In case you missed it…. ForgeRock's Identity Management Solution

This topic has 2 replies, 3 voices, and was last updated 5 years, 10 months ago by subba.

  • Author
  • #7669

    Back on January 22nd, ForgeRock changed the world (well it certainly changed for me!). We released the update to the entire catalog of ForgeRock offerings – as well as a nomenclature change. For years, I’ve been the Product Manager for ForgeRock’s OpenIDM. Now, I’m the Product Manager for ForgeRock’s Identity Management Solution.

    You’re probably saying “Sounds like a bunch of marketing to me…” -and on the one hand, you wouldn’t be wrong. However, we want people to think in terms of the functionality they need from the ForgeRock Platform rather than any features of a specific product. In this way – we can ensure that people are open to discussing requirements and we can look at fulfilling requirements rather than trying to get you to install this product or that.

    So what does this release provide that’s new in terms of Identity Management and Provisioning functionality? Let me provide you with a short list and we can discuss the items you’re interested in with the comments section of the forum.

    First off – UI: there’s a new, bootstrap based UI model that includes dashboards, widgets, theming, expanded extensibility and more. We also separated all Administrative functionality and put it in the Admin UI, while placing all self-service capabilities under what we call (obviously) the Self-Service portal.
    As a sub point to the new Self-Service portal, we have a new (Self-Service) Registration, Password Reset and Forgotten User Name experience that’s configurable – and common across the ForgeRock platform. I know this will generate a lot of interest, so if you’d like to learn more, let me know!

    Second – Roles and Relationships: We created and utilized the new intrinsic Relationship model to expand on our Role model and functionality. That means there is reverse relationship behind the Role model we have in Identity Management – and (like most things in the Identity Management area) it’s configurable and extensible to fit most any situation: Parent<->Child, Owner<->Device, User<->Group, Thing<->Sensor – whatever you can think of (and you’re not limited to one relationship… you can model whatever use case you may need)! Roles also are fully managed from the Admin UI – that mean Create, Read, Update, Delete (and more) are able to done visually from the UI (and of course from API/REST based interfaces).

    Third – Mutli-Account Linking: Have you had to maintain separate accounts for users because they have different personas (like Administrators AND regular User, or multiple bank accounts – but just one login). The new Linked Qualifier allows you to have multiple personas (and any specific policies or attributes for those personas) while maintaining a single user account in a resource (like a database, Active Directory, LDAP or whatever). Internally, we handle the reconciliation of the account and each persona specific value or policy.

    Fourth – Passwords: Until we can get rid of them, they’re here to stay. Therefore, we make it easier to manage password with Multiple password policies (even conditional policy), Hashing (rather than encrypting) of passwords (and to be honest, any attribute you want hashed). Even authenticating using ForgeRock’s Access Management solution (we used to call this OpenAM) rather than intrinsic accounts.

    Finally, there’s a new upgrade and patching framework that instructs and guides you through maintaining the Identity Management Solution. As you receive updates from support (in the form of patches) or the product team (in the form of product updates or upgrades), we have service oriented, or UI driven ways of informing what the change is, pausing (or more properly, putting into maintenance) Identity Management services, backing up the existing configuration and files, updating/upgrading the services, and reporting back all the changes that we made (while maintaining your old configuration and files). This makes managing the solution much easier and maintainable.

    Of course there are lots more items I could talk about – Documentation has been updated (and several new guides are included), added support for repository technologies, ForgeRock commons audit, and of course connectors! This was just intended to give you a taste of what’s new in OpenIDM 4…err, the ForgeRock Identity Management Solution (give me a little time to adjust :^) )

    You can find all of the newest releases at and!


     Rajesh R

    @tim-sedlack thanks for such a short and sweet write up on the new features of recently released ForgeRock OpenIDM 4. Kudos to the Product Engineering team for the hard work done on the new and improved UI as well as the new set of very useful features.


    Hi Tim,

    Can we Sync OPENIDM users and user roles into other applications via REST API by exploring OPENIDM API’s without using any connectors?

    Is there any API’s in OPENIDM 4.0 or 4.5 to explore or fetch OPENIDM Users and user roles into other applications, with out creating or developing a new custom connectors.

    If OPENIDM supports then who to explore and sync data into other application.

    Thanks & Regards

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?