ForgeRock Reviews

Our main use case for ForgeRock is to manage secure user authentication and authorization for our enterprise platform. For example, we use ForgeRock to implement OAuth 2.0 authentication flows and ensure that only authorized users can access sensitive onboarding workflows and data. A specific scenario would be when a new user is onboarded. ForgeRock handles the authentication process, enforces multi-factor authentication, and manages user roles and permissions to control access to different stages of the onboarding lifecycle, such as draft, submission, approval, and finalization. This integration helps us maintain regulatory compliance as well as auditability and security with multiple user roles, while also streamlining user experience and reducing the risk of unauthorized access.

Integrating ForgeRock with our onboarding workflows has been a valuable learning experience because there are both smooth and challenging aspects. The smoothest part is ForgeRock's standards-based support for Auth and SAML, which makes it straightforward to set up secure authentication and single sign-on for our onboarding module. ForgeRock's comprehensive documentation and RESTful APIs also help accelerate the integration. One challenge is mapping our complex multi-stage onboarding workflows, where users transition between draft, submission, and approval stages to ForgeRock's role-based access controls and policy configurations. We had to carefully design custom policies and attribute mappings to ensure that only the right users could perform specific actions at each stage, which required close collaboration between our development and security teams. Another tricky aspect is handling legacy user data and ensuring seamless migration to ForgeRock without disrupting existing user access or compliance requirements. Overall, the integration is successful, and the flexibility of ForgeRock's platform allows us to tailor the solution to our specific needs.

One thing that stands out about our main use case and the integration process is how ForgeRock's centralized policy management makes it much easier to enforce consistent security and compliance rules across all stages of the onboarding process. We are able to implement fine-grained access control, so permissions can dynamically adjust based on user roles and the current status of the onboarding request. ForgeRock's auditing and versioning features are particularly valuable for our compliance needs, allowing us to track every access and every modification event. Additionally, the flexibility to integrate with our existing tech stack including Java, Spring Boot, and Apache Kafka helps us avoid major architectural changes and keeps the project timeline on track. ForgeRock's extensibility and strong support for enterprise standards are key factors in the success of our implementation.

Initially, the primary improvement was security. By implementing standards-based authentication and access controls, we reduced unauthorized access incidents and strengthened our overall security posture. Next would be compliance. Centralized policy management and comprehensive auditing features made it much easier to meet regulatory requirements and pass company compliance audits. Efficiency was another major improvement. Automating user provisioning and access management streamlined onboarding processes, cutting manual administrative work and reducing onboarding cycle time. User experience also improved. The self-service features like password resets and account recovery improved user satisfaction. Another important positive impact was operational stability. The integration with our backend systems and the ability to manage policy centrally led us to fewer configuration errors. ForgeRock enabled us to deliver a more secure and compliant onboarding experience while also improving efficiency.

After implementing ForgeRock, we saw a reduction in onboarding cycle time by roughly twenty-five percent as automated workflows and centralized access management eliminated many manual steps. Security incidents related to unauthorized access or misconfigured permissions dropped by forty percent, and audit preparation time decreased by approximately thirty percent because of ForgeRock's comprehensive logging and reporting features. We also noticed a twenty percent reduction in user support tickets, especially regarding password resets and account recovery due to the self-serving capabilities. While these are rough estimates, they reflect the tangible improvements we experienced in efficiency, security, and user satisfaction.

The most valuable features ForgeRock offers are its support for standards-based authentication and authorization protocols including OAuth 2.0 and SAML, which make it a secure integration. The fine-grained role-based access control has been essential for managing complex user permissions across different onboarding workflow stages. Centralized policy and configuration management allows us to enforce consistent security and compliance. The platform's extensibility, along with RESTful APIs, makes it easier for us to integrate with our existing Spring Boot backend and other enterprise systems. Multi-factor authentication support and risk-based authentication have added significant value by enhancing security without compromising user experience.

Centralized management makes the biggest difference because it allows us to define, update, and enforce security and compliance rules from a single location, which is crucial given the complexity of our onboarding workflows and the need for strict compliance. This feature reduces manual configuration errors, improves consistency across different modules, and makes it much easier to audit and demonstrate compliance to internal and external stakeholders. It also streamlines collaboration between development, security, and compliance teams since everyone can work from a unified set of policies. Overall, policy management not only improves our security but also accelerates our development.

I wish we had used ForgeRock's adaptive risk-based authentication, which allows dynamic adjustment of authentication requirements based on user behavior. This could have helped us further strengthen our security. Another hidden gem is the built-in support for custom authentication modules and scripting, which gives a great deal of flexibility to tailor authentication flows. The self-service capabilities for password resets and account recovery have been very helpful in reducing support overhead and improving user experience. Discovering and utilizing these features would have definitely made our integration even smoother and would have provided additional value for both our users and our security team.

One area of improvement would be the user interface for policy and workflow configuration, which can become complex and sometimes unintuitive, especially for new administrators. A more streamlined and user-friendly UI would help reduce the learning curve. Enhanced out-of-the-box analytics and reporting would also be valuable, as our current options often require custom development or integration with external tools. While extensibility is a strength, documentation for advanced customizations and integrations could be more comprehensive and easier to follow. Improved support for seamless upgrades and backward compatibility would also help minimize downtime.

In terms of performance, optimizing the platform for high concurrency environments would be beneficial, especially for organizations with large user bases or peak usage periods. Enhanced scalability features such as more granular or horizontal scaling options would provide better support for distributed deployments. For integrations, having more pre-built connectors and easy integration with modern cloud-native services would accelerate adoption. Improved monitoring and real-time health dashboards would help proactively identify and resolve performance bottlenecks.

I have been working in my current field for seven years.

ForgeRock supports integration with legacy systems in our organization by offering a wide range of connectors and APIs. We utilize the identity gateway and REST APIs to bridge modern identity service with legacy platforms. These platforms support standard protocols including LDAP, SAML, and OAuth, which helps us connect with older systems. Custom connectors and scripting capabilities also allow us to tailor integrations with unique applications. This approach enables us to modernize our IAM infrastructure while still leveraging critical legacy systems.

With scalability in mind, ForgeRock supports both horizontal and vertical scaling to accommodate our growing user bases with increased transitions. We leverage containerization and orchestration tools to deploy ForgeRock components, which allows us to scale services up and down. Load balancing and clustering features ensure high availability and distribute traffic efficiently. Caching mechanisms, such as Redis cache or Ehcache, are used to reduce database load. One challenge we face is tuning the system for peak loads, especially during onboarding spikes or regulatory deadlines, but by optimizing our infrastructure and monitoring, we are able to address these bottlenecks.

ForgeRock supports multi-factor authentication and risk-based authentication in our organization by allowing us to enforce additional authentication steps, such as OTPs, push notifications, or biometrics. The platform provides flexible authentication trees, enabling us to design custom MFA flows tailored for different user groups and risk profiles.

ForgeRock's customer support team has been responsive and knowledgeable, assisting us during our technical challenges and when we needed guidance on best practices. The support team provides timely assistance. The support portals offer comprehensive documentation, troubleshooting guides, and community forums that have been helpful for resolving common issues independently. Overall, my experience with customer support has been positive, contributing to smoother deployments and ongoing maintenance.

Positive

I believe it is important to clearly define and thoroughly assess your organization's identity and access management needs upfront. ForgeRock's flexibility can be both a strength and a challenge if requirements are not clear. It is crucial to pay close attention to initial architecture and design, especially around authentication flows, user journeys, and integration. Additionally, investing in training for your technical team is essential because ForgeRock's platform is powerful but can have a steep learning curve for those new to it. Be cautious about potential complexity in customizations. While ForgeRock is highly extensible, over-customizing can complicate upgrades and maintenance. Ensure you have a solid plan for monitoring, logging, and compliance from the start.

I appreciate ForgeRock for its strong focus on security, which is critical for organizations handling sensitive data. My overall review rating for this solution is an eight.

In 2014, we had two use cases with ForgeRock. One was for consumers, with 60 million consumers of the TomTom navigation system. The other was approximately half a million use cases for B2B purposes for implementing ForgeRock in cars, with the first batch of cars being Korean vehicles.

For the consumer use case, we launched a program called One TomTom ID where a single user ID could be used to log into the web, app, and navigation device with ForgeRock. Previously, there were three different user IDs because of how the company had grown with different platforms. This was a main use case for better customer experience and improved security. For the B2B use case, different car companies wanted to get traffic information into their dashboards, and the best way to authenticate was to embed custom code into their dashboard. Whenever the car started up, the car's VIN number would be authorized if it was on the list to receive traffic information from TomTom, and they would receive it.

When authenticating a car to determine whether it was authorized to receive traffic information with ForgeRock, it was not straightforward because anyone could drive a car, so it could not be user-based. Authentication had to be based on the car's navigation ID, the dashboard ID, and the VIN number, which are directly related to the car and apply to whoever is driving it. To accomplish this, we had to issue a token. Every time a car started up for the first time and connected with the back-end system, it was issued a token that would authorize it to receive traffic information, which was a very efficient and neutral solution.

When we started using ForgeRock, it was the only premium platform that could provide this kind of security for different platforms. Its platform was built in a way where it could be applied to consumer-based use cases, but also to B2B in different capacities with token and tokenized systems, giving all kinds of options for both consumer-based and B2B scenarios.

In the B2C space, ForgeRock gave our consumers a very strong and good customer experience. We were able to manage security for B2C devices, which totaled 60 million at one location. We always took feedback from customers through surveys after implementing ForgeRock, and they gave very positive feedback. The customers of TomTom were very loyal and had been using TomTom services for a very long time, even using their personal navigation devices. Because of a single user ID being used across platforms, we had a lower amount of abandoned baskets since previously, customers would be confused about which user ID and password to use, whether it was for the web, mobile app, or device. This created very good synergy and a better experience for our customers.

On a B2B level, it opened up the market for TomTom to sell its services in a more efficient way to car companies. In the past, it used to be very complicated to set up separate servers for traffic flow and different information. Now we did not have to do that. Although it is difficult for me to give a specific percentage, it opened up the market for TomTom, and I believe they made several millions from it.

ForgeRock can be improved by making it easier to understand the licensing and upgrade protocols. The licensing was very complicated, and it required considerable time to understand which components required what kind of licensing. The upgrade process was also complicated and required significant effort to upgrade the platforms, which created a resource constraint but was necessary.

Documentation and support from ForgeRock's support desk were available, but the upgrade process remained complicated and took considerable effort, which diverted resources away from main projects.

I have used ForgeRock since 2014.

ForgeRock is stable, and I have never experienced any problems.

We scaled up with ForgeRock. My team received an award for implementing it for a 60 million customer base, which was the largest implementation at that time. Also, for the B2B use case, it was very easy to deploy the solution for different car manufacturers. From that perspective, the ease of deployment and scalability is very good.

ForgeRock's customer support is very good. Generally, the team is very responsive and takes a sense of ownership and accountability.

Negative

I previously used a different solution before ForgeRock, which was custom-built and homegrown. It was stitched together across platforms; the web had a different solution, the mobile app was different, and the navigation device had different setups. All solutions were homegrown and home-brewed.

I inherited the project when we were evaluating ForgeRock as the final solution. I do not remember the other company because it was in 2015.

On the pricing side, it was reasonable. As a customer, one always prefers lower costs or pricing. On the setup and implementation side, since we were doing it for the first time and the impact would have been substantial, it took considerable time and money to implement. There was a setup cost at that moment. However, we knew that later versions would have been much easier, but we were early adopters.

We purchased the software through a company called Everett in the Netherlands. That company also provided implementation services, which we utilized effectively. That company was later acquired by PwC, and we continued to work with them until 2018 and 2019, whenever we needed assistance. In the initial couple of years, they were very involved in the implementation side and on-site support, which was very good.

The most significant benefit is from the security perspective. We were able to assure that there were no challenges with security. We never experienced any user ID, user password, or personal information being leaked because it was a very secure system that we implemented properly.

On a B2B level, it opened up the market for TomTom to sell its services in a more efficient way to car companies. In the past, it was very complicated to set up separate servers for traffic flow and different information. Now we did not have to do that. Although it is difficult for me to give a specific percentage, it opened up the market for TomTom, and I believe they made several millions from it.

My experience with pricing, setup cost, and licensing was somewhat complicated. One has to spend considerable time trying to understand the different modules and different needs for those modules on the licensing front.

The advice I would give to others looking into using ForgeRock is that ForgeRock as an IAM platform is not the problem. The problem always lies with whether the customer is very clear on what they want to do and has made up their mind before acquiring the platform. Generally, the challenges occur on the implementation side when the customer is not ready to implement or does not have all the use cases figured out. That is why they get a very minimal return on investment. At our end, before we signed the deal, we were very strong on how we were going to implement, and we already had enough design documents in place to understand the different requirements. That is why implementing and executing was a key focus. Any future customer should know what they are going to do with the platform before acquisition; it is like learning to drive before buying a car. I gave this review a rating of eight.

I integrated ForgeRock SSO with a web application that had React for the front end and a Spring Boot back-end API, where ForgeRock AM was acting as an authorization server and an identity provider. Users were stored in ForgeRock and LDAP through ForgeRock Directory Studio. Our goal was to enable SSO using OpenID Connect, issue JWT access tokens, and enforce MFA for sensitive actions.

We created an OIDC client and set up the client ID, redirect URI, and grant type as an authorization code. We checked all the token endpoints, defined the scopes, token lifetime, and signing algorithms. We implemented the login flow where the user goes to the app and is redirected directly to ForgeRock when the app sees no session. When ForgeRock executed the authentication tree, it handled username, password, device check, risk calculation, and optional MFA. After successful authentication, ForgeRock redirects back with the authorization code.

We also used a Spring Boot API which validates API protection and validates the JWT signature using the ForgeRock public key, checks expiration, issuer, audience, and scopes. This is how we implemented MFA and SSO.

ForgeRock offers several features that stand out, especially compared to other IAM platforms. The first is flexible authentication flows. The ability to visually design adaptive authentication flows with nodes such as password, username, risk decisions, device checks, OTP, and push setups gives tremendous control without hardcoding logic, which makes complex authentication very easy to implement.

The second feature is strong support for modern protocols. ForgeRock has first-class support for OIDC, OAuth, SAML, and JWT, which is valuable for SAML and SSO scenarios. I can integrate nearly any web or mobile application and enforce any centralized security controls consistently. The third is risk-based authentication. Being able to evaluate risk signals such as IP reputation, device context, location, and adaptive rules, and then trigger MFA when needed is a huge advantage.

ForgeRock also has very good API security features and its own directory and user management services, which include ForgeRock DS or OpenDJ for PingDS. The policy engine and centralized authorization are very strong. Finally, the enterprise operational features such as token lifetime tuning, session management, monitoring, audit logs, certification, and keystore management are excellent. These do not sound flashy, but they make a very good IAM platform. Running IAM at scale is more manageable for a very large organization. ForgeRock has had a very positive impact on my organization, especially in terms of standardization, security posture, and operational efficiency.

ForgeRock is very powerful, but there are areas where it could be improved. The main area is complexity. ForgeRock is extremely flexible, but the learning curve can be steep. Authentication trees, policy configurations, and integration settings can become very complex quickly, especially for those new to the platform or in a very large organization. More simplified onboarding templates or guided configuration options could help new users significantly.

Another area is the UI and administrative experience. While the platform is functionally strong, some parts of the admin console feel less refined. For example, debugging authentication flows or troubleshooting tokens sometimes requires digging into logs rather than having more visual tools built in.

The deployment and operational setup could also be streamlined further. In larger-scale or cloud-native environments, containerization and CI/CD integration are very important. While ForgeRock supports this, the configuration and upgrade process can sometimes feel heavier compared to more SaaS-native identity providers.

I have more than three years of experience in the field of identity and access management. I was first introduced to ForgeRock during a two-year contract, and this is the product I am reviewing.

ForgeRock is very stable in my experience.

ForgeRock scales very well if the architecture is designed properly. The access management layer is stateless, so I can scale horizontally by adding more nodes behind a load balancer as traffic increases. DS replication also helps maintain performance and availability as the user base grows. When application integrations increase, token validation and authentication traffic go up, but the platform handles it very quickly.

I have interacted with ForgeRock support a few times, mainly for configuration clarifications and complex authentication flows. My experience was positive overall. For standard support tickets, response times were very decent, and the support team was helpful in identifying configuration issues, especially with authentication trees, token settings, and directory replications. I found their documentation fairly comprehensive, which helped reduce the need to open tickets for common configuration questions. The support quality was solid, and response times were very fast.

Positive

We tried many different SaaS applications before ForgeRock. We used an on-premises application, and later we thought ForgeRock would be a better option. We evaluated different options in the market and determined that ForgeRock would be the better choice, so we migrated everything to ForgeRock.

I can definitely see that fewer employees are needed compared to using different SaaS applications. We have seen this as a return on investment using ForgeRock.

The advice I would give to people looking into using ForgeRock is that it is very powerful, and that flexibility can become complexity if you do not define standards early, especially around token policies, naming conventions, and role models. I suggest investing in skilled IAM engineers. ForgeRock is not a plug-and-play SaaS tool; it is an enterprise platform. Having team members who understand OAuth, OIDC, SAML, LDAP, and security architecture will make a significant difference in a successful implementation. I would rate this product an 8 out of 10 overall.

The main use case for ForgeRock is to work with IAM for authentication and authorization trainings, using the environments during the training sessions and providing samples for ForgeRock customers. I have trained both enterprise organizations and smaller companies. Enterprise organizations are checking if they really need to upgrade to the new version or release, while smaller companies are trying to determine if they need to start using ForgeRock.

ForgeRock is very easy to use, and the UI is very simple to navigate. The platform includes a lot of use cases that can be utilized during training. ForgeRock provides a complete solution for authentication and authorization, which is excellent. There is no need to buy additional products to complete the solution, as it can be used with many business cases to improve authentication and authorization for websites.

The installation process is very easy and fast to start using ForgeRock technology. After installation, you can immediately start using the solution to manage your websites.

Considering the impact on the organization and trainees, we received very positive feedback after the trainings. Trainees agreed to upgrade to the new version after using older releases, and they noticed they could connect with apps or different websites and create workflows to access and share the data they want. This feedback is very positive.

ForgeRock, being based on Linux, has very good documentation about the files generated by the application. However, if everything works fine, it is easy to use, but if there are errors, you need to know where the log files are and what to check. The documentation regarding integration capabilities is very comprehensive because ForgeRock is an agnostic solution. We can use a Linux image from ForgeRock with different systems, applications, websites, and mobile apps to create various types of access for users.

The main purpose of ForgeRock is security because you can create internal groups and users or connect with on-premises or cloud security tools like Active Directory. You can use both, and during trainings, we performed tests that showed its effectiveness.

ForgeRock, being based on Linux, has very good documentation about the files generated by the application. However, if everything works fine, it is easy to use, but if there are errors, you need to know where the log files are and what to check. A point for improvement would be to bring more of these errors to the UI for administrators to help them understand what happened and how to fix it.

I chose a rating of nine out of ten because of the problem regarding the logs. To identify and fix issues, users need to search through different log files. If ForgeRock could enhance this feature in the UI to aid users, I believe that would be perfect, and it would receive a ten.

I worked as an instructor for ForgeRock, and I am not using this technology in my current work, but I used it for three years. I started working with ForgeRock in 2019.

ForgeRock is very stable because it manages access, authentication, and authorization effectively. It supports connection with internal or external Active Directory and provides a stable experience.

ForgeRock has excellent scalability. You can start small with internal user management and increase the number of groups and users or switch to external user management easily, and apply load balancing for your systems as needed.

Before using ForgeRock, I had to use a homemade solution to execute all the features that ForgeRock provides, which was very difficult. I find ForgeRock very good because it provides everything needed to develop and check for security while connecting with different technologies.

The installation process is very easy and fast to start using ForgeRock technology. Installation is straightforward and quick, and after this, you can start using the solution to manage your websites.

Considering the impact on the organization and trainees, we received very positive feedback after the trainings. Trainees agreed to upgrade to the new version after using older releases, and they noticed they could connect with apps or different websites and create workflows to access and share the data they want.

ForgeRock's integration capabilities are very easy to use because it is an agnostic solution. We can use a Linux image from ForgeRock with different systems, applications, websites, and mobile apps to create various types of access for users.

Before using ForgeRock, I had to use a homemade solution to execute all the features that ForgeRock provides, which was very difficult. I find ForgeRock very good because it provides everything needed to develop and check for security while connecting with different technologies.

Others should check if they have a draft idea of how they want to use ForgeRock's authentication and authorization solution before starting. They can then use samples and documentation to understand how to implement the solution and plan for growth. They should also discuss possibilities with ForgeRock's sales and support areas. My overall rating for ForgeRock is nine out of ten.

My main use case for ForgeRock is designing user journeys, specifically customer user journeys, and how they interact with the system.

A specific example of a user journey I designed using ForgeRock is when we migrated from an older IAM system, Okta, to ForgeRock. We designed a journey to log into one of the partner portals, where the password was still authenticated via Okta for the first-time migration users. We configured pass-through authentication, and once the user's login is completed, we mark it as a migrated user, synchronizing their password with ForgeRock Directory Server. In that journey, we implemented various configurations such as step-up control and orchestration, where based on the risk level populated via PingProtect service, either a step-up is required via email or via a one-time text message before granting access.

In addition to my main use case, we have multiple use cases, with over 30 journeys live for the different systems that the company uses, including various flows such as forgot password, reset password, and forgot username, which utilize utility journeys that are repetitive in nature.

The best features ForgeRock offers, in my experience, include their directory services, access management, and identity management, along with the Journeys feature that lets you orchestrate and design your user path in various easy ways. They are very configurable using JavaScript, which I find to be the most useful part.

The Journey feature has made my work easier and more effective because, unlike other tools, from the input we receive from the user, such as the username, we can decide whether to prompt them for a password, send a one-time password link, or a one-time passcode. Many actions can be performed at runtime based on the inputs received, which I find quite useful, and for anything that cannot be achieved out of the box, a simple JavaScript can be written to transform data or perform additions for passing to the next node. There are many out-of-the-box nodes available for integrating with other Ping components or calling out to other SaaS services.

The other features are pretty much the same as other components such as Oracle or Ping, but the Journeys in ForgeRock are something that I really appreciate, while the rest of the features are fairly standard across other IAM components.

ForgeRock has positively impacted my organization by allowing us to migrate from the older system to the newer ForgeRock component, enabling us to go live with many products across geographies, enhancing security as it is all cloud-based, and with the company taking care of availability, it has reduced costs for the company.

In terms of specific outcomes, previously, single sign-on was not implemented, requiring users to remember their passwords across various systems. Now, those issues have been resolved, and users have appreciated this initiative. We centralized all systems from Okta and Microsoft on-premise AD to ForgeRock, which is quite beneficial, and there is also a self-service functionality available for tasks such as resetting passwords or retrieving usernames, leading to a significant reduction in customer service calls.

I wish the JavaScript part could be improved, as not everyone is proficient in JavaScript, so automating that or reducing the reliance on it could be beneficial. Additionally, having only one realm in the cloud version, the alpha realm, feels limiting, and I would prefer having more than one realm as we had in the on-premise version of ForgeRock.

I do not have any other improvements needed for ForgeRock that I have not mentioned.

I have been using ForgeRock for three years.

There seem to be no issues so far with ForgeRock in terms of stability.

Regarding scalability, since ForgeRock is in the cloud, it is pretty scalable.

The customer support is fine; we typically have to go through an online ticketing system on their website. I would rate the customer support eight out of ten.

Positive

I previously used Ping Identity before transitioning to ForgeRock.

I do not have the precise price point on the return on investment, but I have heard in management calls that we have reduced the number of employees needed, and money has definitely been saved.

Before choosing ForgeRock, my organization evaluated other options, including Okta, which was previously implemented.

My advice for others looking into using ForgeRock is that it is really good, particularly the Journeys functionality, which allows you to configure user journeys in a more efficient way. I do not have any additional thoughts about ForgeRock. I would rate this review seven out of ten.

My main use case for ForgeRock includes user provisioning, deprovisioning, reconciliation, workflows, cross-federated SSO, integrating applications, third-party applications into ForgeRock, managing users and entities, and handling password resets, among other functionalities.

I onboard applications into IDM for user provisioning and SSO, managing user identities effectively. We also integrate and onboard those applications into ForgeRock Access Management, allowing users to log in to their applications, get their identities authenticated against ForgeRock, and access their applications seamlessly. This approach is especially pertinent as we focus on customer IAM, utilizing CIAM profiles.

ForgeRock offers a very scalable solution, which is one of its best features. You can have a lot of functional components operating simultaneously, and it is very developer-friendly. The solution is highly scalable, allowing us to define our own managed objects. Additionally, ForgeRock provides excellent features for workflows, which we use for account claiming and linking, highlighting the solution's scalability and flexibility.

ForgeRock positively impacts our organization as we manage a large number of users with ease, providing a standard IAM solution that simplifies our processes.

ForgeRock can improve by offering a unified development IDE for workflows, as we currently maintain BPMN, XML, JSON, and JavaScript separately. Presently, I use Flowable UI to create a BPMN and onboard it to ForgeRock, which is not efficient. Additionally, the front-end development should be more user-friendly for IAM developers, who may not be well-versed in Vue.js. ForgeRock needs to focus on low-code, no-code solutions that allow for drag-and-drop functionality with good orchestration. ForgeRock and Ping should consider providing free vouchers for certification and training to developers to boost market presence, as there is currently a significant gap between good ForgeRock developers and companies looking to implement ForgeRock solutions.

My advice for others considering ForgeRock is that it completely depends on your use cases. ForgeRock is a very potent product that can fit well into a variety of solutions. If you manage a large user base, particularly planning for RBAC and multiple applications, it is easily manageable with ForgeRock. The product's stability and cost-effectiveness are significant advantages.

Having worked with multiple tools such as CyberArk, Delinea, IBM IGI, IBM ISIM, and SailPoint, I find myself very inclined towards ForgeRock due to its capabilities, especially in CIAM, which stands for Customer Identity and Access Management. As an IAM developer and architect, I favor this tool over others due to its extensive functionalities.

My main use case for ForgeRock is mostly access management related fine-grained access management for customer identities.

For fine-grained access management, I use ForgeRock based on the customer base, whether they belong to a particular company or a particular third party. I consider what their use cases are and how they want to integrate or access the applications. Accordingly, I expose ForgeRock Access Management integration either via OAuth 2 or SAML 2 integration, allowing them to access the application in a secure way.

My customers also want to include the multi-factor authentication component, using mobile verification or email verification. They want to store their profile details so that every time they log in, they won't be prompted for MFA. It will be remembered for at least the next 30 days, and they won't be prompted for any second factor, allowing them to log in seamlessly.

The best features ForgeRock offers depend on the use case or requirement of the customer. ForgeRock has a variety of access management and identity management tools, and they have new offerings as well, especially the Advanced Identity Cloud. Everything is in ForgeRock Cloud, and I don't need to manage my infrastructure at all. I will be configuring it to my company requirement and can access it. I can integrate ForgeRock Identity Management and access management for employee lifecycle management, covering joiner, leaver, and mover related workflows. From a customer point of view, there are many other functionalities available depending on what kind of use case they are interested in and how they want to integrate, authenticate, or authorize the applications. I can use the tool in various ways, either through authentication tree-based workflows, WebAuthn, or many other options, integrating and using it according to my needs.

The cloud offerings through Advanced Identity Cloud mean I don't need to set up infrastructure and I don't need to worry about application requirements for infrastructure. It's seamless and available almost immediately. I just need to configure ForgeRock Identity Cloud, connect to my company name and standards, and it's ready to be usable. I just need to customize my flow for custom business workflows. For POC and for very basic testing purposes, it's straightforward. I just need to do fine-tuning so I can use it immediately to test the use cases or basic scenarios.

Since ForgeRock is an authentication tool, it gives more use cases and more revenue for companies. This is useful for everyone, creating a win-win situation for the customers and the implementers. It is very useful for revenue generation as well as day-to-day work for employees.

ForgeRock can be improved by integrating the latest AI-based models and latest trends in the identity industry with the existing product. That way, they can offer more features to customers and secure customer identities and access.

From a usability point of view, it's almost good. Support depends on different models, particularly a severity model. Accordingly, they will respond. It would be better if they were available for support whenever the customer needs it, especially during migration or go-live time periods. If they were available on standby during those times, that would be more useful.

I have been using ForgeRock for more than ten years.

Since I am implementing this for the third party and managing the infrastructure for the actual customers, I am managing the infrastructure and the product on top of it. Whenever a new work order comes in, I work on it and based on the work I do, I will be billed and paid. This results in revenue generation.

I would ask others looking into using ForgeRock to try the product and conduct a POC to see the look and feel of it, how it works, and how it can satisfy the main use case or the use cases for the organization. That way, you can determine whether it is for you. You can decide whether you want a traditional infrastructure-based model or the Advanced Identity Cloud.

I have a different offering, such as the reverse proxy related offering from ForgeRock Identity. There are new offerings in the current or existing latest model. They have already moved away from the old infrastructure model to the cloud-based model and are adding AI integration as well, providing a more secure and intuitive interactive way for customers to interact with the product and get the details they want.

I use the solution in my company for all of our authentications, specifically microservice authentications.

Microservice authentication and authorization is built using the product. Third party vendors have been integrated with our platform using OAuth 2.0 supported by the product. MPIN and Biometrics development has been made using product API's

The solution's most valuable feature is that it comes shipped with directory services and LDAP, which is packaged with it. It also has high support for DevOps. You can manage OAuth 2.0 clients as code.

The product's customization is a bit complicated. The tool is customized by exporting config files to Git and bundling them as images. It is hard for the developers to maintain it as it requires training.

Kubernetes deployment for ForgeRock which is called ForgeOps is not included in product support. The company does not officially support ForgeOps as a product feature but they support it on a best effort basis. It would be better to have ForgeOps as a part of product support.

I have been using ForgeRock for two years. I am just a customer of the tool.

It doesn't actually have any bugs.

It is a very scalable solution in terms of Kubernetes architecture.

All the developers in my company work with ForgeOps APIs, and around 10 to 15 developers make customizations in the product.

As ForgeOps is not internally supported as a product feature, one always has to have professional service to support it. I rate the technical support an eight or nine out of ten.

Positive

Our company started off with Forgerock as the IDAM solution but was considering switching to KeyCloak. However we further made an investment on developing MPIN and Biometrics using product API's, a reason why my company continues with the product.

The product's initial setup phase was not difficult as it started supporting Helm charts. With the latest releases, it has been made easier to manage. Just making the tool highly available requires some expertise.

The product is easy to use in a development environment. It is easy to set up the tool, and it is easy to configure the product in the development environment, but it requires expertise to set up a highly available deployment and use the product in multiple environments.

The solution is deployed on an on-premises model.

Our company was considering switching back to Keycloak from ForgeRock, so as to not pay any license fees. ForgeRock also supports M-PIN and biometric features that Keycloak does not provide. My company started developing for M-PIN and biometric, a reason why my company continues with the product.

I would suggest others use the product after asking them to consider their use cases. SSO may be a use case for some, and using the product as an IDM tool may be a use case. At the moment, my company is not deploying all the components of ForgeRock itself. My company uses ForgeRock for OAuth 2.0. For example, my company is not deploying the IDM and identity gateway components. You should consider your use case and select the required components for that use case.

My company does not use the SSO features of the tool. My company uses SSO to access ForgeRock's AM Console for individual users. My company does not use single sign on features of the product and instead, we use Auth0.

I rate the tool a seven or eight out of ten.

One of the best features of ForgeRock OpenIDM is that once you configure all the connectors, scripts, and modifications, you can migrate that project directory to other higher environments. We don't need to reinstall. Installation and configuration are pretty easy for ForgeRock OpenIDM.

ForgeRock OpenAM is also pretty easy to install and configure. The easiest part of the solution is the workflows, which are pretty easy and very good. We used to have chains that we would not use in the latest release.

ForgeRock does not provide support for issues related to SCIM connectors as their engineers or developers do not know exactly about it. The solution's documentation is not very good, and they do not give more details.

I have been using ForgeRock for about five years.

I rate ForgeRock somewhere between eight and nine out of ten for scalability.

ForgeRock's technical support is pretty good compared to other products. The only thing is they don't want you to ask any questions about how to do something. They will not tell you, and you have to figure it out. You can get a lot of online material and blogs for products like SailPoint, Oracle, or Okta. Since ForgeRock is not used much, people do not put anything in blogs. So you have to figure it out on your own.

Neutral

I compared ForgeRock with various tools. I worked on Oracle IDM, Oracle Access Manager, and SailPoint. SailPoint is pretty good for provisioning, and it has a lot of different things. The governance feature in ForgeRock is comparatively new, and they also came up with the reporting feature. So some features are still new, but it has improved a lot.

ForgeRock's initial setup is straightforward. It's not complex for an experienced engineer or developer.

ForgeRock's pricing is more competitive than other products. I worked on a very big project about ten years ago. Oracle was extremely aggressive on pricing, and they go based on the number of users. Oracle offers very less pricing for educational projects. I'm unsure about ForgeRock's pricing structure for the financial industry, education universities, and big projects.

ForgeRock has four modules, namely, OpenIDM, OpenAM, OpenDS, and Identity Gateway.

ForgeRock is a pretty simple solution compared to other products. As simple as it is, you will have some product limitations somewhere. You can do a lot on Oracle and SailPoint since they have in-depth solutions for anything. However, ForgeRock has some limitations.

Overall, I rate ForgeRock an eight out of ten.

We use ForgeRock for access management. We access ForgeRock over VMs, but it is technically deployed on-premises.

ForgeRock is an extensive product with many functionalities and capabilities, much more than many other tools combined. It comes with XML functionality and the latest standards, including IoT, providing almost all the major identity-use cases. ForgeRock is comprehensive and open and can extend its functionality. ForgeRock has multiple units inside it, such as identity gateways. It has extensive application management and supports all sorts of protocols.

The only problem with ForgeRock is that it is derived from an open-source product, so sometimes it's a bit unstable. Likewise, ForgeRock is not very user-friendly.

I am currently using ForgeRock.

ForgeRock is very scalable. We have more than 100,000 users in our company, with over 1,000 admins using the solution to control access.

The initial setup for ForgeRock was easy.

Though it is a bit unstable, ForgeRock is one of the best solutions, given its cost. However, where you might have a better GUI in other tools, ForgeRock is not as user-friendly. Given the functionality it provides, I recommend ForgeRock but don't purchase the solution assuming it will be a cakewalk.