Use AD domain login for ForgeRock Identity Platform administration


We are using a ForgeRock Identity Platform deployment. Right now we are logging into the Platform Admin UI console using amAdmin.

But we want to change the process and allow users to login with their AD usernames. The users are imported to IDM. However the passwords are not imported. So ideally we would need an authentication journey flow to allow users to login to platform admin UI

How should one go about this?

One approach I considered is to front the platform UI admin login with IG. And once the users are authenticated with a journey, do an HTTP POST to log them in to platform UI using amadmin user. This can help with login. But still doesn’t help with accountability.

Or can we use the Delegated administration option effectively to allow normal users to login as admins?

hi @anishetty,

Just use a pass-through node in your Admin authentication journey.


@stephane.orluc Where is this admin authentication journey configured in AM? Also is there an alternative if we do not onboard the users from AD to IDM?

@KaranNayyar1 you can configure the admin user journey in 2 different places :
1/ directly in the platform UI,
2/ in the native AM interface :point_down:

1 Like