Hello,
As an administrator in Forgerock Identity Cloud, how to view all the registered devices of the user on the console and to reset any specific device. Also, I wanted to know in which profile attribute Forgerock stores the registered device information of the user and if we need to do additional configuration in the tenant to see this attribute.
References:
- Knowledge - ForgeRock BackStage
- ForgeRock Access Management 7.0.2 > Authentication and Single Sign-On Guide > Resetting Registered Devices by using REST
Thanks
Performing the following incorrectly can break your instance:
As a user or service that has the openidm-admin role:
1 - GET the config/repo.ds object
2 - Add the following to the explicit mapping for the managed/alpha or bravo object properties as desired:
"custom_deviceProfiles": {
"isMultiValued": true,
"ldapAttribute": "deviceProfiles",
"type": "simple"
},
3 - PUT the config/repo.ds object back
4 - GET the config/managed object
5 - Add the following to the managed/alpha or bravo object properties as desired:
"custom_deviceProfiles": {
"description": null,
"isVirtual": false,
"items": {
"type": "string"
},
"searchable": false,
"title": "Trusted Device Profiles",
"type": "array",
"userEditable": false,
"viewable": false
},
6 - PUT the config/managed object back
You will now have the device profiles as an array of strings (stringified, of course) that you can use as you please. We’ve limited our use of deleting all devices as part of a “reset” process via a managed user action script via REST from our custom user management app. We’ve also done the same with DS “oathDeviceProfiles” and the associated IDM “custom_oathDeviceProfiles” property.