ForgeRock Platform Release - Summer 2016

© 2016 ForgeRock. All rights reserved.

Webinar: Summer 2016 Platform Release

John Barco, VP Global Product Marketing

© 2016 ForgeRock. All rights reserved.

Platform Release Goals

•  Frictionless Identity •  Identity Relationships •  Microservices Security •  Unified Platform •  Ease of Use

© 2016 ForgeRock. All rights reserved.

ForgeRock Identity Platform

•  Simple •  Scalable •  Modular •  Common platform •  Open source community

participation

© 2016 ForgeRock. All rights reserved.

Built as Modular Components

UMA Provider Mobile App Synchronization Auditing

LDAPv3 REST/JSON

Replication Access Control

Schema Management

Caching

Auditing

Monitoring

Groups

Password Policy

AD Password Pass-thru

Reporting

Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2

Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2

Adaptive Risk Stateless/Stateful Registration Aggregated View Message Transformation

API Security Microservices

Built from Open Source Projects:

UMA Resource

Access Management Identity Management Identity Gateway

Directory Services

Com

mon

RES

T AP

I

Com

mon

Use

r Int

erfa

ce

Com

mon

Aud

it/Lo

ggin

g

Com

mon

Scr

iptin

g

© 2016 ForgeRock. All rights reserved.

Platform Modules

Authoriza*on   Federa*on  

Iden*ty  Workflow   Self  Service  

Authen*ca*on  

Iden*ty  Synchroniza*on  

Adap*ve  Risk  

Directory  Services  

User  Managed  Access  

Iden*ty  Gateway  

Common

 Services  

© 2016 ForgeRock. All rights reserved.

Platform Common Services Update

© 2016 ForgeRock. All rights reserved.

New Audit Framework • Common audit event framework

captures activity of users, devices, things with unique ID label

• New ELK and JMS handlers •  Also CSV, DB, and syslog •  Export to third party services

Splunk, ArcSight, FireEye, Palo Alto Networks …

Dashboard: User Access Audit

© 2016 ForgeRock. All rights reserved.

Access Management Update

© 2016 ForgeRock. All rights reserved.

Access Management •  Authentication

•  Single sign-on •  Social sign-on •  Strong authentication •  Mobile MFA

•  Adaptive Risk •  Federation •  Authorization •  User-Managed Access •  Self-Service

1 web app

15 min. download

to install

6 modules

20k+ Authentications

per second

© 2016 ForgeRock. All rights reserved.

Stateful Session Management

Session

SA

ML2

OA

uth2

OpenAM Server

Session

SA

ML2

OA

uth2

OpenAM Server

FAMRecord FAMRecord

OpenDJ OpenDJ

Session

SA

ML2

OA

uth2

OpenAM Server

FAMRecord

OpenDJ

•  Session failover uses the Core Token Service (CTS) to persist sessions

•  CTS is based on OpenDJ and can be embedded or external

•  External CTS gives flexibility and control over the topology

© 2016 ForgeRock. All rights reserved.

New Stateless Session Management

•  Stateless = state information is encoded in JWT token

•  High-performance support for microservices or distributed cloud environment - 100K/sec token validation

•  Client can obtain token from any server; Client can validate token on any server

11

OpenAM Server

OpenAM Server

OpenAM Server

AWS1 AWS2 AWS3

Microservices Client App

OAuth2, OIDC Tokens

PROPRIETARY AND CONFIDENTIAL

© 2016 ForgeRock. All rights reserved.

Define Risk Profile of user or

device

•  Context builds intelligence into policies to protect resources at the time of access and during session

•  Scriptable conditions can examine environmental conditions and also call external services to augment the authorization process

Scripted conditions flag

changes Evaluate context

during AuthN/ AuthZ

Create policies with risk /contextual parameters

Risk is remediated

Session resets, forces action

Context-Based AuthN & AuthZ

© 2016 ForgeRock. All rights reserved.

Advanced Authentication For modern and legacy systems

•  20+ out-of-box modules including Google, Facebook, MS

•  AuthN methods can be chained together for enforcing different levels or strength of security

•  Scripted AuthN modules extend functionality on client side and server side using Groovy and JavaScript

Create New Authentication Chain

SAML2 Authentication

Adaptive Risk / Device ID

ForgeRock Mobile Authenticator

Save Device Profile

© 2016 ForgeRock. All rights reserved.

Adaptive Risk Enables better user experience

•  The Adaptive Risk module assesses the risk based on pre-configured parameters

• Over 30 parameters, including IP address, IP history, cookie value, login history, geo-location, etc.

• Can be used in authentication chain or for step-up re-authentication

94

Risk Score

© 2016 ForgeRock. All rights reserved.

New Passwordless Authentication • New update of ForgeRock

Authenticator Mobile App for iOS and Android

• Vastly improves the user experience while reducing friction during the user authentication process

• Customize app look and feel or use source code to build your own

Swipe, Fingerprint Scan,

Custom

© 2016 ForgeRock. All rights reserved.

New Passwordless Authentication

© 2016 ForgeRock. All rights reserved.

Identity Management Update

© 2016 ForgeRock. All rights reserved.

Identity Management

•  Workflow-driven provisioning •  Synchronization and

reconciliation •  Cloud / Enterprise

connectors •  Self-service

•  Password management +

1 web app

15 min. download

to install

3 modules

72k+ registrations

per min.

© 2016 ForgeRock. All rights reserved.

New Object Model Visualization •  Identity Management

architecture is REST-based with flexible object model

•  Visually representing objects and the relationships enables easier access to rich data

•  User, device, thing relationships are complex – a visual model helps simplify admin tasks – reduces risks

PROPRIETARY AND CONFIDENTIAL

© 2016 ForgeRock. All rights reserved.

Identity Gateway Update

© 2016 ForgeRock. All rights reserved.

Identity Gateway •  Mobile security •  API security •  Legacy app security •  IoT gateway •  Credential replay •  Federated service provider •  Token translation service •  UMA resource server

1 web app

15 min. download

to install

1 module

20k+ requests

processed / sec

© 2016 ForgeRock. All rights reserved.

Protect REST Endpoints and APIs New Throttling Filter •  Control the rate of requests that

clients can make to a Web API based on IP address or request route

•  Set multiple limits for different scenarios like allowing an IP or Client to make a maximum number of calls per second, per minute, per hour per day or even per week

Identity Gateway Throttling Filter

© 2016 ForgeRock. All rights reserved.

New Preview Cloud Foundry Service Broker

•  Lightweight, simple way for ForgeRock solutions to protect RESTful microservices running in Cloud Foundry

•  Open source code for the service broker preview is accessible through GitHub (https://github.com/ForgeRock/forgerock-service-broker-cloudfoundry)

© 2016 ForgeRock. All rights reserved.

Resources: Downloads / Docs / Support

© 2016 ForgeRock. All rights reserved.

Resources: ForgeRock.org community site

© 2016 ForgeRock. All rights reserved.

Resources: ForgeRock.com