Use case overview
Allowing end users to manage their own trusted devices, such as mobile devices and laptops, is a common use case that is easily implemented in ForgeRock Identity Cloud.
User journeys can be configured with device nodes to facilitate the registration of devices to the user’s account. The user can then manage their trusted devices (allow or revoke) in the End User UI.
Steps to achieve this use case
To create a simple trusted device registration journey:
-
Sign in to the Identity Cloud admin UI using your admin tenant URL, in the format
https://<tenant-name>/am/XUI/?realm=/#/. -
Go to Journeys > New Journey.
-
Enter a unique name for the trusted device registration journey, select which identities will authenticate using this journey, (optionally) enter a journey description, and click Save.
-
Create a journey similar to this, keeping the default node configurations as they are:
Node descriptions:
-
Platform Username - Prompts the user to enter their username. See Platform Username node for further information.
-
Device Profile Collector - Gathers metadata about the device used to authenticate. See Device Profile Collector node for further information.
-
Device Match - Compares any collected device metadata with that stored in the user’s profile. See Device Match node for further information.
-
Message Node - Presents a custom, localized message to the user. See Message node for further information.
-
Platform Password - Collects the user’s password if no device has been registered. See Platform Password node for more information.
-
Device Profile Save - Persists collected device data to a user’s profile in the identity store. Use the Maximum Saved Profiles property to configure the maximum number of device profiles to persist per user. The default is 5. See Device Profile Save node for further information.
-
Increment Login Count - Increments the successful login count property of a managed object. See Increment Login Count node for further information.
-
-
Click on the Message Node and add the message that will prompt the user to register their device. For example, “Do you want to register a new trusted device?”.
-
Click Done and then Save.
-
Click Save to save the journey.
Testing the use case
This use case demonstrates how to register a trusted device on a test end user’s profile, rename the trusted device, and remove a trusted device from the user’s profile.
Register a trusted device
-
In the Identity Cloud admin UI, go to Journeys.
-
Click the trusted device journey you created previously and copy the Preview URL.
-
Paste the preview URL into a browser using Incognito or Browsing mode.
-
Enter the test user’s username in the Sign In screen and click Next.
-
Click Yes to register the new trusted device.
-
Enter the test user’s password and click Next.
Once the test user’s identity has been verified and the authenticating device has been associated with their account you are successfully logged in.
-
Click Edit Your Profile.
Trusted devices are shown in the Trusted Devices section. Click on the trusted device to display its details. For example:
-
Click Edit to edit the device name and click Save. For example:
-
Repeat steps 1 through 6 on a different device (for example a mobile phone) to register a second device.
Remove a trusted device from the end user’s profile
-
Log into Identity Cloud as the same test end user.
-
Click Edit Your Profile.
Trusted devices are shown in the Trusted Devices section.
-
Click on the device you want to remove (this can’t be the current device) and click Remove Device.
-
Click Remove Device.
The device is no longer a trusted device on the user’s profile.
Conclusion
This use case has demonstrated how to design a simple user journey, using out-of-the-box nodes in Identity Cloud, to enable end users to easily register and manage their own trusted devices.
Additional resources
Documentation:
- Device Profile Collector node
- Device Match node
- Device Profile Save node
- Configure device profiling authentication
Training videos: