Use case overview

Putting users in control of their business profile attributes, such as communication email preferences, helps you to build trust with your customers.

In ForgeRock Identity Cloud, you can configure which business profile attributes customers can see and which ones they can update. For example, users can opt-in or opt-out of communications such as news and updates, special offers, and loyalty program updates. Email addresses of users who have opted in will be automatically synchronized to a target system such as a marketing platform or loyalty program. Email communication preferences can be set and controlled with a synchronization rule to a target system.

If required, you can force a particular communication preference, such as account security alerts, to always be “true” (enabled) so that the user can’t opt out of receiving these alerts.

Steps to achieve this use case

This use case demonstrates how to configure Identity Cloud to enable customer preferences for receiving the following communication emails:

• news and updates
• special offers and services
• loyalty program updates
• account security alerts

In this use case, the preferences data for each communication type is synced to a managed object that stores a list of email addresses of users who have opted in. Account security alerts are configured so that the user’s email address is always synced to the list, regardless of user preference.

This use case can be achieved in four simple steps:

1. Update the preferences property in the alpha_user managed object

2. Create managed objects for email communication subscribers

3. Create mappings from alpha_user to the target email lists

4. Enable preferences for end users (in the end user UI)

Update the preferences property in the alpha_user managed object

1. Sign in to the Identity Cloud admin UI using your admin tenant URL, in the format https://<tenant-name>/am/XUI/?realm=/#/.

2. Go to Native Consoles > Identity Management > Configure > Managed Objects.

3. Select the Alpha_user managed object.

4. In the Properties tab, select the preferences property.

5. Click Add a Property.

6. Enter the following details and click Save:

   • Property name: custom_loyalty
   • Label: Loyalty Program
   • Type: Boolean
   

   Properties tab1143×482 54 KB

7. Click the Edit icon and enter a description of “Send me loyalty program updates” and click Save.

   

   Property Details1040×414 39.5 KB

8. Click Add a Property.

9. Enter the following details and click Save:

   • Property name: custom_security
   • Label: Security Alert
   • Type: Boolean
   

   Add Property1140×475 54.3 KB

10. Click the Edit icon, enter a description of “Send me account security alerts (default)” and click Save.

    

    Details tab1252×504 66.8 KB

11. In the Details tab, set the Security Alert to true. This will set the security alert preference to “On” by default for all users.

    

    Preferences Details1040×800 69.4 KB

12. Click Save.

13. Go to Managed Objects > alpha_user.

14. In the Scripts tab:

    a. Select onStore.

    

    Alpha_user Scripts tab1248×456 64.4 KB

    b. Click Add Script.
    c. Add the following JavaScript

    if (typeof object.preferences != "undefined" && object.preferences != null) { 
        object.preferences.custom_security = true; 
    }
    

    d. Click Save.

    

    onStore script1840×1226 117 KB

Create managed objects for email communication subscribers

We’ll create a managed object for the target to store email addresses of subscribers to: email_offers (special offers and services), email_news (news and updates), email_loyalty (loyalty program updates), and email_security (account security alerts).

1. Go to Native Consoles > Identity Management > Configure > New Managed Object.

2. Enter the managed object details for the target to store the email communication subscribers for special offers and services. The managed object in this example is called email_offers.

   

   New Managed Object2244×900 128 KB

3. Add the email property to the email_offers managed object, with the String type.

   

   Email offers2224×640 80.8 KB

4. Go to Configure > New Managed Object.

5. Enter the managed object details for the target to store the email notification subscribers for news and updates. The managed object in this example is called email_news.

   

   New Managed Object2234×866 126 KB

6. Add the email property to the email_news managed object, with the String type.

   

   Email news2234×646 82.1 KB

7. Go to Configure > New Managed Object.

8. Enter the managed object details for the target to store the email notification subscribers for loyalty program updates (loyalty). The managed object in this example is called email_loyalty.

   

   New Managed Object2198×860 126 KB

9. Add the email property to the email_loyalty managed object, with the String type.

   

   Email loyalty2214×636 80.3 KB

10. Go to Configure > New Managed Object.

11. Enter the managed object details for the target to store the email notification subscribers for account security alerts and updates. The managed object in this example is called email_security.

    

    New Managed Object1042×408 48.1 KB

12. Add the email property to the email_security managed object, with the String type.

    

    Email security2222×634 82.1 KB

Create mappings from alpha_user to the target email lists

We’ll create mappings for email_offers, email_news, email_loyalty, and email_security.

Email_offers:

1. In the Identity Cloud admin UI, go to Native Consoles > Identity Management > Configure > Mappings and click New Mapping.

2. Create a mapping from alpha_user to email_offers.

3. In the Properties tab, add property mapping from the source to the target for the following: mail > email.

   TIP: Use Quick Mapping for quick and easy drag-and-drop property mapping.

   

   Mapping Properties tab2226×1240 185 KB

4. In the Association tab > Individual Record Validation:
   a. Set the Valid Source to Validate based on user preferences.
   b. Select Send me special offers and services.
   c. Click Save.

   

   Mapping Association tab2200×1660 253 KB

5. In the Association tab > Association Rules:
   a. Select Correlation Queries.
   b. Click Add Correlation Query.
   c. Select the default Link Qualifier.
   d. Click the + icon and select email .
   e. Click Submit.

   

   Correlation Query1724×806 92.5 KB

6. Click Save > Save and Don’t Reconcile.

   

   Mapping Association tab1036×609 62.8 KB

7. In the Behaviors tab, set the Current Policy to Default Actions and click Save.

Email_news:

1. In the Identity Cloud admin UI, go to Native Consoles > Identity Management > Configure > Mappings and click New Mapping.

2. Create a mapping from alpha_user to email_news.

3. In the Properties tab, add property mapping from the source to the target for the following: mail > email.

   TIP: Use Quick Mapping for quick and easy drag-and-drop property mapping.

   

   Mapping Properties tab1036×581 68.3 KB

4. In the Association tab > Individual Record Validation:
   a. Set the Valid Source to Validate based on user preferences.
   b. Select Send me news and updates.
   c. Click Save.

   

   Mapping Association tab1045×676 86.4 KB

5. In the Association tab > Association Rules:
   a. Select Correlation Queries.
   b. Click Add Correlation Query.
   c. Select the default Link Qualifier.
   d. Click the + icon and select email .
   e. Click Submit.

   

   Correlation Queries1724×806 92.5 KB

6. Click Save > Save and Don’t Reconcile.

   

   Mapping Association tab1025×708 83 KB

7. In the Behaviors tab, set the Current Policy to Default Actions and click Save.

Email_loyalty:

1. In the Identity Cloud admin UI, go to Native Consoles > Identity Management > Configure > Mappings and click New Mapping.

2. Create a mapping from alpha_user to email_loyalty.

3. In the Properties tab, add property mapping from the source to the target for the following: mail > email.

   TIP: Use Quick Mapping for quick and easy drag-and-drop property mapping.

   

   Mapping Properties tab1037×573 68.5 KB

4. In the Association tab > Individual Record Validation:
   a. Set the Valid Source to Validate based on custom script.
   b. Add the following JavaScript to add filtering condition based on the custom_loyalty preference selection:

    Source.preferences.custom_loyalty == true
   

   

   Mapping validation script910×569 32.1 KB

   c. Click Save.

5. In the Association tab > Association Rules:
   a. Select Correlation Queries.
   b. Click Add Correlation Query.
   c. Select the default Link Qualifier.
   d. Click the + icon and select email .
   e. Click Submit.

   

   Correlation Query1724×806 92.5 KB

6. Click Save > Save and Don’t Reconcile.

   

   Mapping Association tab1040×715 84.4 KB

7. In the Behaviors tab, set the Current Policy to Default Actions and click Save.

Email_security:

1. In the Identity Cloud admin UI, go to Native Consoles > Identity Management > Configure > Mappings and click New Mapping.

2. Create a mapping from alpha_user to email_security.

3. In the Properties tab, add property mapping from the source to the target for the following: mail > email.

   TIP: Use Quick Mapping for quick and easy drag-and-drop property mapping.

   

   Mapping Property tab1060×569 69.3 KB

4. In the Association tab > Individual Record Validation:
   a. Set the Valid Source to All records valid. This will sync all source records without filtering, to achieve a forceable email subscription of account security alerts and notifications for all users by default.
   b. Click Save.

   

   Mapping Association tab1040×534 54.9 KB

5. In the Association tab > Association Rules:
   a. Select Correlation Queries.
   b. Click Add Correlation Query.
   c. Select the default Link Qualifier.
   d. Click the + icon and select email .
   e. Click Submit.

   

   Correlation Query1724×806 92.5 KB

6. Click Save > Save and Don’t Reconcile.

   

   Mapping Association tab2060×1238 160 KB

7. In the Behaviors tab, set the Current Policy to Default Actions and click Save.

Enable preferences for end users

1. In the Identity Cloud admin UI, go to Hosted Pages and select the Realm Default theme.

2. Go to Account Pages > select Layout, and select the Preferences option.

   

   End user preferences1277×515 80.8 KB

3. Click Save.

The Preferences option will now appear on the end user’s Profile page, allowing them to select their communication preferences.

Testing the use case

1. Using Incognito or Browsing mode, log in to Identity Cloud as an end user.

2. Click Edit Your Profile.

   

   End user login898×582 37.9 KB

3. In the Profile dashboard, scroll down to the Preferences section.

   

   End user Preferences settings1888×1474 178 KB

4. Toggle the Send me news and updates to On.

   

   Enable Preferences1234×782 78 KB

The email address of the test user is automatically synchronized to the target email subscribers list. To verify this

• In the Identity Cloud admin UI, go to Native Consoles > Identity Management > Manage > Email_News.

Email subscribers list1039×322 34.5 KB

A user can change their preferences at any time. Once a preference has been removed, their email address will no longer appear in this list.

The user’s email address is always synced to the Email Security list by default, regardless of the user preference selection on security alerts.

Additional resources

Documentation:

• Managed objects
• Synchronization
• Connector reference
• Customize Identity Cloud end-user and login UI themes

Training videos:

• Getting started:
  • Connect to External Resources
  • Synchronization
  • Demo: Configure Themes
• Deep dives:
  • Connect to External Resources
  • Create Mappings to Synchronize Identity Objects and Properties

Other resources:

• Use Case: Configure simple consent management in ForgeRock Identity Cloud

Acknowledgments: Kean Foo Tan