This is Part 7 of 8 in the series Getting started with ForgeRock Identity Cloud journeys.

Device profile journey

Users can add their devices to their ForgeRock Identity Cloud profile as trusted devices. This enables the user to access their Identity Cloud profile from such trusted devices without the need for a password. A device node can be added in the login journey to enable the option to add a trusted device for the user on their first login.

Creating a trusted device journey

1. In a supported browser, log into your Identity Cloud Admin UI.

2. In your alpha realm, go to Journeys > +New Journey.

3. Create a new Identity Cloud Journey, using the image below as a reference.

   

   gs_device_profile_new_journey1055×988 94.2 KB

4. Click and drag the following nodes onto the canvas.

   • Platform Username (Identity Management)
   • Platform Password (Identity Management)
   • Data Store Decision (Basic Authentication)
   • Device Profile Collector (Contextual)
   • Device Match (Contextual)
   • Device Profile Save (Contextual)
   • Message Node (Utilities)

5. Make connections between nodes to build your journey, using the screenshot below as a reference.

   

   gs_adevice_profile_journey1600×746 118 KB

6. Click on the Message Node, and configure the message details:
   a. Click Message to open a new window.

   b. Click +Add to add a new message, using the screenshot below as a reference.

   

   gs_device_profile_message_node_message1066×724 57.4 KB

   c. Click Done and Save.

   d. Click on “Positive Answer”, and use the screenshot as a reference to add the information.

   

   gs_device_profile_message_node_positive_answer1068×732 54.5 KB

   e. Click Done and Save.

   f. Click + corresponding to “Negative Answer”, type the following information.

   

   gs_device_profile_message_node_negative_answer1066×734 53.9 KB

   g. Click Done and Save.

7. Click Save to save the Journey.

Testing the ‘TrustedDevice’ journey

1. Open the ‘TrustedDevice’ journey preview URL, in a browser different from the one that has an active Identity Cloud admin session.

2. Enter the username of an Identity Cloud user, for example, “fruser2”.

   Since the device profile for the user has not been saved before, the user is prompted for their password.

3. Enter the user’s password.

   The user’s credentials are verified against the Identity Cloud data store by the Data Store Decision node. If found valid, the journey moves to the Message node.

   The Message node in the journey gives the user an option to save the device details or opt out of it.

   

   gs_save_device_details1600×353 19.5 KB

4. Click Yes.

   The Message node proceeds to the Device Profile Save node that saves the device details to the user’s Identity Cloud profile and eventually the journey lands the user on to the Identity Cloud end user dashboard.

5. Click Profile and expand Trusted Devices to display the device details saved as a part of the ‘TrustedDevice’ journey.

   

   gs_trusted_devices1600×828 107 KB

6. Sign out of the end user dashboard.

7. Reopen the ‘TrustedDevice’ journey preview URL in the same browser that was used in step 1.

8. Log in with the same Identity Cloud user account used earlier.

   Notice that this time, since the Device Profile Match node in the journey finds a matching device in the user’s profile, the user authentication succeeds without a password.

9. Sign out of the end user dashboard.

Further reading

Other guides in the Getting started with ForgeRock Identity Cloud journeys series:

• Part 1 - Introduction to building journeys
• Part 2 - Multi-Factor Authentication (MFA) journeys
• Part 3 - Twilio MFA journey with SMS or Voice OTP
• Part 4 - Self-registration journey
• Part 5 - Social authentication
• Part 6 - Reset Password journey
• Part 8 - Exporting and importing journeys