What is our primary use case?
In AUS, there is an accredited open banking solution. We worked on a security profile using ForgeRock. We used four or five ForgeRock components, including Access Management, Identity Gateway, Identity Management, and Directory Stores. Another use case is the insurance side, but it's also consumer identity and Access management.
When I'm working on the client's site, it's a different user base, so I'm not sure how many people or products there are. I think both organizations are using ForgeRock to manage that data for many projects.
How has it helped my organization?
With ForgeRock, we don't need to do everything independently because it's a PaaS. Before ForgeRock, we used our own custom authentication mechanism, so we had to write custom code. After integrating with ForgeRock, we can use GUI instead of messing with the backend as much.
We also have to maintain that code and upgrade it every time there is a library change or customization. We need to manage it, but it's easier to customize and maintain in ForgeRock.
What is most valuable?
ForgeRock products are customizable, and the out-of-the-box features are solid, too. I primarily use the OIDC compliance features. It's just a configuration. it's easy to set up and customize trees. We can add our own features if necessary. Banks and corporations have different standards and specific validations.
What needs improvement?
There are many issues with the latest version, so we've raised many tickets. They added new features, but that also needs some improvement. It may be related to some standards like requirements and specific settings that need to be improved.
We are using OIDC and SAML Federation standards, and I think SAML things also need some improvement. It is a known issue that's already in their release notes. So I guess that is already there.
For how long have I used the solution?
I have been using ForgeRock for three years.
What do I think about the stability of the solution?
I haven't had issues with ForgeRock's stability, but there could be some performance improvements. Initially, it took some time to maintain some features. In the directory stores, it took a lot of time. There are some lags due to different reasons, or maybe it's a network issue. We have problems connecting with the database. We need to add monitoring tools for all those parts and immediately verify which components went down.
What do I think about the scalability of the solution?
I think ForgeRock is easy to scale on the cloud side, but I've never worked on the cloud. We are already using four sites, so I think it's different when you have your own servers and on-prem. We have only four servers, and we are managing everything on these four servers, so I can't say much about scalability. Our user base is big. A million people are using the whole CIAM process on one site.
How are customer service and support?
We raised tickets asking for improvements, but sometimes we don't get the proper solution. They are responding, but the ticket is open for weeks and weeks. For some issues, we don't get a satisfactory solution or the solution doesn't work.
I think ForgeRock support needs some improvement. Sometimes the person managing the ticket is not in that particular field, and he needs to confirm with his team or other technical teams.
Which solution did I use previously and why did I switch?
I worked on the development side. From the Ping perspective, it's mostly a configuration we did. It was another vendor doing the whole development for the Ping Foundation, mostly on the performance side. They were looking into that part.
How was the initial setup?
I worked on two different projects based on ForgeRock, and both are automated deployments. One is a UI-based deployment. It's an automated process using some scripts.
The deployments are done through Octopus, so it's also automated. We first deploy the essential components of AM and then implement additional configurations like Amster Imports. After that, we import all the SAML Federation data and add some certificates.
We have two teams of five and three team members working on the different deployment processes. One is working on the dev side, another is looking at the higher environment, and one is managing the data.
In another project, I'm the only developer. We also deploy on the dev environments so that anyone can test new features, configurations, and client requirements. They can test it on the dev environment, but a team of four people manages higher environments.
The Access Management component involves the most customization, which takes around 15 to 20 minutes because of the need to import the Amster configuration. If another deployment is simultaneously happening, it may be a little slower and take around 30 minutes. The other components, like the user data stores, take about five to seven minutes. It's another five to 10 minutes for Identity Management.
After deployment, the maintenance is mostly checking for security vulnerabilities. If ForgeRock shares security vulnerabilities or advisories, we check to see if there is something inside we need to maintain. Other than that, we just install updates when they add features each month.
What other advice do I have?
I rate ForgeRock nine out of 10. I would recommend ForgeRock to others. They're constantly coming out with new features, and you can do each feature in multiple ways. The way you go about it is up to you and your requirements.
Which deployment model are you using for this solution?
On-premises
*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
