Use AD domain login for ForgeRock Identity Platform administration

anishetty · April 17, 2024, 8:45am

Hi,

We are using a ForgeRock Identity Platform deployment. Right now we are logging into the Platform Admin UI console using amAdmin.

But we want to change the process and allow users to login with their AD usernames. The users are imported to IDM. However the passwords are not imported. So ideally we would need an authentication journey flow to allow users to login to platform admin UI

How should one go about this?

One approach I considered is to front the platform UI admin login with IG. And once the users are authenticated with a journey, do an HTTP POST to log them in to platform UI using amadmin user. This can help with login. But still doesn’t help with accountability.

Or can we use the Delegated administration option effectively to allow normal users to login as admins?

stephane.orluc · April 17, 2024, 10:43am

hi @anishetty,

Just use a pass-through node in your Admin authentication journey.

regards,
Steph.

KaranNayyar1 · April 17, 2024, 11:49am

@stephane.orluc Where is this admin authentication journey configured in AM? Also is there an alternative if we do not onboard the users from AD to IDM?

stephane.orluc · April 17, 2024, 12:42pm

@KaranNayyar1 you can configure the admin user journey in 2 different places :
1/ directly in the platform UI,
2/ in the native AM interface