Getting Started with Scripting in ForgeRock Identity Cloud: Part 1 - Introduction

This is Part 1 of 5 in the series Getting started with Scripting in ForgeRock Identity Cloud.


ForgeRock Identity Cloud is a ForgeRock managed Identity and Access Management solution hosted on Google Cloud Platform (GCP), with unmatched security architecture built for Enterprise.

Identity Cloud supports a Scripting API to extend some of its capabilities. It supports scripts written in JavaScript.

Scripts in Identity Cloud fall into one of the following three categories:

  • Auth Scripting – scripts that modify the default Identity Cloud behaviour for authentication, policy conditions, OpenID Connect (OIDC) claims etc.

  • Custom Endpoints – can be used to run arbitrary JavaScript code through the REST API.

  • Event Hooks – let you trigger scripts during various stages of the lifecycle of users, roles, assignments, organizations, groups, and applications.

About this guide

This is Part 1 of 5 in a series of articles that make up the Getting Started guide for using the Scripting with Identity Cloud. The other guides in the series are:

This guide focuses on the Journey Decision Node script in the Auth Scripting category. A Journey Decision Node script runs in a Scripted Decision node in an Identity Cloud Journey. A Scripted Decision node calls server-side JavaScript to set the outcome for the node programmatically and determine the path the authentication journey takes. The script can perform actions before setting the outcome.

While this getting started guide shared by our community focuses on Auth Scripting only, you can refer to ForgeRock’s official documentation to extend Identity Cloud with custom endpoints and event hooks.


It is recommended to go through the Getting started with ForgeRock Identity Cloud journeys guide to familiarise yourself with configuring, testing, duplicating, exporting, and importing authentication journeys in Identity Cloud.

In order to confirm that some script examples produce the desired outcome, this guide relies on ForgeRock Identity Cloud REST API. For a better understanding around this topic, it is recommended to go through the Getting started with the ForgeRock Identity Cloud REST API guide.

To try out the examples in this guide, administrative access to a ForgeRock Identity Cloud tenant is a requirement.

Further reading

Other guides in the Getting started with Scripting in ForgeRock Identity Cloud series:

Other useful links:

Please provide us your feedback on this guide.