identity management with the forgerock identity platform - so what’s new?
Post on 07-Jan-2017
37.706 Views
Preview:
TRANSCRIPT
© 2016 ForgeRock. All rights reserved.
ForgeRock Identity Platform Identity Management
• Tim Sedlack, Sr Product Manager• Rob MacDonald, Product Marketing Director
© 2016 ForgeRock. All rights reserved.
ForgeRock: At a Glance
• Fastest-growing open source identity security software company in the world
• Founded: 2010• Headquartered in San Francisco with offices in
6 countries• Employees: 350+• Customers: 400+ Enterprises in 30+ countries• Global Reach: ~50% international revenue• Hybrid Revenue Model with low Churn: <5%• Funding to Date (thru Series C): $52M• Investors: Accel Partners, Foundation Capital
and Meritech Capital Partners
Key Facts Mission Statement
The forgerock identity platform currently powers
more than 500 million identities. It is our goal to become the market leader
in digital transformation and security for enterprise
identity worldwide.
© 2016 ForgeRock. All rights reserved.
Perimeter-Based Security Identity-Centric Security
Enables Digital Business
Untrusted
Trusted
Inhibits Digital Business
Old Security Model is Broken. Security Must Now Be Identity-Based.
Enables Digital BusinessInhibits Digital Business
© 2016 ForgeRock. All rights reserved.
Changes are adding Complexity
Employees
Employees &Partners
PerimeterPerimeter Federation
Things
Perimeter-lessFederation
CloudSaaS
Mobility
Consumers
Perimeter-lessFederation
Cloud / SaaS
Com
plex
ity o
f Sca
le
Complexity of Experience
© 2016 ForgeRock. All rights reserved.
Identity Access ManagementCustomers(millions)
On-premises
People
Applicationsand data
PCsEndpoints
Workforce(thousands)
Partners andSuppliers
Customers(millions)
On-premises PublicCloud
PrivateCloud
People
Things(Tens of millions)
Applicationsand data
PCs PhonesTabletsSmart
WatchesEndpoints
Forrester Report Nov 2015: Market Overview: Customer Identity And Access Management (CIAM) Solutions
Identity Relationship Management
Business Has Changed: Enterprises Now Require Identity Relationship Management (IRM)
Business Has Changed: Enterprises Now Require Identity Relationship Management (IRM)
© 2016 ForgeRock. All rights reserved.
Enterprise AppsMobile Apps Things Cloud
Single Architecture | Next Generation | Open | Chip-to-Cloud Deployments | IRM
Identity ManagementAccess Management Directory Services Identity Gateway
Platform Strategy
© 2016 ForgeRock. All rights reserved.
Shared Services : User Interface, Self-Service, REST API, HTTP, Scripting, Audit and Logging
Federation Synchronization
Authentication & Strong Authentication
Identity Provisioning Application & Service Gateway
Authorization & UMA Provider
Workflow Engine IoT Identity Gateway
Adaptive Risk Self-Service Password Capture & Replay
UMA Protector
Access Management Identity Management Identity Gateway
Data Store
High Availability
Data Segmentation
LDAP / REST
Directory Services
Open Standards, High Availability, On-Premises, Cloud, Hybrid
The ForgeRock Identity Platform is built from the open source projects OpenAM, OpenIDM, OpenIG and OpenDJ
The ForgeRock Identity Platform
© 2016 ForgeRock. All rights reserved.
ForgeRock UI FrameworkUI LayerForgeRock RESTAccess Layer
Provisioning
Auditing
Workflow
Synchronization
Policy
Scheduler Task Scanner
Password Management
Reconciliation
Services/Routing Layer
Attributes Users Roles Groups Organizations Accounts Things Custom ….Object LayerObject broker (managed – system – aggregated)Broker Layer
Business Logic Layer
Self-Service UI Admin Console
OpenICF
customchip | thing
External Resources Layer
…
ForgeRock Identity Platform: Identity Management
© 2016 ForgeRock. All rights reserved.
Release Focus
User Administration
Security & Visibility
Platform Experience
Connectivity
© 2016 ForgeRock. All rights reserved. 10
New UI
• Bootstrap based Responsive UI framework• Simple to customize and theme• Device independent – mobile friendly!• Smaller footprint – less bandwidth
• Segregated Administration and Self-Service model• Admin UI greatly expanded• Easy to demo and communicate core concepts
• Improved and visualized workflow management
© 2016 ForgeRock. All rights reserved. 11
Simplified Object Model
• Quick and visual object creation – beyond users• Design your objects quickly and visually – including schema• From Simple to complex, related to unrelated• JSON/File based still supported
• Model your objects in the UI• Simple icon model• Relate objects to each other• Many to one, one to many, many to many, one to one• Once added, you can manage directly in the UI
© 2016 ForgeRock. All rights reserved. 12
Intrinsic Relationship Model
• Create and model relationships• Parent-Child, User-Groups, Owner-Devices, etc• New schema item type: relationship• Allows for “reverse” relationship dependency
• Relationship Endpoints
© 2016 ForgeRock. All rights reserved. 13
Role Management
• Design, assign and manage roles in an intuitive and visual manner
• 2 types:• Provisioning Roles – describes how assignments are used in external
systems• Authorization Roles - used to specify rights on managed objects in
OpenIDM
© 2016 ForgeRock. All rights reserved. 14
(Multi) Account Linking
• Use case: Link multiple accounts on a single resource to a single managed identity
• User Account and Admin account • Agent and Consumer
• Create with the new “Link Qualifier”• Mapping->Properties• Static or Dynamic (preferred)
• Static – Production and Dev accounts for each managed user
• Sample – Insurance Agent and Customer
© 2016 ForgeRock. All rights reserved.
Self-Service and Password Management
• Customizable Process and UI• Pluggable processing chain
– reCaptcha, email, KBA out of the box
• Bootstrap (commons) based UI foreasy customization
• 4 standard functions• Registration• Password Reset• Forgotten User Name• Profile Management
• Enables you to implement user self-service to significantly reduce help desk costs and increase user productivity by automating password reset and enforcing an auditable centralized password policy.
• Implements fine control password management to ensure consistency across all applications and data stores, such as Active Directory and HR systems.
• Quickly branded to give customers a personalized experience
© 2016 ForgeRock. All rights reserved.
Self-Service and Password Management
© 2016 ForgeRock. All rights reserved.
What we didn't cover
• Password/Attribute Hashing v. encrypting• Commons Auditing• OpenAM Session Auth Module• Upgrade/Update Framework• New Documentation• IBM DB2 as a repository
© 2016 ForgeRock. All rights reserved. 18
Next Steps
• New release available NOW on ForgeRock.com• https://www.forgerock.com/downloads
• Download, install, PLAY!• Run through all the samples – updated and new
© 2016 ForgeRock. All rights reserved.
Thanks!
top related