play (2)

ForgeRock Outstanding Authorized Training Partner Award For 2018, Including Global Outstanding Instructor Achievement Award Three Times - 2018, 2019 & 2020

Learn how to architect, build, and deploy your Identity solution

Got a question let us know! You’ve come to the right place.

We cover ForgeRock’s training portfolio and our trainers bring to the classroom decades of extensive experience. All ForgeRock training courses we deliver consist of Lectures, Labs, and Discussions and are available either in a classroom setting or as virtual live courses. We can guarantee that you will leave feeling compete to leverage technology successfully.

ForgeRock Access Management Training Courses

Course Overview

This structured course comprises a mix of instructor-led lessons and demonstrations with plenty of lab exercises to ensure an opportunity to fully understand each of the topics covered. It provides students with a strong foundation for the design, installation, configuration, and administration of a ForgeRock® Access Management (AM) solution. The objective of the course is to present the core concepts of access management, demonstrate the many features of AM, and provide hands-on experience that allows students to implement a full solution based on real-life use cases, including many ready-to-use features.

Duration – 5 Days

Who Can Benefit

This course is aimed at those responsible for overseeing various aspects of a successful deployment of ForgeRock AM. This includes, but is not limited to, those with the following responsibilities:

  • System Integrators
  • System Consultants
  • System Architects
  • System Developers
  • System Administrators

Skills Gained

Upon completion of this course, you should be able to:

  • Implement default authentication with AM
  • Configure web agents to control access
  • Enable user self-service self-registration basic flow
  • Configure intelligent authentication with trees
  • Configure an identity store
  • Retrieve user information with REST
  • Configure policies to control access
  • Extend entitlements using step-up authentication and transactional authorization
  • Configure AM as an OIDC provider and an UMA authorization server
  • Demonstrate OAuth2, OIDC, and UMA2 flows
  • Configure social authentication with Google
  • Customize AM themes for end-user pages
  • Investigate the need to harden AM security
  • Install, upgrade, and maintain an AM solution
  • Discuss AM clustering
  • Configure AM as a SAML2 entity

Prerequisites

The following are the prerequisites to successfully completing this course:

  • Knowledge of Unix/Linux commands and text editing
  • An appreciation of HTTP and web applications
  • A basic appreciation of how directory servers function
  • A basic understanding of REST
  • A basic knowledge of Java based environments would be beneficial. Programming experience is not required.

Course Details

Chapter 1: Performing Basic Configuration

Lesson 1: Implementing Default Authentication

  • Describe how to use AM to manage default authentication using cookies
  • Implement default authentication with AM
  • Understand the need for and the use of realms
  • Implement separation of admins and users using realms
  • Observe the function of cookies

Lesson 2: Protecting a Website

  • List and describe AM authentication clients
  • Describe web agent main functionality
  • Implement policy enforcement using web agents
  • Analyze the am-auth-jwt cookie

Lesson 3: Empowering Users Through Self-Service

  • Describe the main capabilities of user self-service
  • Configure user self-service self-registration basic flow
Chapter 2: Implementing Intelligent Authentication

Lesson 1: Extending Authentication Functionality

  • Describe the authentication mechanisms of AM
  • List the available nodes
  • Compare tree and chain mechanisms
  • Identify realm-level authentication settings
  • Use the authentication tree designer and ForgeRock’s Marketplace
  • Create and test an authentication tree containing an LDAP Decision node
  • Use the recording tool for troubleshooting

Lesson 2: Retrieving User Information

  • Understand the use of an identity store
  • Explain the distinction between identity store and credentials store
  • Implement user-specific features on the website
  • Retrieve user profile information using REST

Lesson 3: Increasing Authentication Security

  • Discuss the need to increase authentication security
  • Implement account lockout
  • Configure risk-based authentication
  • Configure second-factor authentication
  • Demonstrate push notification authentication
Chapter 3: Controlling Access Using Authorization

Lesson 1: Controlling Access

  • Describe how AM manages entitlements through authorization
  • Define policy components
  • Explain how AM evaluates policies
  • Implement access control policies on a website

Lesson 2: Extending Entitlements

  • Define session upgrade
  • Describe and implement step-up authentication
  • Describe and implement transactional authorization
  • Tighten access for the rest of the website
Chapter 4: Extending Services Using OAuth 2.0-Based Protocols

Lesson 1: Integrating Low-Level Devices with OAuth 2.0 (OAuth2)

  • Explain why OAuth2 protocol can be used to integrate various devices
  • Discuss OAuth2 players and their roles
  • Describe OAuth 2 access tokens, refresh tokens, and authorization codes
  • List OAuth2 grants
  • Configure AM as an OAuth2 authorization server
  • Demonstrate OAuth2 device flow

Lesson 2: Integrating Mobile Applications with OpenID Connect 1.0 (OIDC)

  • Explain how OIDC leverages an OAuth2 handshake to provide authentication and data sharing
  • List OIDC grants
  • Configure AM as an OIDC provider
  • Observe the OIDC authorization grant profile

Lesson 3: Sharing Resources with UMA 2.0 (UMA2)

  • Describe how UMA2 enriches OAuth2 to allow resource sharing
  • Implement AM as an UMA2 authorization server and demonstrate resource sharing

Lesson 4: Implementing Social Authentication

  • Explain how AM can delegate authentication to social media
  • Configure social authentication using Google
Chapter 5: Preparing for Production

Lesson 1: Customizing AM End User Pages

  • Describe the user interface areas that can be customized
  • Theme the end user interface for a realm

Lesson 2: Hardening AM Security

  • Highlight the areas where security needs hardening
  • Adjust default settings
  • Set up administration privileges
  • Manage secrets
  • Use a Hardware Security Management (HSM) secret store to sign OIDC ID token

Lesson 3: Administering an AM Solution

  • Introduce the administration tools available
  • Install Amster
  • Export and explore configuration with Amster
  • Identify tools to troubleshoot issues
  • Record debugging information
  • Outline the main features of audit logging
  • List the available monitoring tools
  • Discuss the areas that need tuning

Lesson 4: Installing and Upgrading AM

  • Plan an AM installation
  • Install a single instance of AM using the wizard
  • Describe the bootstrap process
  • Upgrade an AM instance using the wizard

Lesson 5: Clustering AM

  • Discuss approaches to providing high availability
  • Explain how to scale a deployment
  • Add a server to a cluster using CTS-based sessions
  • Modify the cluster to use client-based sessions
  • Discuss deployment approaches
Chapter 6: Federating Across Entities Using SAML v.2 (SAML2)

Lesson 1: Implementing Single Sign-On Using SAML2

  • Discuss federation entities and flows
  • Explain the SSO flow from the Identity Provider (IdP) point of view
  • Examine SSO between Service Provider (SP) and IdP and across SPs

Lesson 2: Delegating Authentication Using SAML2

  • Explain the SSO flow from the SP point of view
  • Describe the metadata content and use
  • Configure AM as a SAML2 SP

Course Overview

This course provides a hands-on technical introduction to ForgeRock® Access Management (AM) APIs and customization use cases. Students examine AM extension points and gain the skills required to extend and integrate an AM deployment in a real-world context. Development best practices are demonstrated in a series of labs.

Note that Revision B.2 of this course is built on version 6.5.2 of AM.

Duration – 5 Days

Who Can Benefit

The following are the target audiences for this course:

  • Application Developers, adapting client applications to use AM capabilities
  • Software Developers, extending and integrating AM services for their organizations
  • System Consultants
  • System Architects

Skills Gained

Upon completion of this course, you should be able to:

  • List the extension points of AM
  • List which customizable components are affected in common AM use cases
  • Understand the basic concepts of scripting
  • Use the administration interface to look up, edit, and configure scripts
  • Describe how AM performs authentication
  • Review authentication nodes and authentication trees
  • Design and implement a custom authentication node
  • Describe how scripted authentication works
  • Explore how client-side scripts are used with authentication nodes and trees
  • Describe how server-side scripted authentication operates with authentication nodes and trees
  • Use the administration interface to create and test authentication trees containing scripted nodes
  • Discuss the policy concepts in AM
  • Implement an EntitlementCondition or a scripted condition
  • Describe the ForgeRock® Common REST API (Common REST)
  • Enable Cross-Origin Resource Sharing (CORS) in AM
  • Authenticate users through the REST API
  • Manage identities and realms through the REST API
  • Implement password reset and user self-registration by using the REST API
  • Query the list of dashboard applications through the REST API
  • Use the policy engine to protect non-URL-based resources
  • Describe the policy management and evaluation REST APIs
  • Describe OAuth 2.0 and OpenID Connect, including how to use their HTTP endpoints
  • Demonstrate scope validation and customize the default behavior
  • Explain the basic concepts of user-managed access (UMA)
  • Configure AM as an UMA authorization server
  • Manage UMA resource sets
  • Demonstrate how to customize the UMA workflow

Prerequisites

The following are prerequisites to successfully completing this course:

  • Completion of the AM-400 Rev B course
  • Basic knowledge and skills using the Linux operating system to complete labs
  • Knowledge of JSON, JavaScript, AngularJS, REST, Java, Groovy, and XML is important for mastering understanding of material and examples
  • Basic knowledge of LDAP may be helpful for understanding code and some examples

Course Details

Chapter 1: Introducing Customization in AM

Introduce customization with AM and identify the main functional areas where customization and extending of AM is possible. The course environment and application are discussed as the context wherein customizations are done.

Lesson 1: Using Extension (Customization) Points

Provide an overview of AM extension points where customizations are done. Discuss the main components of the AM architecture and related APIs through which AM services can be accessed:

  • Introduce Java APIs, REST API, and REST API versioning
  • Introduce customizing authentication
  • Introduce customizing authorization and policy evaluation
  • Describe use cases related to OAuth 2.0 and UMA
  • Describe use cases related to SAML2
  • Describe the course environment architecture
  • Understand the course ContactList application functionality and its role in this course
  • Manage (starting, stopping) the AM and Directory Services servers
  • Describe development tools and scripts provided with the course environment
Chapter 2: Customizing Authentication

Implement custom authentication services by using authentication trees and nodes provided by AM. Learn to create a custom authentication node and use the node in an authentication tree to provide authentication services for the ContactList application. Explore customization of authentication with client-side and server-side scripts. Cover migration of authentication modules and chains to authentication nodes and trees.

Lesson 1: Introducing Authentication Trees and Nodes

Learn to create an authentication tree comprised of several authentication nodes, provided with AM without any customization, as the proof of concept use case for the course ContactList application. Test the tree implementation within a web browser and use command-line REST API requests to examine the HTTP request-response and data information exchanged between the client web browser and AM:

  • Review the concept of authentication trees and nodes
  • Create a basic authentication tree
  • Add existing authentication nodes to an authentication tree
  • Implement a choice collector authentication node
  • Assign the user choice to a session property
  • Configure the Session Property Whitelist Service for the realm
  • Test the authentication tree in a web browser and with the REST API
  • Run a REST API function to view the authenticated user’s session data
  • Compare tree and chain authentication methods

Lesson 2: Customizing with Authentication Trees and Nodes

Present the AM authentication node API to develop a custom authentication node for use in authentication trees. Implement a custom authentication node to replace the functionality of the choice collector, and to set session property nodes used in the initial authentication tree:

  • Create a custom authentication node project using the Maven archetype from the command line
  • Create a custom authentication node project using the Maven archetype within NetBeans
  • Write the configuration interface for a custom authentication node
  • Manage updates to the authentication node configuration interface
  • Write the business logic for a custom authentication node
  • Deploy a custom authentication node
  • Modify an existing authentication tree to add the custom authentication node
  • Test the custom authentication node using a web browser interface or its REST API

Lesson 3: Developing Scripts with Scripting APIs

Learn to execute client-side and server-side scripts in the context of an authentication tree. Explore how client-side scripts can be run by using a custom authentication node. Process client-side data with a server-side script created for use in a Scripted Decision node in an authentication tree:

  • Explore client-side scripting with authentication nodes
  • Deploy a custom authentication node that runs specific client-side scripts
  • Include a client-side script with the custom authentication node in an authentication tree
  • Create a script for use by a Scripted Decision node in an authentication tree to process the client-side data and return an authentication decision
  • Receive and process data from the client-side script in a server-side script with a Scripted Decision node
  • Understand client-side scripting with authentication trees by examining source code
  • Configure the scripting engine properties and manage the APIs available to server-side scripts
  • Test the script-based authentication with authentication trees and nodes

Lesson 4: Migrating Authentication Modules to Authentication Trees and Nodes

Explore the source code of a custom authentication module and chain implemented for AM versions prior to version 5.0 and the course application. Explore how it is migrated in this course to create custom authentication trees to meet the ContactList application requirements. Examine the use case with a client-side and server-side scripted module in a chain that is migrated for use with a custom authentication node (for the client-side script), and the standard Scripted Decision node (for the server-side scripts) to be implemented in authentication trees:

  • Migrate a server-side authentication script to be used in a Scripted Decision node of an authentication tree
  • Modify the server-side script to receive client-side data in the authentication tree context
  • Design the server-side authentication script outcome values for use in the authentication tree
  • Migrate a client-side authentication (module-based) script to be used by a custom authentication node
  • Write the client-side logic to send client data to the custom authentication node in the context of an authentication tree
Chapter 3: Customizing Authorization

Create and test a set of policies enforcing the security constraints to enable users to access REST endpoints provided by the course ContactList application.

Lesson 1: Customizing Authorization

Learn to write and test a custom policy condition script (using JavaScript) which queries the maintenance mode state of the ContactList application:

  • Review the main elements of the AM policy API
  • Discuss the concept of resource types and policy sets (formerly applications)
  • Describe the concept of application types
  • Illustrate the policy structure
  • Review the main groups of built-in policy conditions and their important members
  • Discuss where an EntitlementCondition and a script condition can be used
  • Implement, build, and deploy an EntitlementCondition
  • Implement, create, and deploy a scripted condition
  • Review the execution flow of the scripted condition
  • Discuss the variables available to the scripted condition
  • Use a scripted condition through the administration interface and the REST API
  • Develop a custom policy condition for the ContactList application
  • Modify the policy condition to return information about the maintenance mode
  • Complete the policy set
Chapter 4: Customizing with REST Clients

Modify the sample ContactList application’s authentication mechanism to use the AM authentication tree service instead of its proprietary REST service.

Lesson 1: Using the REST API

Learn to access AM services though the REST API by using the REST API Explorer in the administration interface and in the ContactList application written in AngularJS. Enable the CORS functionality in AM:

  • Explore AM services available through the REST API
  • Describe the ForgeRock Common REST API
  • Review the main characteristics of the REST API
  • Discuss the verbs available in the REST API
  • Review the status codes returned by the REST API
  • Describe filtering, paging, sorting, and pretty printing
  • Explain the REST API versioning
  • Access the REST API from the administration interface by using a web browser
  • Use the REST API from jQuery
  • Use the REST API from AngularJS
  • Describe and enable CORS
  • List the configuration options for the CORSFilter
  • Configure the CORSFilter in AM
  • Modify the ContactList application to use AM for authentication
  • Examine the client-side and server-side components of the ContactList application
  • Modify an AngularJS module in ContactList that uses AM authentication services

Lesson 2: Authenticating with REST

Use the REST API to perform authentication with AM services implemented as authentication trees:

  • Use the REST API to authenticate a user (sign in)
  • Compare the simplified (username/password) and full authentication APIs
  • Discuss application callback types
  • Use the simplified and full authentication API
  • Describe advanced authentication options (realm, authentication attributes, session upgrade)
  • Use the REST API to log out
  • Validate tokens and manage sessions
  • Describe the session REST API
  • Discuss the identity management REST API
  • Read user attributes
  • Create a realm
  • Modify the ContactList application to use AM for all authentication functions
  • Complete the AngularJS service interfacing AM to cover all authentication functions
  • Modify the login service to use the testSelectRole authentication tree in AM

Lesson 3: Woking with RESTful User Self-Service API

Explore how to implement a password-reset function with the REST API:

  • Review the characteristics of the self-service API
  • Illustrate the flow of password reset
  • Enable the password reset functionality
  • Perform a password reset through the REST API
  • Discuss the flow of user self-registration
  • Enable the user self-registration functionality
  • Perform user self-registration
  • Describe the concept of a user dashboard
  • List dashboard applications through the REST API
  • Implement password reset in the ContactList application
  • Configure AM to use a local email server
  • Emulate password reset using the command line
  • Add password reset functionality to the ContactList application

Lesson 4: Authorizing with REST

Learn to implement authorization in applications by using the REST API:

  • Describe how to protect URL-based resources
  • Explain how to protect non-URL-based resources
  • List the main elements of the policy management API
  • Discuss the entities of the policy service
  • Describe the policy evaluation REST API
  • Explain the concept of policy sets
  • Request policy evaluation for a set of resources
  • Demonstrate how policy evaluation can be used to determine which user interface components to show in a JavaScript client
  • Modify the ContactList application to use AM for authorization
  • Create and test policy sets tailored to the ContactList application
  • Extend the backend of ContactList to use the authorization REST API
  • Extend the front end of ContactList to use the authorization REST API
Chapter 5: Federating with OAuth 2.0

Learn how to federate a client application with AM using the OAuth 2.0/OpenID Connect protocol.

Lesson 1: Implementing OAuth Custom Scopes

Implement a Custom OAuth 2.0 Scope Validator:

  • Explain the benefits of OAuth 2.0
  • List the main elements of OAuth 2.0
  • Illustrate the authorization code flow
  • Describe the OAuth 2.0-related HTTP services available in AM
  • Explain the benefits of OpenID Connect
  • List the main elements of OpenID Connect
  • Illustrate the authorization code flow extended with OpenID Connect
  • Describe the TokenInfo endpoint
  • Describe the UserInfo endpoint
  • Discuss the OpenID Connect HTTP services
  • Explain how scope validation is implemented in AM
  • Implement and register a custom scope validation implementation
  • Describe the default OpenID Connect script
  • Create a custom OpenID Connect script
  • Modify the ContactList application to use OAuth 2.0/ OpenID Connect for authentication and authorization
  • Configure OAuth 2.0 and OpenID Connect in AM
  • Create a customized scope validator and token response
  • Modify the ContactList example application to use OpenID Connect for authentication
  • Modify ContactList to behave as an OAuth 2.0 resource server
Chapter 6: Using User-Managed Access

Introduce the UMA architecture and the UMA flows, and use UMA to add sharing functionality to an OAuth 2.0-secured application. Implement an UMA-compatible resource server and implement an UMA client.

Lesson 1: Customizing with UMA

Implement contact group sharing by using UMA:

  • Explain the benefits and list the elements of UMA
  • Describe the various tokens and tickets used in UMA
  • Illustrate the UMA protocol flow
  • Enable and configure an UMA Provider in AM
  • Configure UMA stores
  • Use the UMA discovery endpoint
  • Manage resources on the UMA administration page
  • Understand the UMA REST API
  • Describe the resource set and user label endpoints
  • Discuss the policy endpoint
  • Explain the permission request, requesting party token, and pending request endpoints
  • Understand UMA customization points
  • Register UMA filters
  • Implement resource sharing in the example application

ForgeRock Identity Management Training Courses

Course Overview

The ForgeRock Identity Management Core Concepts course is for students who want to learn how to implement ForgeRock® Identity Management (IDM) to manage the lifecycle and relationship of digital identities within the context of a Customer Identity and Access Management solution (CIAM), and the integration with the ForgeRock Identity Platform™.

Note that Revision B.1 of this course is built on version 6.5 of IDM.

Duration – 5 Days

Who Can Benefit

This course is aimed at those responsible for overseeing various aspects of a successful deployment of ForgeRock IDM. This includes, but is not limited to, those with the following roles:

  • ​System Integrators
  • System Consultants
  • System Architects
  • System Developers
  • System Administrators

Skills Gained

Upon completion of this course, you should be able to:

  • Introduce IDM and explore the fictitious ForgeRock Entertainment Company (FEC) CIAM solution
  • Install IDM and examine the default interfaces
  • Deploy and manage IDM as a development project
  • Perform basic IDM troubleshooting
  • Configure the default user registration process
  • Configure the User Self-Service functions, including password reset, forgotten username, and KBA options
  • Add a custom field to the End User UI registration page
  • Delegate the administration privileges of account properties to a group of users
  • Configure social identity providers
  • Integrate IDM with the ForgeRock Identity Platform
  • Use the REST interface to access IDM
  • Connect to external resources using OpenICF
  • Perform basic synchronization
  • Run selective synchronization and LiveSync
  • Configure role-based provisioning
  • Manage user preferences
  • Configure privacy and consent
  • Enable progressive profiling and add terms and conditions
  • Enable the profile and privacy management dashboard
  • Manage a basic relationship within the managed user object
  • Model relationships based on a given use case
  • Manage a relationship between a user and device
  • Deploy and test a given workflow
  • Explore the beginnings of creating a workflow

Prerequisites

The following are prerequisites to successfully completing this course:

  • Basic knowledge and skills using the Linux operating system to complete labs
  • Basic knowledge of JSON, JavaScript, REST, Java, Groovy, SQL, and LDAP helpful for understanding examples; however, programming experience is not required

Course Details

Chapter 1: Introducing IDM and Getting Started

  • Lesson 1: Introducing IDM and Exploring the FEC Solution
  • Lesson 2: Installing IDM
  • Lesson 3: Deploying and Managing IDM as a Project
  • Lesson 4: Performing Basic IDM Troubleshooting

Chapter 2: Enabling User Registration and Self-Service

  • Lesson 1: Configuring the Default User Registration Process
  • Lesson 2: Configuring IDM User Self-Service
  • Lesson 3: Delegating Administration Privileges

Chapter 3: Adding Social Registration and Authentication

  • Lesson 1: Configuring Social Identity Providers
  • Lesson 2: Integrating IDM with the ForgeRock Identity Platform

Chapter 4: Managing Synchronization and Reconciliation

  • Lesson 1: Using the REST Interface to Access IDM
  • Lesson 2: Connecting to External Resources Using OpenICF
  • Lesson 3: Performing Basic Synchronization
  • Lesson 4: Running Selective Synchronization and LiveSync
  • Lesson 5: Configuring Role-Based Provisioning

Chapter 5: Managing the IDM Privacy and Consent Options

  • Lesson 1: Managing User Preferences
  • Lesson 2: Configuring Privacy and Consent
  • Lesson 3: Enabling Progressive Profiling and Adding Terms and Conditions
  • Lesson 4: Enabling the Profile and Privacy Management Dashboard

Chapter 6: Managing Relationships Between Objects in IDM

  • Lesson 1: Managing Relationships in IDM
  • Lesson 2: Modeling Relationships in IDM
  • Lesson 3: Managing Devices and Things in IDM (Optional)

Chapter 7: Getting Started with Workflow

  • Lesson 1: Deploying and Starting a Workflow
  • Lesson 2: Deploying and Creating a Workflow

ForgeRock Directory Services Training Courses

Course Overview

The ForgeRock® Directory Services Core Concepts course is for students who want to learn how to implement ForgeRock® Directory Services (DS) in a ForgeRock Identity Platform™ (Platform) deployment and as a standalone service. Current platform best practices are used to deploy and maintain DS. Using lab exercises in this course, students gain hands-on experience with the important features and capabilities of DS, which they can use to deploy DS on the job.

Note that Revision A.2 of this course is built on version 6.5.1 of DS.

Duration – 5 Days

Who Can Benefit

The following are the target audiences for this course:

  • System Integrators
  • System Consultants
  • System Architects
  • System Developers
  • System Administrators

Skills Gained

Upon completion of this course, you should be able to:

  • Understand how DS is used in a Platform deployment
  • Install DS as a standalone service or as an external data store for the Platform
  • Use setup profiles to configure DS during installation
  • Manage backend data stores
  • Monitor and tune DS for different deployment types using HTTP and LDAP
  • Implement access control and privileges
  • Configure delegated administration
  • Back up and restore backends
  • Import and export data
  • Manage custom attributes
  • Manage log publishers
  • Replace self-signed replication certificates
  • Plan for a migration from Oracle Directory Server Enterprise Edition to DS
  • Manage entries using the CLI and REST
  • Implement high availability using replication
  • Monitor health status
  • Monitor and troubleshoot replication
  • Manage DS in a ForgeRock® Identity Management (IDM) deployment
  • Manage DS in a ForgeRock® Access Management (AM) deployment
  • Deploy a distributed topology
  • Configure data confidentiality
  • Install and configure directory proxy servers
  • Configure Prometheus and Grafana to monitor DS instances

Prerequisites

The following are the prerequisites to successfully completing this course:

  • Basic knowledge and skills using the Linux operating system to complete labs
  • Basic knowledge of LDAP, JSON, REST, Java

Course Details

Chapter 1: Introducing ForgeRock Directory Services (DS)

  • Lesson 1: Understanding how DS is used in the Platform
    • Describe how the platform uses DS
    • Describe deployment options
  • Lesson 2: Installing DS
    • Describe request processing
    • Understand where data is stored
    • Understand the installation process
  • Lesson 3: Managing data stores
    • Manage the configuration
    • Manage data stores
    • Manage Entries
  • Lesson 4: Protecting entries
    • Understand how access control is applied
    • Display privileges
  • Lesson 5: Locating default log files
    • Describe log publishers
    • Describe default log files
  • Lesson 6: Understanding DS monitoring capabilities
    • Describe DS monitoring
    • Describe HTTP monitoring
    • Describe LDAP monitoring
    • Describe SMTP monitoring
    • Describe JMX monitoring
    • Monitor health status

Chapter 2: Maintaining DS in an AM Deployment

  • Lesson 1: Preparing DS as an external configuration and identity store for AM
    • Describe how DS is used in a default AM Deployment
    • Configure DS instances as external configuration and identity stores for AM
  • Lesson 2: Preparing DS as an external CTS token store for AM
    • Describe CTS deployment options
    • Configure DS as an external CTS token store for AM
  • Lesson 3: Performing essential administration tasks
    • Backup and restore an AM data store
    • Configure a highly available CTS
    • Enable secure communication between AM and DS
  • Lesson 4: Monitoring and tuning DS in an AM deployment
    • Monitor replication and disk space
    • Reduce replication traffic
    • Tune LDAP connection pools and AM caches
  • Lesson 5: Troubleshooting DS in an AM deployment
    • Enable platform transaction ID propagation
    • Configure log filtering

Chapter 3: Deploying DS as a User Store

  • Lesson 1: Populating backends
    • Populate a backend
  • Lesson 2: Managing custom attributes
    • Add custom schema
    • Configure virtual attributes
  • Lesson 3: Delegating administration
    • Assign administrators to groups
    • Assign access control to subscriber entries
    • Grant privileges to administrators
  • Lesson 4: Managing authentication policies
    • Configure authentication policies
  • Lesson 5: Using REST to manage entries
    • Describe REST
    • Configure embedded REST API
    • Configure REST to LDAP gateway
    • Perform RESTful operations
  • Lesson 6: Implementing high availability and scalability through replication
    • Deploy a replication topology
    • Manage a replication topology
    • Replace self-signed replication certificates
  • Lesson 7: Monitoring and tuning a user store
    • Configure SNMP monitoring
    • Monitor indexes
    • Measure throughput and response times
    • Understand areas that affect performance
  • Lesson 8: Troubleshooting replication
    • Identify replication issues
    • Backup and restore a replicated topology
  • Lesson 9: Planning for a migration from Oracle DSEE to DS
    • Prepare for a migration from Oracle DSEE to DS

Chapter 4: Maintaining DS in a ForgeRock Identity Management Deployment (IDM)

  • Lesson 1: Using DS as an IDM repository
    • Explore the default DS repository in IDM
    • Configure DS as an external IDM repository
  • Lesson 2: Provisioning subscribers to DS
    • Describe how IDM synchronizes data
    • Provision subscribers to DS
  • Lesson 3: Synchronizing passwords between DS and IDM
    • Enable mutual authentication
    • Install DS password synchronization plugin
  • Lesson 4: Monitoring and troubleshooting DS in an IDM deployment
    • Monitor DS and IDM logs
    • Troubleshoot password synchronization

Chapter 5: Creating a Distributed Topology

  • Lesson 1: Exploring DS scalability options
    • Describe scaling options
    • Protect user privacy
  • Lesson 2: Configuring a distributed topology
    • Configure regional data stores
    • Upgrade a distributed topology
  • Lesson 3: Monitoring and tuning a distributed topology
    • Monitor a distributed topology
    • Tune DS for multiple backends

ForgeRock Identity Gateway Training Courses

Course Overview

The ForgeRock® Identity Gateway Core Concepts course is for students who want to examine core concepts and implement key use cases and features of ForgeRock Identity Gateway (IG) to help extend access to and protect web applications, legacy applications, and application programming interfaces (APIs), within an access management solution.

This course comprises a mix of instructor-led lessons and demonstrations with plenty of lab exercises to ensure an opportunity to fully understand each of the topics covered. It provides students with the necessary skills to plan, install, configure, and administer an IG deployment. The main goal of the course is to provide a thorough understanding of, and hands-on experience with IG, so students can control the most important functions of and manage a successful production deployment.

Note that Revision B of this course is built on version 6.5 of ForgeRock Identity Gateway.

Duration – 4 Days

Who Can Benefit

The following are the target audiences for this course:

  • System Integrators
  • System Consultants
  • System Architects
  • System Administrators
  • Web Developers

Skills Gained

Upon completion of this course, you should be able to:

  • Describe the role and use cases where IG fits within a ForgeRock Identity Platform™ solution, the basic concepts of IG, and how to perform a basic installation and configuration of IG.
  • Use IG to protect a legacy application.
  • Configure agentless single sign-on with IG, where authentication can be delegated to AM, including cross-domain, to an OIDC provider, or to a SAML2 Identity provider.
  • Extend IG to support the retrieval of user profile attributes.
  • Use IG as a policy enforcement point to protect a given web application, where AM is the policy decision point, and configure authentication step-up and transactional authorization.
  • Protect a REST API using OAuth2-based solutions.
  • Extend the solution using scripting.
  • Prepare for production of an IG project by addressing maintenance, tuning, security, and deployment questions.

Prerequisites

The following are the prerequisites to successfully completing this course:

  • Basic knowledge and skills using the Linux operating system to complete labs
  • Basic knowledge of HTTP and communications between clients and web applications is critical to understanding and working with IG
  • Basic knowledge of JSON, JavaScript, REST, Java, Groovy, SQL, and XML helpful in understanding examples, especially Groovy for scripting within IG
  • Attendance at AM400 ForgeRock Access Management Core Concepts course or equivalent knowledge

Course Details

Chapter 1: Integrating a web site and a legacy application with IG

Describe the role and use cases where IG fits within a ForgeRock Identity Platform solution, basic concepts of IG, and how to perform a basic installation and configuration of IG.

Lesson 1: Introducing ForgeRock Identity Gateway

  • Provide an overview of IG
  • Discuss IG use cases
  • Present IG features

Lesson 2: Fronting a website with IG

  • Show how IG acts as a reverse proxy
  • Discuss proxying WebSocket traffic
  • Describe installation requirements and install IG
  • Use IG Studio to protect a website
  • Examine IG configuration structure

Lesson 3: Routing and processing requests and responses

  • Understand how IG routes requests depending on external conditions
  • Describe how Handlers direct requests and responses within a route
  • Explain how filters process requests and responses
  • Implement password replay

Lesson 4: Understanding IG object model and logging

  • Understand the IG object model
  • Examine request, response, context, and session
  • Use a CaptureDecorator to perform logging
  • Configure the FileAttributesFilter
Chapter 2: Configuring Agentless Single Sign-On

Demonstrate how to integrate single sign-on in an IG solution by delegating authentication to either an AM solution, including cross-domain, an OIDC provider, or a SAML2 Identity provider.

Lesson 1: Implementing authentication with the SingleSignOnFilter

  • Use Freeform technology preview to protect a website
  • Configure an AM Service
  • Describe the use of the SingleSignOnFilter
  • Retrieve information from AM using the UserProfileFilter and SessionInfoFilter

Lesson 2: Configuring CDSSO for the legacy application

  • Describe and implement a CrossDomainSingleSignOnFilter

Lesson 3: Performing SSO with IG as an OpenID Connect relying party

  • Describe and implement an OAuth2ClientFilter

Lesson 4: Providing SSO with IG as a SAML2 service provider

  • Describe and implement a SAML2FederationHandler
  • Describe and implement a DispatchHandler
Chapter 3: Controlling access with IG as Policy Enforcement Point

Use IG as a policy enforcement point to protect a given web application, where AM is the policy decision point, using policies and policies with advice to provide authentication step-up and transactional authorization.

Lesson 1: Implementing authorization with a PolicyEnforcementFilter

  • Describe and implement a PolicyEnforcementFilter

Lesson 2: Providing step-up authentication and transactional authorization

  • Describe and implement step-up authentication
  • Describe and implement transactional authorization
Chapter 4: Protecting a REST API

Use IG as an OAuth2 resource server to protect a REST API and demonstrate how the solution can be extended by using scripting

Lesson 1: Configuring IG as an OAuth2 resource server

  • Describe and implement an OAuth2ResourceServerFilter
  • List access token resolvers
  • Observe the flow with the TokenIntrospectionAccessTokenResolver

Lesson 2: Extending functionality with scripts

  • Describe the scripting framework for extending IG functionality
  • Examine and implement dynamic scopes solution
Chapter 5: Preparing for production with IG

Highlight various areas that must be taken into account when preparing to go to production with an IG solution, such as maintenance, tuning, security, and deployment.

Lesson 1: Auditing, monitoring, and tuning an IG solution

  • Describe and implement auditing
  • Discuss monitoring
  • Examine tuning questions

Lesson 2: Developing awareness of security questions with IG

  • Discuss IG best practices regarding security
  • Examine and implement common secrets
  • Describe and implement throttling

Lesson 3: Deploying IG

  • Describe and implement property value substitution
  • Set up multiple IG instances

ForgeRock DevOps Training Courses

Course Overview

This expert-led workshop guides students through the deployment of the ForgeRock Identity Platform™ (the Platform) on a Kubernetes cluster running in Google Kubernetes Environment (GKE).

The workshop initially describes how to use the ForgeRock Cloud Developer’s Kit (CDK) to deploy a sample configuration of the Platform, which includes ForgeRock® Access Management (AM) and ForgeRock® Identity Management (IDM), which share ForgeRock® Directory Service (DS) as an identity store.

The CDK is used to configure the Platform and redeploy the updated configuration in an existing Kubernetes cluster.

Students then create a new cluster using Pulumi tools and deploy the Platform by following the Cloud Deployment Model (CDM). Monitoring add-ons tools are included with the CDM example. The skills gained by performing deployments with the CDK and CDM reference examples, help you identify the Kubernetes cluster and the Platform configuration requirements needed for preparation to move deployments into other environments, such as test and production.

The last chapter of the workshop explores how to migrate the ForgeRock Entertainment Company (FEC) portal configuration from the IDM Core Concepts course to Kubernetes.

This workshop uses the ForgeRock DevOps documentation set as a reference for the hands-on labs instead of providing a dedicated Student Workbook, as offered with the Core Concepts courses. You will work with the instructor to improvise any steps that are necessary for the given lab environment.

Also, it is important that you have already successfully completed the relevant ForgeRock Core Concepts courses before attending this workshop. It is beneficial that you also have experience working with DevOps technology such as Kubernetes, Skaffold, Kustomize, Git, among other related tools.

Note: Revision B of this course is based on the DevOps 6.5 documentation.

Duration – 3 Days

Who Can Benefit

This workshop is aimed at technical audiences who are responsible for deploying and managing the Platform on Kubernetes. This includes, but is not limited to, those with the following responsibilities:

  • Developers who are responsible for deploying and configuring the Platform in a DevOps development environment, and helping others migrate those deployments to production.
  • Other technical audiences, such as system integrators, consultants, architects, administrators, and sales/support engineers who need to learn how to plan deployments and configure clusters suitable for deploying the Platform in the cloud.

Skills Gained

Upon completion of this course, you should be able to:

  • Introduce the Platform and deploy a default configuration using DevOps techniques.
  • Configure the Platform using the Cloud Developer Kit (CDK).
  • Deploy a configuration of the Platform based on the Cloud Deployment Model (CDM).
  • Prepare the Platform for deployment to multiple environments.
  • Migrate the FEC Portal sample application to Kubernetes.

Prerequisites

The following are the prerequisites for successfully completing this course:

  • Completion of the ForgeRock University [AM-400, IDM-400, DS-400, IG-400 (optional)] Core Concept courses, to ensure that you know:
    • How to configure and administer DS, AM, Amster, IDM, and (optionally) ForgeRock® Identity Gateway (IG).
    • How to use the appropriate commands and user interfaces for each component.
  • Students should already be familiar with the following technologies and be able to use the related commands to deploy and manage software in a DevOps environment:

Note: To deploy the Platform on Kubernetes, ForgeRock has simplified its reference cloud deployment, based on a new tool set that includes Git, Skaffold, and Kustomize, to simplify deployment to Kubernetes. The CDK and CDM examples can be used by your DevOps team to deploy and start up the Platform in a public cloud such as Amazon, Google, or Microsoft Azure.

Course Details

Chapter 1: Introducing the ForgeRock Identity Platform and Deploying a DevOps Example

This chapter shows you how to access and configure your CloudShare VM development environment, access your GKE cluster in a GCP account, and deploy the Platform to the GKE cluster by following the CDK documentation and using software provided with the ForgeRock/forgeops repository.

Lesson 1: Introducing ForgeRock DevOps Documentation and Examples

  • Describe the Platform and related DevOps techniques for deploying the Platform to Kubernetes
  • Access your Cloudshare lab environment and developer desktop
  • Access your associated GCP account for deploying the Platform
  • Describe the DevOps documentation and the CDK and CDM methods of deployment
  • Describe the DevOps tools for deployment, and deploy a simple application to validate the environment

Lesson 2: Deploying the ForgeRock Identity Platform to GKE

  • Prepare your DevOps environment
  • Deploy the Platform to a GKE cluster
  • Verify that the Platform is deployed and accessible
  • Work with basic DevOps commands to explore the Platform
  • Remove the Platform deployment and clean up the environment
  • Compare the deployment of the Platform to other cloud providers, such as Amazon Elastic Cloud Services for Kubernetes (Amazon EKS) and Azure Kubernetes Service (AKS)

Lesson 3: Troubleshooting When Problems Arise

  • Approach troubleshooting of common issues in Kubernetes systematically
  • Run commands for troubleshooting environment issues, containerization issues, and orchestration issues
  • Identify resources for getting additional support

 

Chapter 2: Configuring the ForgeRock Identity Platform

This chapter shows you how to build and use your own base Docker image for deploying the Platform, and how to deploy a custom configuration using the CDM approach.

Lesson 1: Deploying the Platform with Custom Docker Images

  • Navigate the forgeops repository
  • Describe data used during the deployment of the Platform
  • Customize Docker images for the Platform
  • Work with Kubernetes manifests and objects
  • Manage the configuration life cycle with Skaffold

Lesson 2: Preparing Your Environment for Deployment Based on the CDM

  • Describe the ForgeRock Cloud Deployment Model (CDM)
  • Describe the requirements for creating and setting up the deployment environment for the CDM
  • Create a Kubernetes cluster using Pulumi
  • Deploy an ingress controller on the cluster
  • Deploy the certificate manager on the cluster
  • Set up your local environment to push Docker images

 

Chapter 3: Monitoring, Backing Up, and Restoring the Environment

This chapter describes how to add monitoring to an already deployed CDK or CDM environment using the Prometheus-deploy.sh script provided in the forgeops repository. The chapter will also describe how you can use the provided benchmarking tools to generate a load on the environment for monitoring purposes.

In addition, the chapter covers how to back up and restore the Platform using the provided scripts in the forgeops repository.

Lesson 1: Monitoring Your Deployment

  • Describe the monitoring infrastructure for the CDM
  • Deploy the monitoring tools on a cluster
  • Monitor the CDM deployment
  • Benchmark the CDM deployment for monitoring

Lesson 2: Backing Up and Restoring the Platform

Upon completion of this lesson, you should be able to:

  • Describe backup and restore with CDM
  • Enable CDM backup
  • Manage the backup schedule
  • Initiate backups manually
  • Use CDM restoration features
  • Initiate restoration manually

 

Chapter 4: Deploying the Platform to Multiple Environments

This chapter covers how to manage additional environments with Skaffold and Kustomize profiles, and prepare to move the deployment configuration to other environments for deployment, such as test and production.

Lesson 1: Managing Multiple Deployment Environments

  • Manage multiple environments with Skaffold and Kustomize profiles
  • Prepare for deployment to multiple environments
  • Move from development to other environments

Lesson 2: Building Your Own Docker Base Images

  • Prepare ForgeRock software for your own base Docker images
  • Create your own base Docker images
  • Deploy with your own Docker base images

Lesson 3: Handling Secrets

  • Provide an overview of the forgeops secret generation functionality
  • Manage and override generated secrets

 

Chapter 5: Migrating an Application to Kubernetes

This chapter discusses how to migrate the existing FEC Portal solution from the IDM-400 Rev B course, which is using non-DevOps techniques for installation and configuration, to Kubernetes using DevOps techniques as presented in the DevOps documentation.

Lesson 1: Migrating an Existing DS Configuration to Kubernetes

  • Discuss how you can migrate an existing DS configuration to Kubernetes
  • Migrate the DS configuration and sample user data using the CDK

Lesson 2: Migrating an Existing AM Configuration to Kubernetes

  • Discuss how you can migrate an existing AM configuration to Kubernetes
  • Migrate an existing AM configuration to Kubernetes
  • Customize the AM web application during deployment

Lesson 3: Migrating an Existing IDM Configuration to Kubernetes

  • List the challenges of migrating IDM to Kubernetes
  • Implement the required changes to IDM to update IDM from a previous release
  • Migrate the configuration from a previous version of IDM to the CDK
  • Migrate data from a previous version of IDM to Kubernetes (Optional)

ForgeRock Identity Cloud Training Courses

Course Overview

This course takes students from a high-level understanding of how ForgeRock® Identity Cloud (Identity Cloud) works, through the various online resources available to them, to a fully functional hands-on development environment, where they learn how to implement the many features of Identity Cloud in a training environment. Students take real-world use cases and implement them in a provided live Identity Cloud environment, where they learn the concepts and tasks necessary to successfully manage identities, applications, and user journeys in their own Identity Cloud.

Duration – 3 Days

Who Can Benefit

The target audiences for this course include:

  • ForgeRock Identity Cloud Administrators
  • Technical users new to ForgeRock Identity Cloud and other ForgeRock products
  • Those new to Identity Cloud and considering taking the certification exam

Skills Gained

Upon completion of this course, you should be able to:

  • Describe the benefits and features of Identity Cloud, understand how to access an Identity Cloud tenant and your CloudShare lab environment
  • Manage the onboarding of users through self-service, importing bulk identities, and synchronizing identities between Identity Cloud and external resources
  • Create new user journeys to support how end users authenticate and perform self-service with Identity Cloud
  • Integrate application client profiles and gateway profiles into Identity Cloud to support external applications accessing Identity Cloud for identity and access management services
  • Manage federation to let employees with credentials stored in a remote Active Directory data store access services in Identity Cloud

Prerequisites

The following are the prerequisites for successfully completing this course:

  • Completion of the ForgeRock Product Essentials courses

Course Details

Chapter 1: Introducing Identity Cloud

Describe the benefits and features of Identity Cloud, understand how to access an Identity Cloud tenant and your CloudShare lab environment.

Lesson 1: Introducing ForgeRock Identity Cloud

Provide an overview of Identity Cloud, starting with what students should already know about it, and relate it to their job role, and the tasks they need to perform to support the business requirements supported by Identity Cloud:

  • Describe Identity Cloud
  • Describe the top ten customer business requirements
  • Describe Identity Cloud onboarding services

Lesson 2: Getting Access to Identity Cloud

Describe the onboarding process or procedure for getting access to Identity Cloud:

  • Describe the tenant registration process
  • Describe the Identity Cloud Admin UI

Lesson 3: Accessing Your CloudShare Lab Environment

A short lesson to introduce and access the CloudShare lab environment:

  • Describe the CloudShare lab environment
  • Log in to your CloudShare lab environment

Chapter 2: Managing User Identities

Manage the onboarding of users through self-service, importing bulk identities, and synchronizing identities between Identity Cloud and external resources.

Lesson 1: Managing Identities

Manage user identities as an Identity Cloud administrator using the Identity Cloud Admin UI, which is an administrative interface to manage your tenant settings. Delegate user management in the End User UI to end users:

  • Describe use cases and processes for managing identities
  • Manage identities using the Identity Cloud Admin UI
  • Set up 2-step verification and configure delegated administration
  • Describe use cases and processes for password policy management
  • Configure default password policies

Lesson 2: Onboarding Users With Self-Service

Add new users to your tenant through self-registration

  • Describe use cases and processes for self-registration
  • Create a new user using self-registration
  • Describe use cases and processes for managing personal data and consent
  • Manage personal data and consent

Lesson 3: Adding Identities with Bulk Import

Bulk import user identities from a CSV file:

  • Describe use cases and processes for bulk import
  • Add customers to Identity Cloud
  • Troubleshoot import failures

Lesson 4: Utilizing Placeholder Attributes

Update and extend the managed user object schema to add properties to a user’s profile:

  • Describe use cases and processes for placeholder attributes
  • Manage placeholder attributes

Lesson 5: Synchronizing Identities from External Resources

Connect to external resources using a Remote Connector Server, and synchronize identities between Identity Cloud and on-premises resources:

  • Describe use cases and processes for synchronizing identities from an external resource
  • Configure remote connections between your tenant and external ForgeRock® Directory Services (DS)
  • Describe how to synchronize identities
  • Synchronize entries between DS and Identity Cloud
  • Synchronize entries between Identity Cloud and DS
  • Configure remote connections between your tenant and an external AD server
  • Synchronize AD entries
  • (Optional) Configure a Remote Connector Server cluster

Lesson 6: Managing Provisioning Roles and Assignments

Manage provisioning roles and assignments within the platform to provision attributes to external resources:

  • Describe roles and assignment use cases and processes
  • Create assignments and provisioning roles

Lesson 7: (Optional) Additional Administration Tasks

Discuss and demonstrate additional tasks that an Identity Cloud administrator should be aware of:

  • Describe how to add a custom domain name
  • Describe how to access Identity Cloud using REST API endpoints
  • Describe how to access platform logs
  • Describe how to monitor your environment

Chapter 3: Managing User Journeys

Create new user journeys to support how end users authenticate and perform self-service with Identity Cloud.

Lesson 1: Exploring the User Journeys

Describe the purpose of the preconfigured user journeys included with Identity Cloud, and explore each user journey as an Identity Cloud administrator and an end user:

  • Describe the preconfigured user journeys
  • View the preconfigured user journeys
  • Describe the URLs and realms relationship
  • Describe the preconfigured ProgressiveProfile journey
  • Collect user preferences upon subsequent logins
  • Describe the self-service journeys
  • Recover your forgotten username, reset your password, and update your password

Lesson 2: Modifying the User Journeys

Use the journey editor in Identity Cloud to duplicate and modify the default Login user journey:

  • Describe the role of authentication nodes and trees within Identity Cloud
  • Modify the default Login user journey
  • Modify the UI theme for an organization
  • Make minor branding changes
  • Describe how to modify the preconfigured email templates
  • Modify an email template for the ResetPassword and Registration journeys
  • Describe how to reference variables from within a script

Lesson 3: Configuring User Self-Service

Configure the self-service features of Identity Cloud to empower end users to independently make changes to their identity, instead of going through a help desk:

  • Describe the KBA-related journey
  • Configure the KBA questions and set requirements
  • Describe the Terms and Conditions-related journey
  • Configure and set the Terms and Conditions

Lesson 4: Configuring Social Registration and Authentication

Configure Identity Cloud to let end users register and authenticate new accounts using a social provider:

  • Describe steps for configuring social registration and authentication
  • Configure a social identity provider for Identity Cloud
  • Describe how you can add social registration
  • Add social registration to the preconfigured Registration user journey
  • Describe how you can add social authentication
  • Add social authentication to the preconfigured Login user journey

Chapter 4: Integrating Applications and Gateways

Integrate application client profiles and gateway profiles into Identity Cloud to support external applications accessing Identity Cloud for identity and access management services.

Lesson 1: Defining Applications

Describe the role of an application in Identity Cloud:

  • Describe the role of applications in Identity Cloud
  • Describe the supported application types

Lesson 2: Adding an Application Client Profile

Add a new application client profile in Identity Cloud for a given ForgeRock® SDK sample application, and validate the application can authenticate with Identity Cloud using the client profile:

  • Describe the role of the ForgeRock SDKs within Identity Cloud
  • Describe the tasks for adding a browser-based type application
  • Add a browser-based type application
  • Use an SSO token with a browser-based application

Lesson 3: Integrating Identity Gateway

Add a gateway profile, and supporting application client profile, to integrate ForgeRock® Identity Gateway (Identity Gateway) with Identity Cloud:

  • Describe the Identity Cloud with Identity Gateway use cases
  • Configure Identity Cloud to validate access tokens from Identity Gateway
  • Configure Identity Cloud as an OIDC provider
  • Configure Identity Cloud as an SSO authentication server

Chapter 5: Managing Federation

Manage federation to let employees with credentials stored in a remote Active Directory data store access services in Identity Cloud.

Lesson 1: Integrating Third-Party Services using SAML

Integrate Identity Cloud with a third-party provider using SAML v2.0 to provide SSO services:

  • Describe use cases and processes for integrating with a third-party using SAML
  • Configure Identity Cloud as a SAML Service Provider
  • Configure Relying Party Trust
  • Configure ADFS as a SAML Identity Provider

Certification

ForgeRock offers world-class certifications designed to validate and recognize IT professionals with the technical capabilities and real-world experience needed to effectively design, deploy, and manage ForgeRock Identity Platform. Red Education delivers the complete curriculum of ForgeRock University courses. As ForgeRock’s largest Training Provider in Asia Pacific, EMEA, SAARC & LATAM we offer all courses in our popular Virtual-Instructor-Led-Training option or traditional classroom training.

ForgeRock Certified Access Management Specialist

The ForgeRock Certified Access Management Specialist exam is targeted at IT professionals responsible for administering and deploying ForgeRock Access Management solutions. The exam validates your ability to install, configure, administer, troubleshoot and maintain components of ForgeRock Access Management.

  • The exam consists of 100 questions that must be completed in 120 minutes.

  • Questions are multiple choice.

  • You must achieve a minimum score of 53% to pass.

It is required that you attend the ForgeRock Access Management: Core Concepts course before attempting the exam. The ForgeRock Access Management Customization and APIs course will also be of benefit to exam candidates.

Prerequisites

  • Attendance on AM-400 ForgeRock Access Management: Core Concepts (required)
  • Attendance on FR-421/AM-421 ForgeRock Access Management Customization and APIs (recommended)
  • Experience installing and configuring ForgeRock Access Management in a production environment

The ForgeRock Certified Identity Management Specialist

The ForgeRock Certified Identity Management Specialist exam is targeted at IT professionals responsible for administering and deploying ForgeRock Identity Management solutions. The exam validates your ability to install, configure, administer, troubleshoot and maintain components of ForgeRock Identity Management.

  • The exam consists of 100 questions that must be completed in 120 minutes.
  • Questions are multiple choice.
  • You must achieve a minimum score of 68% to pass.

It is required that you attend the ForgeRock Identity Management: Core Concepts course before attempting the exam.

Prerequisites

  • Attendance on IDM-400 ForgeRock Identity Management: Core Concepts (required)
  • Experience installing and configuring ForgeRock Identity Management in a production environment

ForgeRock® Identity Cloud Certified Professional

The ForgeRock Identity Cloud Professional exam is for IT professionals responsible for administering deployments of the ForgeRock Identity Cloud. The exam validates your ability to configure, administer, troubleshoot and maintain components of ForgeRock Identity Cloud tenants.

The exam consists of 60 questions that must be completed in 90 minutes.

  • Questions are multiple choice.
  • You must achieve a minimum score of 70% to pass.

Prerequisites

  • Attendance on FR-300 Getting Started with ForgeRock Identity Cloud (required)
  • Experience configuring and administering ForgeRock Identity Cloud tenants in a production environment

Once you have met the prerequisites, the next step will be to visit Pearson VUE, where you can book and pay for your exam.

If this is your first time taking a ForgeRock certification exam, please create a new web account using the Candidate ID provided in order to schedule the exam that you have been authorized to take.

This is required even if you have taken other certification exams at Pearson VUE and have an existing account.

Find detailed information about ForgeRock Certification Program here.

Or learn more about ForgeRock’s certification program from the Certification Data Sheet (pdf).

RED REVIEWS

WHAT OUR CUSTOMERS SAY

Translate »