My main use case for ForgeRock includes user provisioning, deprovisioning, reconciliation, workflows, cross-federated SSO, integrating applications, third-party applications into ForgeRock, managing users and entities, and handling password resets, among other functionalities.

I onboard applications into IDM for user provisioning and SSO, managing user identities effectively. We also integrate and onboard those applications into ForgeRock Access Management, allowing users to log in to their applications, get their identities authenticated against ForgeRock, and access their applications seamlessly. This approach is especially pertinent as we focus on customer IAM, utilizing CIAM profiles.

ForgeRock offers a very scalable solution, which is one of its best features. You can have a lot of functional components operating simultaneously, and it is very developer-friendly. The solution is highly scalable, allowing us to define our own managed objects. Additionally, ForgeRock provides excellent features for workflows, which we use for account claiming and linking, highlighting the solution's scalability and flexibility.

ForgeRock positively impacts our organization as we manage a large number of users with ease, providing a standard IAM solution that simplifies our processes.

ForgeRock can improve by offering a unified development IDE for workflows, as we currently maintain BPMN, XML, JSON, and JavaScript separately. Presently, I use Flowable UI to create a BPMN and onboard it to ForgeRock, which is not efficient. Additionally, the front-end development should be more user-friendly for IAM developers, who may not be well-versed in Vue.js. ForgeRock needs to focus on low-code, no-code solutions that allow for drag-and-drop functionality with good orchestration. ForgeRock and Ping should consider providing free vouchers for certification and training to developers to boost market presence, as there is currently a significant gap between good ForgeRock developers and companies looking to implement ForgeRock solutions.

My advice for others considering ForgeRock is that it completely depends on your use cases. ForgeRock is a very potent product that can fit well into a variety of solutions. If you manage a large user base, particularly planning for RBAC and multiple applications, it is easily manageable with ForgeRock. The product's stability and cost-effectiveness are significant advantages.

Having worked with multiple tools such as CyberArk, Delinea, IBM IGI, IBM ISIM, and SailPoint, I find myself very inclined towards ForgeRock due to its capabilities, especially in CIAM, which stands for Customer Identity and Access Management. As an IAM developer and architect, I favor this tool over others due to its extensive functionalities.

Our main use case for ForgeRock is to manage secure user authentication and authorization for our enterprise platform. For example, we use ForgeRock to implement OAuth 2.0 authentication flows and ensure that only authorized users can access sensitive onboarding workflows and data. A specific scenario would be when a new user is onboarded. ForgeRock handles the authentication process, enforces multi-factor authentication, and manages user roles and permissions to control access to different stages of the onboarding lifecycle, such as draft, submission, approval, and finalization. This integration helps us maintain regulatory compliance as well as auditability and security with multiple user roles, while also streamlining user experience and reducing the risk of unauthorized access.

Integrating ForgeRock with our onboarding workflows has been a valuable learning experience because there are both smooth and challenging aspects. The smoothest part is ForgeRock's standards-based support for Auth and SAML, which makes it straightforward to set up secure authentication and single sign-on for our onboarding module. ForgeRock's comprehensive documentation and RESTful APIs also help accelerate the integration. One challenge is mapping our complex multi-stage onboarding workflows, where users transition between draft, submission, and approval stages to ForgeRock's role-based access controls and policy configurations. We had to carefully design custom policies and attribute mappings to ensure that only the right users could perform specific actions at each stage, which required close collaboration between our development and security teams. Another tricky aspect is handling legacy user data and ensuring seamless migration to ForgeRock without disrupting existing user access or compliance requirements. Overall, the integration is successful, and the flexibility of ForgeRock's platform allows us to tailor the solution to our specific needs.

One thing that stands out about our main use case and the integration process is how ForgeRock's centralized policy management makes it much easier to enforce consistent security and compliance rules across all stages of the onboarding process. We are able to implement fine-grained access control, so permissions can dynamically adjust based on user roles and the current status of the onboarding request. ForgeRock's auditing and versioning features are particularly valuable for our compliance needs, allowing us to track every access and every modification event. Additionally, the flexibility to integrate with our existing tech stack including Java, Spring Boot, and Apache Kafka helps us avoid major architectural changes and keeps the project timeline on track. ForgeRock's extensibility and strong support for enterprise standards are key factors in the success of our implementation.

Initially, the primary improvement was security. By implementing standards-based authentication and access controls, we reduced unauthorized access incidents and strengthened our overall security posture. Next would be compliance. Centralized policy management and comprehensive auditing features made it much easier to meet regulatory requirements and pass company compliance audits. Efficiency was another major improvement. Automating user provisioning and access management streamlined onboarding processes, cutting manual administrative work and reducing onboarding cycle time. User experience also improved. The self-service features like password resets and account recovery improved user satisfaction. Another important positive impact was operational stability. The integration with our backend systems and the ability to manage policy centrally led us to fewer configuration errors. ForgeRock enabled us to deliver a more secure and compliant onboarding experience while also improving efficiency.

After implementing ForgeRock, we saw a reduction in onboarding cycle time by roughly twenty-five percent as automated workflows and centralized access management eliminated many manual steps. Security incidents related to unauthorized access or misconfigured permissions dropped by forty percent, and audit preparation time decreased by approximately thirty percent because of ForgeRock's comprehensive logging and reporting features. We also noticed a twenty percent reduction in user support tickets, especially regarding password resets and account recovery due to the self-serving capabilities. While these are rough estimates, they reflect the tangible improvements we experienced in efficiency, security, and user satisfaction.

The most valuable features ForgeRock offers are its support for standards-based authentication and authorization protocols including OAuth 2.0 and SAML, which make it a secure integration. The fine-grained role-based access control has been essential for managing complex user permissions across different onboarding workflow stages. Centralized policy and configuration management allows us to enforce consistent security and compliance. The platform's extensibility, along with RESTful APIs, makes it easier for us to integrate with our existing Spring Boot backend and other enterprise systems. Multi-factor authentication support and risk-based authentication have added significant value by enhancing security without compromising user experience.

Centralized management makes the biggest difference because it allows us to define, update, and enforce security and compliance rules from a single location, which is crucial given the complexity of our onboarding workflows and the need for strict compliance. This feature reduces manual configuration errors, improves consistency across different modules, and makes it much easier to audit and demonstrate compliance to internal and external stakeholders. It also streamlines collaboration between development, security, and compliance teams since everyone can work from a unified set of policies. Overall, policy management not only improves our security but also accelerates our development.

I wish we had used ForgeRock's adaptive risk-based authentication, which allows dynamic adjustment of authentication requirements based on user behavior. This could have helped us further strengthen our security. Another hidden gem is the built-in support for custom authentication modules and scripting, which gives a great deal of flexibility to tailor authentication flows. The self-service capabilities for password resets and account recovery have been very helpful in reducing support overhead and improving user experience. Discovering and utilizing these features would have definitely made our integration even smoother and would have provided additional value for both our users and our security team.

One area of improvement would be the user interface for policy and workflow configuration, which can become complex and sometimes unintuitive, especially for new administrators. A more streamlined and user-friendly UI would help reduce the learning curve. Enhanced out-of-the-box analytics and reporting would also be valuable, as our current options often require custom development or integration with external tools. While extensibility is a strength, documentation for advanced customizations and integrations could be more comprehensive and easier to follow. Improved support for seamless upgrades and backward compatibility would also help minimize downtime.

In terms of performance, optimizing the platform for high concurrency environments would be beneficial, especially for organizations with large user bases or peak usage periods. Enhanced scalability features such as more granular or horizontal scaling options would provide better support for distributed deployments. For integrations, having more pre-built connectors and easy integration with modern cloud-native services would accelerate adoption. Improved monitoring and real-time health dashboards would help proactively identify and resolve performance bottlenecks.

I have been working in my current field for seven years.

ForgeRock supports integration with legacy systems in our organization by offering a wide range of connectors and APIs. We utilize the identity gateway and REST APIs to bridge modern identity service with legacy platforms. These platforms support standard protocols including LDAP, SAML, and OAuth, which helps us connect with older systems. Custom connectors and scripting capabilities also allow us to tailor integrations with unique applications. This approach enables us to modernize our IAM infrastructure while still leveraging critical legacy systems.

With scalability in mind, ForgeRock supports both horizontal and vertical scaling to accommodate our growing user bases with increased transitions. We leverage containerization and orchestration tools to deploy ForgeRock components, which allows us to scale services up and down. Load balancing and clustering features ensure high availability and distribute traffic efficiently. Caching mechanisms, such as Redis cache or Ehcache, are used to reduce database load. One challenge we face is tuning the system for peak loads, especially during onboarding spikes or regulatory deadlines, but by optimizing our infrastructure and monitoring, we are able to address these bottlenecks.

ForgeRock supports multi-factor authentication and risk-based authentication in our organization by allowing us to enforce additional authentication steps, such as OTPs, push notifications, or biometrics. The platform provides flexible authentication trees, enabling us to design custom MFA flows tailored for different user groups and risk profiles.

ForgeRock's customer support team has been responsive and knowledgeable, assisting us during our technical challenges and when we needed guidance on best practices. The support team provides timely assistance. The support portals offer comprehensive documentation, troubleshooting guides, and community forums that have been helpful for resolving common issues independently. Overall, my experience with customer support has been positive, contributing to smoother deployments and ongoing maintenance.

I believe it is important to clearly define and thoroughly assess your organization's identity and access management needs upfront. ForgeRock's flexibility can be both a strength and a challenge if requirements are not clear. It is crucial to pay close attention to initial architecture and design, especially around authentication flows, user journeys, and integration. Additionally, investing in training for your technical team is essential because ForgeRock's platform is powerful but can have a steep learning curve for those new to it. Be cautious about potential complexity in customizations. While ForgeRock is highly extensible, over-customizing can complicate upgrades and maintenance. Ensure you have a solid plan for monitoring, logging, and compliance from the start.

I appreciate ForgeRock for its strong focus on security, which is critical for organizations handling sensitive data. My overall review rating for this solution is an eight.