This is Part 1 of 5 in the series Getting started with Scripting in ForgeRock Identity Cloud.

Introduction

ForgeRock Identity Cloud is a ForgeRock managed Identity and Access Management solution hosted on Google Cloud Platform (GCP), with unmatched security architecture built for Enterprise.

Identity Cloud supports a Scripting API to extend some of its capabilities. It supports scripts written in JavaScript.

Scripts in Identity Cloud fall into one of the following three categories:

• Auth Scripting – scripts that modify the default Identity Cloud behaviour for authentication, policy conditions, OpenID Connect (OIDC) claims etc.

• Custom Endpoints – can be used to run arbitrary JavaScript code through the REST API.

• Event Hooks – let you trigger scripts during various stages of the lifecycle of users, roles, assignments, organizations, groups, and applications.

About this guide

This is Part 1 of 5 in a series of articles that make up the Getting Started guide for using the Scripting with Identity Cloud. The other guides in the series are:

• Part 2 - Adding a scripted node to a journey
• Part 3 - Capturing user login time
• Part 4 - Adding properties to user session
• Part 5 - Adding user profile attributes to a user session

This guide focuses on the Journey Decision Node script in the Auth Scripting category. A Journey Decision Node script runs in a Scripted Decision node in an Identity Cloud Journey. A Scripted Decision node calls server-side JavaScript to set the outcome for the node programmatically and determine the path the authentication journey takes. The script can perform actions before setting the outcome.

While this getting started guide shared by our community focuses on Auth Scripting only, you can refer to ForgeRock’s official documentation to extend Identity Cloud with custom endpoints and event hooks.

Prerequisites

It is recommended to go through the Getting started with ForgeRock Identity Cloud journeys guide to familiarise yourself with configuring, testing, duplicating, exporting, and importing authentication journeys in Identity Cloud.

In order to confirm that some script examples produce the desired outcome, this guide relies on ForgeRock Identity Cloud REST API. For a better understanding around this topic, it is recommended to go through the Getting started with the ForgeRock Identity Cloud REST API guide.

To try out the examples in this guide, administrative access to a ForgeRock Identity Cloud tenant is a requirement.

Further reading

Other guides in the Getting started with Scripting in ForgeRock Identity Cloud series:

• Part 2 - Adding a scripted node to a journey
• Part 3 - Capturing user login time
• Part 4 - Adding properties to user session
• Part 5 - Adding user profile attributes to a user session

Other useful links:

• Getting started with Scripting in ForgeRock Identity Cloud
• Getting started with ForgeRock Identity Cloud journeys

Please provide us your feedback on this guide.