost, and licensing are very straightforward, which is a good success. I appreciate that it is very straightforward and helpful.

The customer support is very flexible and supportive, particularly in the area of automation and customer deployments. It is very helpful and supportive to our customers.

I appreciate ForgeRock  for its flexibility and standard support. It helps significantly in policy configuration, authentication, and troubleshooting.

The policy configuration feature helps my team considerably because it aligns our business objectives to all policies. It makes it easier and more flexible to assign roles based on access control. It helps us in policy configuration, assigning roles, and onboarding and offboarding of users.

ForgeRock helps me in debugging token flows and automation support in deployments of software to the cloud. It has assisted me in solving debugging issues.

ForgeRock has made a huge impact on our company because it helps us with DevOps automation support and policy configuration. It has helped us tremendously, even in troubleshooting, making it easier to navigate and understand. It provides a better and proper view of how to approach troubleshooting.

An example of how ForgeRock improved our DevOps automation is that it saves us considerable time. Throughout the automation process, it helps us analyze our source code and automation processes. It made the process flexible enough that in less than thirty minutes or forty-eight hours, we complete the automation process.

There are some areas I want ForgeRock to improve. These areas include policy configuration, documentation clarity, UI complexity, and debugging token flow.

I want ForgeRock to improve in documentation clarity, UI complexity, debugging token flow, policy configuration, and DevOps automation support.

I have been using ForgeRock for over three years.

ForgeRock is very stable.

I would rate ForgeRock's scalability an eight out of ten. The scalability is very fine and acceptable to me, and I would recommend it to someone else.

The customer support is very flexible and supportive, particularly in the area of automation and customer deployments. It is very helpful and supportive to our customers.

I used CyberArk before, but I discovered the flexibility of ForgeRock and its powerful tools and features in keeping standard structures simple and understandable.

The pricing, setup cost, and licensing are very straightforward, which is a good success. I appreciate that it is very straightforward and helpful.

Over the past two to three years, we have had great metrics of success, saving costs, and ensuring that the process runs smoothly.

Over the past two to three years, we have had great metrics of success, saving costs, and ensuring that the process runs smoothly.

The pricing, setup cost, and licensing are very straightforward, which is a good success. I appreciate that it is very straightforward and helpful.

I was recommended to ForgeRock, and it was worth it.

I would like ForgeRock to improve in the area of debugging token flow and DevOps automation support for cloud deployment. I give this product a rating of eight out of ten.

One of my company's customers has already integrated ForgeRock and set up Splunk. We just did some simple configuration, but not much since our customer did it.

I use the tool for its single sign-on capabilities. With ForgeRock, we can enable single sign-on and multi-factor authentication features, as well as single-layer or two-layer multi-factor authentication and password-less authentication.

Basically, we enable multi-factor authentication when logging in to ForgeRock. With ForgeRock Access Management, we can access Splunk using single sign-on capabilities. If you need one more multi-factor authentication for Splunk, we can enable it for that particular application. We already enabled multi-factor authentication for ForgeRock Access Management. Users are authenticated through multi-factor authentication, so Splunk does not require one more such tool. If you want the improvements and prefer one more multi-factor authentication tool, then it is okay.

In the past, I saw that Splunk was integrated with a testing portal, and then it was integrated with Slack. I don't think ForgeRock directly supports integrations with Slack, making it an area where improvements are required.

I have been using ForgeRock for a year and a half. One of my company's customers uses the tool. My company implements and offers support for the tool.

I provide full support in the application integration for our customers.

I have used Splunk for CybeArk for one of my company's customers. I don't know of particular advantages in ForgeRock as such, but it helps reduce manpower and improve security, and then we can keep the environment stable.

The product's implementation phase is very easy, but a lot of customizations are required.

ForgeRock uses Splunk. ForgeRock's integration with Splunk is very easy and straightforward.

In terms of the tool's adaptive risk and intelligence features, I can say that it is an area that is time-based. In different regions, the working hours are different. We can configure the tool based on the timing and the work location.

In terms of the tool's operational efficiency, ForgeRock Access Management is used in a lot of environments, different regions, and in different stages of production environments. Manual monitoring is not possible, especially monitoring everything with the system memory and CPU memory, along with the user behaviors. Splunk easily monitors everything. From a business perspective, it will reduce risk and then reduce manpower. Splunk provides exact results and monitoring results to track a particular issue so we can easily identify the issue.

We usually receive alerts regarding high CPU utilization because of the high traffic we receive.

I can't comment on whether the tool helps in the area of predictive analytics or automated threat detection.

I recommend the product to others. I can also recommend products like CyberArk and Okta. Wherever we need to monitor the environment, specifically the cloud environment or on-prem one, I can suggest all the above-mentioned tools.

I rate the tool a nine out of ten.