For end users authenticating against the sub-realm, instead of the top level realm, you will need to add ‘realm’ property under `subjectMapping’ of rsFilter configuration in authentication.json
You can find more about this here: Authenticate through AM :: IDM 7.5.0
For access to IDM admin UI by users residing in a subrealm, you need to adjust the /oauth2/ references found within ui/admin/default/index.html file.
For example, if your realm is named “SUBREALM”, replace /oauth2/ with /oauth2/realms/root/realms/SUBREALM/
Checkout this blog which is very helpful for troubleshooting or customizing AM-IDM integration: Understanding and Troubleshooting ForgeRock Identity Platform Integration
Thanks,
Mohammed Tuhin