ForgeRock Identity Cloud: Easily enable identity into applications


Making it easy to integrate identity into target systems can be achieved by providing easy-to-use developer tools and simple application integrations. This increases time to value and reduces deployment costs.

ForgeRock Identity Cloud offers several capabilities to easily enable identity into applications. These include:


What is it?

With software development kits (SDKs), developers can quickly integrate their apps with identity technologies such as Identity Cloud. SDKs enable the rapid integration of an identity and access management system into web and mobile applications.

How is it achieved in Identity Cloud?

ForgeRock provides SDKs for iOS and Android mobile apps and JavaScript. The SDKs are available from a public repository on GitHub: Android, JavaScript, iOS.

With the ForgeRock SDKs, you can rapidly build applications against ForgeRock REST APIs, bringing the capabilities of Identity Cloud into an easy-to-access format for rapid integration with web and mobile applications.

The SDKs can easily integrate authentication, registration and self-service journeys, allowing your mobile and web apps to benefit from Intelligent Access.

Feature highlights of the ForgeRock SDKs are listed in the following table.

Feature Capability
Intelligent Access and callbacks You can easily step through each stage of an Intelligent Access journey by using callbacks.
Real-time response to journey changes When you change a journey, the SDK automatically handles the changes in real time. You don't have to redeploy the app or make any code changes in the app.
Token management The SDKs automatically handle token exchange for you and securely store the tokens. They use the OAuth 2.0 flow with PKCE.
Single Sign-On (SSO): You can seamlessly sign users into multiple apps on a device.
Push authentication and OTP You can integrate push authentication or one-time password (OTP) capabilities into your mobile applications so that end users don’t have to download and use a dedicated Authenticator application.
Pluggability and extensibility All SDK modules are pluggable and extensible, using either your own method or any third-party plugin.
Device security profile You can collect device DNA to use in your authentication flows.
Jailbreak detection iOS and Android SDKs generate a score to determine if a device is jailbroken or rooted. You can use this information as part of an authentication flow to ask the user for another factor or to deny access entirely.
Device security profile You can collect device DNA to use in your authentication flows.
Location information Android and iOS SDKs let you collect latitude and longitude information from your users, if permitted
UI development You can pull in a separate UI component for rapid prototyping or as a building block for your application.
Web biometric authentication Web biometrics let users authenticate by using an authenticator device, for example, the fingerprint scanner on their laptop or phone, or a USB key.
Mobile biometric authentication Mobile biometrics let users authenticate by using a mobile device's biometric authentication.
Social authentication The SDKs support the use of social identity providers, like Apple, Facebook, Google and many others. You can use these IdPs for authentication and identity verification on behalf of ForgeRock.

Detailed information on these ForgeRock SDK features can be found in the ForgeRock SDK documentation.

For further information on using SDKs with Identity Cloud, see:

Related community articles:

Business benefits

The ForgeRock SDKs provide a rich set of identity use cases out of the box and make it easy to build secure, frictionless user authentication journeys. This allows organizations to bring apps to market faster while reducing costs and risk.

With the ForgeRock SDKs, developers can enable SSO and federated identity capabilities in minutes to streamline and improve authentication journeys. You don’t need to rebuild and redeploy each time you change authentication behavior.

Unlike most SDKs, which offer one large file for all features, ForgeRock SDKs are modular. This means that if a customer just wants to use a specific set of features they just use that specific module, therefore reducing the footprint of the app, which is essential in the mobile world.

Identity Gateway

What is it?

With an Identity Gateway, web applications and APIs deployed on-premises or across multiple clouds can be integrated with an identity management system to provide signed sign-on (SSO) and API security. An identity gateway establishes a virtual perimeter around legacy applications and acts as a reverse proxy, enforcing authentication and authorization.

ForgeRock’s philosophy is to support all the latest security and communication standards and assure that the identity gateway can easily integrate with all types of applications, including on-premises and legacy applications, in the most efficient way.

How is it achieved in Identity Cloud?

ForgeRock Identity Gateway can be used to facilitate non-intrusive integration of your web applications and APIs with Identity Cloud, for SSO and API security. Based on reverse proxy architecture, Identity Gateway enforces security and access control in conjunction with Identity Cloud, enforcing authorization and authentication capabilities without needing to change the application.

Identity Gateway also provides access to applications that do not support open standards such as OIDC, OAuth 2.0 or SAML 2.0. These are often legacy or proprietary systems that many larger organizations run their business on and cannot easily migrate from.

For further information on using Identity Gateway with Identity Cloud, see:

Business benefits

For many organizations, access to legacy resources is crucial to the business. With Identity Gateway organizations can modernize their environment while continuing to preserve access to critical legacy systems. It lowers the project and operational risk, shows faster time to value, and provides flexibility for changing requirements.

Identity Gateway ensures that API requests are authenticated, authorized, and monitored. This helps protect APIs from unauthorized usage, data leakage, and potential attacks.

Organizations can also increase operational efficiencies by leveraging no-code integration using Intelligent Access to build user journeys to speed up time to value.

ForgeRock Trust Network

What is it?

With solutions provided by technology partners in the ForgeRock Trust Network, you can easily integrate additional identity capabilities into your Intelligent Access journeys. These include capabilities such as Strong Authentication, Risk and Fraud Management, Behavioral Biometrics, and Identity Proofing.

ForgeRock Trust Network technology partner solutions are available from the ForgeRock Marketplace.

How is it achieved in Identity Cloud?

Identity Cloud provides a growing number of Marketplace nodes out of the box. These nodes provide services that you can quickly integrate into your user journeys or applications.

You can find technology partner nodes under the Marketplace header in the Identity Cloud admin UI’s user journey editor:

You can simply drag and drop Marketplace nodes into your user journeys.

NOTE: An example of how you might include Onfido nodes to add an identity verification step to your user journeys can be found here: Use case: Configure identity verification of new users in ForgeRock Identity Cloud

For a full list of these Marketplace nodes, and implementation details, see Extend journeys with ForgeRock Marketplace nodes.

Business benefits

With the ForgeRock Trust Network, you gain free access to pre-built, tested, and always-updated partner integrations. Used with Identity Cloud, these certified integrations increase predictability, mitigate risk, and reduce costs.