ForgeRock Identity Cloud: Considerations for object modelling

Object modelling considerations

When preparing for the deployment of Identity Cloud, one of the most important phases of the planning process is data modelling - i.e. deciding on:

  • The different user communities the platform will serve, such as customers, business partners and employees.

  • The different entities that make up each of these communities, such as end users, organisations, devices and so on.

  • The information required about each of these entities in order to support your authentication and authorisation requirements.

  • How end users are organised. For example, whether users are grouped into business units, standalone organisations or other families of users, and how this affects authentication and authorisation.

  • Where identity information originates from, and where it is managed. It is important to understand which identity information is created or updated in Identity Cloud and which information is managed externally.

Object modelling in Identity Cloud

Identity Cloud offers extensive flexibility for identity profiles and associated business processes. However, the overall object model is relatively fixed, as may be expected of a SaaS delivery model. The object modelling process will therefore involve some level of adaptation of any pre-existing customer identity model; it is unlikely (and often undesirable) that the existing model can be implemented exactly as-is within Identity Cloud.

The development of the new identity model should preserve the entities and attributes which are relevant to the business requirements while leaving behind the identity data which is only relevant internally to the organisation.

Tools and further reading

Alpha User Attribute Mapping Table spreadsheet

Identity Cloud > Plan for data object modeling

Identity Cloud > Object modeling

Identity Cloud > User identity attributes and properties