Learn how to architect, build, and deploy your Identity solution
Got a question let us know! You’ve come to the right place.
We cover ForgeRock’s training portfolio and our trainers bring to the classroom decades of extensive experience. All ForgeRock training courses we deliver consist of Lectures, Labs, and Discussions and are available either in a classroom setting or as virtual live courses. We can guarantee that you will leave feeling compete to leverage technology successfully.
ForgeRock Access Management Training Courses

Course Overview
The aim of this course is to showcase the key features and capabilities of the versatile and powerful ForgeRock® Access Management (AM). It provides the student with the knowledge and confidence to manage their own environment. It is accepted that this course is not able to demonstrate all the features and capabilities of AM.
Duration – 5 Days
Who Can Benefit
The target audiences for this course include:
- ForgeRock Access Management Administrators
- System Integrators
- System Consultants
- System Architects
- System Developers
Skills Gained
Upon completion of this course, you should be able to:
- Start with an unprotected website and end up with a fully functional access management solution where every user trying to access the website is redirected to AM for authentication
- Improve access management security in AM with multi-factor authentication (MFA), context-based risk analysis, and continuous risk checking
- Implement OAuth 2.0 (OAuth2) based protocols; namely, OAuth2 and OpenID Connect 1.0 (OIDC), to enable low-level devices and mobile applications to make requests that access resources belonging to a subscriber
- Demonstrate federation across entities using SAML2 with AM
- Install a new AM instance configured with external directory server data stores as the foundation for an AM cluster
Prerequisites
The following are the prerequisites for successfully completing this course:
- Completion of the ForgeRock® Access Management Essentials course
- Knowledge of UNIX/Linux commands
- An understanding of HTTP and web applications
- A basic understanding of how directory servers function
- A basic understanding of REST
- A basic knowledge of Java based environments would be beneficial, but no programming experience is required
Course Details
Chapter 1: Enhancing Intelligent Access
Start with an unprotected website and end up with a fully functional access management solution where every user trying to access the website is redirected to AM for authentication.
Lesson 1: Exploring Authentication Mechanisms
Explore the AM Admin UI and view the role of cookies used during and after authentication:
- Introduce AM authentication
- Understand realms
- Describe authentication life cycle
- Explain sessions
- Examine session cookies
- Prepare the lab environment
- Examine an initial AM installation
- Configure a realm and examine AM default authentication
- Experiment with session cookies
- Describe the authentication mechanisms of AM
- Create and manage trees
- Explore tree nodes
- Create a login tree
- Test the login tree
Lesson 2: Protecting a Website With IG
Show how ForgeRock® Identity Gateway (IG), integrated with AM, can protect a website:
- Present AM edge clients
- Describe IG functionality as an edge client
- Review the ForgeRock Entertainment Company (FEC) website protected by IG
- Integrate the FEC website with AM
- Observe the IG token cookie
- (Optional) Review IG configuration
- Authenticate identities with AM
- Integrate identities in AM with an identity store
- Create an authentication tree with an LDAP Decision node
- Integrate an identity store with AM
Lesson 3: Controlling Access
Create security policies to control which users can access specific areas of the website:
- Describe entitlements with AM authorization
- Define AM policy components
- Define policy environment conditions and response attributes
- Describe the process of policy evaluation
- Implement access control on a website
Chapter 2: Improving Access Management Security
Improve access management security in AM with multi-factor authentication (MFA), context-based risk analysis, and continuous risk checking.
Lesson 1: Increasing Authentication Security
Increase authentication security using MFA:
- Describe MFA
- Register a device
- Include recovery codes
- Examine OATH authentication
- Implement Time-based One-time Password (TOTP) authentication
- (Optional) Implement HMAC-based One-time Password (HOTP) authentication
- Examine Push notification authentication
- (Optional) Implement Push notification authentication
- Implement passwordless WebAuthn
- (Optional) Implement passwordless WebAuthn
- Examine HOTP authentication using email or SMS
- (Optional) Implement HOTP authentication using email or SMS
Lesson 2: Modifying a User’s Authentication Experience Based on Context
Describe how AM can take into account the context of an authentication request in order to take access decisions:
- Introduce context-based risk analysis
- Describe device profile nodes
- Determine the risk based on the context
- Implement a browser context change script
- Lock and unlock accounts
- Implement account lockout
Lesson 3: Checking Risk Continuously
Review the AM tools used to check the risk level of requests continuously:
- Introduce continuous contextual authorization
- Describe step-up authentication
- Implement step-up authentication flow
- Describe transactional authorization
- Implement transactional authorization
- Prevent users from bypassing the default tree
Chapter 3: Extending Services Using OAuth2-Based Protocols
Implement OAuth2 based protocols; namely, OAuth2 and OIDC, to enable low-level devices and mobile applications to make requests that access resources belonging to a subscriber. AM can be configured to function as an OIDC client and delegate authentication to social media OIDC providers.
Lesson 1: Integrating Applications With OAuth2
Integrate clients using OAuth2 by demonstrating the use of the OAuth2 Device Code grant type flow with AM configured as the OAuth2 authorization server:
- Discuss OAuth2 concepts
- Describe OAuth2 tokens and codes
- Describe refresh tokens, macaroons, and token modification
- Request OAuth2 access tokens with OAuth2 grant types
- Explain OAuth2 scopes and consent
- Configure OAuth2 in AM
- Configure AM as an OAuth2 provider
- Configure AM with an OAuth2 client
- Test the OAuth2 Device Code grant type flow
Lesson 2: Integrating Applications With OIDC
Integrate an application using OIDC and the Authorization grant type flow with AM as an OIDC provider:
- Introduce OIDC
- Describe OIDC tokens
- Explain OIDC scopes and claims
- List OIDC grant types
- Create and use an OIDC script
- Create an OIDC claims script
- Register an OIDC client and configure the OAuth2 Provider settings
- Test the OIDC Authorization Code grant type flow
Lesson 3: Authenticating OAuth2 Clients and using mTLS in OAuth2 for PoP
Authenticate OAuth2 clients with AM using various approaches and obtain certificate-bound access tokens using mutual TLS (mTLS) to prove token possession:
- Examine OAuth2 client authentication
- Examine OAuth2 client authentication using JSON Web Token (JWT) profiles
- Examine OAuth2 client authentication using mTLS
- Authenticate an OAuth2 client using mTLS
- Examine certificate-bound proof-of-possession (PoP) when mTLS is configured
- Obtain a certificate-bound access token
Lesson 4: Transforming OAuth2 Tokens
Request and obtain security tokens from an OAuth2 authorization server, including security tokens that employ impersonation and delegation semantics:
- Describe OAuth2 token exchange
- Explain token exchange types and purpose for exchange
- Describe token scopes and claims
- Implement a token exchange impersonation pattern
- Implement a token exchange delegation pattern
- Configure token exchange in AM
- Configure AM for token exchange
- Test token exchange flows
Lesson 5: (Optional) Implementing Social Authentication
Provide a way for users to register and authenticate to AM using a social account:
- Delegate registration and authentication to social media providers
- Implement social registration and authentication with Google
Chapter 4: Federating Across Entities Using SAML2
Demonstrate federation across entities using SAML2 with AM.
Lesson 1: Implementing SSO Using SAML2
Demonstrate single sign-on (SSO) functionality across organizational boundaries:
- Discuss SAML2 entities and profiles
- Explain the SAML2 flow from the identity provider (IdP) point of view
- Examine SSO across service providers (SPs)
- Configure AM as an IdP and integrate with third-party SPs
- Examine SSO between SP and IdP and across SPs
Lesson 2: Delegating Authentication Using SAML2
Delegate authentication to a third-party IdP using SAML2 and examine the metadata:
- Explain the SSO flow from the SP point of view
- Describe the metadata content and purpose
- Configure AM as a SAML2 SP and integrate with a third-party IdP
Chapter 5: Installing and deploying AM
Install a new AM instance configured with external directory server data stores as the foundation for an AM cluster, modify the AM configuration to harden security, upgrade an AM instance to a new version, and deploy the ForgeRock® Identity Platform (Identity Platform) to the Google Cloud Platform (GCP).
Lesson 1: Installing and Upgrading AM
Install AM using interactive and command-line methods creating the foundations for a cluster topology, and upgrade an AM 7.0.1 instance to AM 7.1:
- Plan deployment configurations
- Prepare before installing AM
- Deploy AM
- Outline tasks and methods to install AM
- Install AM with the web wizard
- Install AM and manage configuration with Amster
- Describe the AM bootstrap process
- Install an AM instance with the web wizard
- Install Amster
- Upgrade an AM instance
- Upgrade AM with the web wizard
- (Optional) Upgrade AM with the configuration tool
Lesson 2: Hardening AM Security
Explore a few default configuration and security settings that need to be modified before migrating to a production-ready solution:
- Harden AM security
- Adjust Default Settings
- Harden AM security
- Describe secrets, certificates, and keys
- Describe keystores and secret stores
- Manage the AM keystore
- Configure and manage secret stores
- Configure an HSM secret store to sign OIDC ID token
- Audit logging
- Debug and monitoring tools
Lesson 3: Clustering AM
Create an AM cluster with a second AM instance added to the first AM instance that has already been installed:
- Explore high availability solutions
- Scale AM deployments
- Describe AM cluster concepts
- Create an AM cluster
- Identify tuning tips for AM clusters
- Prepare the initial AM cluster
- Install another AM server in the cluster
- Test AM cluster failover scenarios
- (Optional) Modify the cluster to use client-based sessions
Lesson 4: Deploying the Identity Platform to the Cloud
Deploy the Identity Platform into a cluster in a Google Kubernetes Environment (GKE):
- Describe the Identity Platform
- Prepare Your Deployment Environment
- Deploy and access the Identity Platform
- Access an authenticate your GCP account
- Prepare to deploy the Identity Platform
- Deploy the Identity Platform with the Cloud Development Kit (CDK)
- Remove the Identity Platform deployment

Course Overview
This course provides a hands-on technical introduction to ForgeRock® Access Management (AM) APIs and customization use cases. Students examine AM extension points and gain the skills required to extend and integrate an AM deployment in a real-world context. Development best practices are demonstrated in a series of labs.
Note that Revision B.2 of this course is built on version 6.5.2 of AM.
Duration – 5 Days
Who Can Benefit
The following are the target audiences for this course:
- Application Developers, adapting client applications to use AM capabilities
- Software Developers, extending and integrating AM services for their organizations
- System Consultants
- System Architects
Skills Gained
Upon completion of this course, you should be able to:
- List the extension points of AM
- List which customizable components are affected in common AM use cases
- Understand the basic concepts of scripting
- Use the administration interface to look up, edit, and configure scripts
- Describe how AM performs authentication
- Review authentication nodes and authentication trees
- Design and implement a custom authentication node
- Describe how scripted authentication works
- Explore how client-side scripts are used with authentication nodes and trees
- Describe how server-side scripted authentication operates with authentication nodes and trees
- Use the administration interface to create and test authentication trees containing scripted nodes
- Discuss the policy concepts in AM
- Implement an EntitlementCondition or a scripted condition
- Describe the ForgeRock® Common REST API (Common REST)
- Enable Cross-Origin Resource Sharing (CORS) in AM
- Authenticate users through the REST API
- Manage identities and realms through the REST API
- Implement password reset and user self-registration by using the REST API
- Query the list of dashboard applications through the REST API
- Use the policy engine to protect non-URL-based resources
- Describe the policy management and evaluation REST APIs
- Describe OAuth 2.0 and OpenID Connect, including how to use their HTTP endpoints
- Demonstrate scope validation and customize the default behavior
- Explain the basic concepts of user-managed access (UMA)
- Configure AM as an UMA authorization server
- Manage UMA resource sets
- Demonstrate how to customize the UMA workflow
Prerequisites
The following are prerequisites to successfully completing this course:
- Basic knowledge and skills using the Linux operating system to complete labs
- Knowledge of JSON, JavaScript, AngularJS, REST, Java, Groovy, and XML is important for mastering understanding of material and examples
- Basic knowledge of LDAP may be helpful for understanding code and some examples
Course Details
ForgeRock Identity Management Training Courses

Course Overview
Learn how to install and deploy ForgeRock® Identity Management (IDM) in an on-prem or self-managed cloud environment to manage the lifecycle and relationship of digital identities. Topics include how to model identity objects in IDM, create connector configurations and synchronization mappings to manage the flow identity objects and properties with various external identity resources, manage workflows, and deploy IDM within a cluster. This course explores the identity management-related features in-depth, how they work, and the configuration options available during implementation.
Duration – 5 Days
Who Can Benefit
The target audiences for this course include:
- System Administrators
- System Integrators
- System Consultants
- System Architects
- System Developers
Skills Gained
Upon completion of this course, you should be able to:
- Model identity objects, their identity properties, and the relationships between objects, onto existing or new managed objects within IDM
- Create and configure connections between external resources and IDM
- Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store
- Use the sample workflows included with IDM to learn how to introduce business logic into the provisioning process
- Install and deploy IDM in an on-prem or cloud provider Linux environment
Prerequisites
The following are the prerequisites for successfully completing this course:
- Completion of the ForgeRock® Identity Management Essentials course
- Basic knowledge and skills using the Linux operating system will be required to complete the labs.
- Basic knowledge of JSON, JavaScript, REST, Java, Groovy, SQL and LDAP would be helpful for understanding the examples; however, programming experience is not required.
Course Details
Chapter 1: Modeling Objects and Identities
Model identity objects, their identity properties, and the relationships between objects, onto existing or new managed objects within IDM.
Lesson 1: Modeling an Identity Profile
Learn about the different object types in IDM, and how you can model a custom identity profile onto a managed object in IDM:
- Describe an IDM deployment and the UIs
- Access and explore the IDM deployment and UIs
- Review the IDM documentation
- Describe the different object types in IDM
- Map an identity object to a managed object
- Describe how to model a managed user object
- Model a managed user object in IDM
- Describe how to create a new device managed object
- Create a new device managed object
Lesson 2: Querying IDM Objects
Use the IDM REST interface to query IDM objects:
- Describe how to query objects using the REST interface
- Configure Postman to query IDM
- Query IDM objects using Postman
Lesson 3: Managing Relationships
Create and manage the relationship between managed objects:
- Describe the purpose of relationships
- Create and query an object relationship
- Describe the visualization of relationships
- Create a dashboard to visualize relationships (optional)
- Describe the relationship properties
- Describe how relationships are configured
- Create a new relationship between managed user objects (optional)
- Describe the relationship between device managed objects and user managed objects
- Set up a relationship between device managed objects and user managed objects
Lesson 4: Managing Organizations
Set up managed organizations to delegate user administration based on the owner of hierarchical trees:
- Describe the roles and privileges within an organization
- Implement the organization example (optional)
Chapter 2: Managing Connectors
Create and configure connections between external resources and IDM.
Lesson 1: Configuring Connectors With the IDM Admin UI
- Describe how to connect external resources to IDM
- Describe the process for creating a connector configuration using the IDM Admin UI
- Add a connector configuration for an external LDAP resource
- Describe how to add a CSV connector configuration
- Add a connector configuration to import device identities
Lesson 2: Configuring Connectors Over REST
- Describe the process for creating a connector configuration over REST
- Describe the core connector configuration settings
- Describe the object types and property mappings
- Generate a full connector configuration JSON object over REST (optional)
Lesson 3: Connecting to Databases
Describe the ICF connectors for connecting to databases, and how to create connector configurations to access identity data stored in SQL databases:
- Describe how to use the Database Table Connector
- Configure the Database Table Connector (optional)
- Describe how to use the Scripted SQL Connector
- Create a scripted SQL connector configuration (optional)
Lesson 4: Connecting to External Resources Using a Scripted REST Connector Configuration
- Describe the use cases for using a scripted REST connector
- Connect to DS using the scripted REST connector (optional)
Chapter 3: Managing Synchronization and Reconciliation
Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store.
Lesson 1: Performing Basic Synchronization
Describe how to use the IDM Admin UI to create sync mappings to reconcile identities between IDM and an external resource:
- Describe how to create mappings to synchronize identity objects and properties
- Describe how to create a sync mapping from IDM to an external resource
- Describe how to add source and target properties to the sync mapping
- Describe how to add a correlation query and a situational event script
- Describe how to set the situational behaviors and run reconciliation
- Add a sync mapping from IDM to an LDAP server
- Describe the sync mapping from an LDAP server to IDM
- Add a sync mapping from an LDAP server to IDM
- Describe how to create a sync mapping to provision devices to the IDM repository
- Create a sync mapping to provision devices to the IDM repository (optional)
Lesson 2: Running Selective Synchronization and LiveSync
Filter objects that are synchronized and automate synchronization using LiveSync:
- Describe the different methods that you can use to filter entries
- Run selective synchronization using filters
- Describe how to use LiveSync to synchronize changes
- Trigger LiveSync on a connector
- Describe how to schedule LiveSync
- Schedule LiveSync with an external resource
- Describe how to control synchronization to multiple targets
Lesson 3: Configuring Role-Based Provisioning
Automatically provision users to a set of LDAP groups based on role membership:
- Describe how to provision attributes to a target system based on static role assignments
- Describe the steps to enable role-based provisioning
- Query the role assignment properties using the REST interface
- Provision attributes to a target resource based on static role assignments
- Describe how to provision attributes to a target system based on dynamic role assignments
- Provision attributes to a target resource based on dynamic role assignments
- Describe how to add temporal constraints to a role
- Add temporal constraints to a role
Chapter 4: Getting Started With Workflow
Use the sample workflows included with IDM to learn how to introduce business logic into the provisioning process.
Lesson 1: Deploying and Starting a Workflow
Enable the workflow engine in IDM and deploy a sample workflow to learn how to manage workflow tasks and processes in the IDM Admin UI, IDM End User UI, and REST interface:
- Describe use cases for workflows
- Prepare IDM to run the sample workflow
- Run the sample workflow
- Describe how workflows are implemented
- Describe workflow related tasks
- Describe workflow instances
- Enable the workflow service and examine a sample workflow
Lesson 2: Deploying and Creating a Workflow
Examine, deploy, change, and start the contractor onboarding workflow process that provisions a new user:
- Describe the structure of workflow files
- Describe how to model workflows
- Examine the Flowable UI
- Examine the contractor onboarding workflow
- Describe how to use forms in workflows
- Examine a manual interaction form
- Create and deploy a simple workflow
- Create and deploy a new workflow from scratch
- Describe how to start an approval workflow
- Call a workflow from a sync mapping
Chapter 5: Installing and Deploying IDM
Install and deploy IDM in an on-prem or cloud provider Linux environment.
Lesson 1: Installing IDM
Install a stand-alone IDM instance for development and testing the IDM sample configurations:
- Describe the basic IDM installation requirements
- Describe how to install and start IDM
- Install and start IDM (optional)
- Describe how to start IDM with a sample
- Start IDM with a sample configuration (optional)
- Describe how to configure IDM to run as a background process or service
- Configure IDM to run as a background process (optional)
Lesson 2: Deploying IDM in a Cluster
Deploy multiple IDM instances in a cluster:
- Describe deploying IDM in a cluster
- Describe how to manage nodes in a cluster
- Add an IDM instance to a cluster
Lesson 3: Monitoring and Troubleshooting
Describe how to set up monitoring and perform basic troubleshooting:
- Describe the monitoring options available for IDM
- Set up monitoring in IDM
- Describe the different IDM log files
- Examine the different log files in IDM (optional)
- Describe the additional help troubleshooting outside of IDM
- Get additional help troubleshooting outside of IDM (optional)
Lesson 4: Implementing Explicit Mapping
Explore the differences between generic and explicit mapping, and implement each in an external ForgeRock® Directory Service (DS) and JDBC repository:
- Describe the differences between generic and explicit mapping
- Describe how to implement explicit mapping with a JDBC repository
- Implement generic mappings with a JDBC repository
- Implement explicit mappings with a JDBC repository
- Describe how to implement explicit mappings with a DS repository
- Implement explicit mappings with a DS repository
Lesson 5: Managing IDM in a Cluster
Manage IDM in a cluster environment:
- Describe how to distribute reconciliation operations across a cluster
- Enable clustered reconciliation on a sync mapping
- Schedule tasks across the cluster
- Review sizing and scaling resources
Lesson 6: Delegating Administration
Delegate the administrative privileges to a group of managed users for managing end user identities in IDM:
- Describe how to set up delegated administration
- Describe the privilege model
- Add a new internal role and set up privileges to delegate administration
Lesson 7: Upgrading IDM
Upgrade an IDM instance:
- Describe how to upgrade a stand-alone IDM instance
- Describe how to migrate an IDM configuration
- Describe how to update the IDM repository
- Describe how to migrate IDM data
- Describe how to upgrade a cluster deployment
- Upgrade a stand-alone IDM instance
ForgeRock Directory Services Training Courses

Course Overview
This course takes students from a high-level understanding of how the ForgeRock® Directory Services (DS) works to a fully functional directory deployment, where they learn how to implement the many features of DS. It provides students with the knowledge and concepts necessary to successfully manage their own deployment. It is accepted that this course is not able to demonstrate all the features and capabilities of DS.
Duration – 5 Days
Who Can Benefit
The target audiences for this course include:
- ForgeRock Directory Service Administrators
- ForgeRock Access Management Administrators
- ForgeRock Identity Management Administrators
- System Integrators
- System Consultants
- System Architects
- System Developers
Skills Gained
Upon completion of this course, you should be able to:
- Provide a technical introduction to the infrastructure, concepts, features, and components of DS.
- Create and manage data stores, measure performance, and troubleshoot directory servers
Prerequisites
The following are the prerequisites to successfully completing this course:
- Knowledge of UNIX/Linux commands.
- A basic understanding of how directory servers function.
- A basic understanding of REST and HTTP.
- A basic knowledge of Java based environments would be beneficial, but no programming experience is required.
- Completion of the ForgeRock® Product Essentials courses for Directory Services, Access Management, and Identity
Course Details
Chapter 1: Accessing Directory Services
A technical introduction to the infrastructure, concepts, features, and components of DS.
Lesson 1: Introducing ForgeRock Directory Services
Explore DS components and understand the LDAP data model:
- Describe ForgeRock Directory Services
Lesson 2: Interacting With Directory Servers
Access directory servers and perform operations over LDAP and HTTP:
- Send LDAP requests
- Prepare the lab environment
- Perform LDAP operations
- Introduce REST to LDAP
- Explore the API configuration
- Configure REST access
- Explain common REST operations
- Use the REST API to manage directory data
Chapter 2: Maintaining Directory Servers
Create and manage data stores, measure performance, and troubleshoot directory servers.
Lesson 1: Managing the Configuration
Locate the DS configuration data and use directory server tools to manage configuration data:
- Explore configuration data
- Prepare the lab environment
- Explore the configuration and manage the server state
- Manage data stores
- Configure backends
- Manage indexes
- Configure indexes
Lesson 2: Populating Data Stores
Customise directory server schema to add custom attributes, and then import entries to populate a data store:
- Extend the schema
- Implement custom schema
- Import entries
- Populate a backend data store
- Manage virtual attributes
- Configure virtual attributes
Lesson 3: Protecting DS Data
Understand DS security features, implement access control, manage password policies, and delegate administration:
- Describe security features
- Replace server certificates
- Describe access control
- Configure access control
- Delegate administration
- Configure delegated administration
- Explore password policies
- Configure password policies
Lesson 4: Backing Up and Restoring Data
Back up and restore directory server data:
- Explain how to back up and restore data
- Back up and restore data
Lesson 5: Measuring Performance
Understand performance requirements and settings that may be tuned to improve directory server performance:
- Explain settings that affect performance
- Tune the JE DB cache and generate performance tests
Lesson 6: Troubleshooting
Configure log files, collect troubleshooting data for ForgeRock Support, and monitor a DS deployment with Prometheus and Grafana:
- Explore log files
- Manage log files
- Explain how to collect data for support
- Collect data for support
- Monitor a DS deployment
- Observe monitoring metrics
Chapter 3: Deploying Directory Services
Understand how to deploy directory servers, and directory proxy servers, manage replication, upgrade DS servers, and configure the DS password synchronization plugin.
Lesson 1: Installing Directory Servers
Install directory servers for custom and ForgeRock® Identity Platform (Identity Platform) product deployments:
- Prepare for a directory server installation
- Prepare the lab environment
- Install a directory server
- Prepare directory servers for Identity Platform installations
- Prepare directory servers for ForgeRock® Access Management (AM)
- Set up a directory server as a ForgeRock® Identity Management (IDM) repository
- Optional Synchronize passwords with IDM
- Optional Synchronize DS passwords with IDM
Lesson 2: Replicating Data
Implement high availability for directory servers and maintain, monitor, and restore a replicated directory server topology:
- Plan for replication
- Install a replicated topology
- Monitor and maintain a replicated topology
- Monitor replication
Lesson 3: Upgrading DS Servers
Prepare for and perform an upgrade of directory servers in a DS 6.5.5 replicated topology to version DS 7.2:
- Describe upgrade options
- Upgrade DS 6 servers to DS 7
Lesson 4: Installing Directory Proxy
Understand the role of directory proxy (DP) servers and install DP servers to provide a single point of entry to directory servers:
- Introduce DP servers
- Install DP servers
- Provide a single point of access to replicas
ForgeRock Identity Gateway Training Courses

Course Overview
The ForgeRock® Identity Gateway Core Concepts course is for students who want to examine core concepts and implement key use cases and features of ForgeRock Identity Gateway (IG) to help extend access to and protect web applications, legacy applications, and application programming interfaces (APIs), within an access management solution.
This course comprises a mix of instructor-led lessons and demonstrations with plenty of lab exercises to ensure an opportunity to fully understand each of the topics covered. It provides students with the necessary skills to plan, install, configure, and administer an IG deployment. The main goal of the course is to provide a thorough understanding of, and hands-on experience with IG, so students can control the most important functions of and manage a successful production deployment.
Note that Revision B of this course is built on version 6.5 of ForgeRock Identity Gateway.
Duration – 4 Days
Who Can Benefit
The following are the target audiences for this course:
- System Integrators
- System Consultants
- System Architects
- System Administrators
- Web Developers
Skills Gained
Upon completion of this course, you should be able to:
- Describe the role and use cases where IG fits within a ForgeRock Identity Platform™ solution, the basic concepts of IG, and how to perform a basic installation and configuration of IG.
- Use IG to protect a legacy application.
- Configure agentless single sign-on with IG, where authentication can be delegated to AM, including cross-domain, to an OIDC provider, or to a SAML2 Identity provider.
- Extend IG to support the retrieval of user profile attributes.
- Use IG as a policy enforcement point to protect a given web application, where AM is the policy decision point, and configure authentication step-up and transactional authorization.
- Protect a REST API using OAuth2-based solutions.
- Extend the solution using scripting.
- Prepare for production of an IG project by addressing maintenance, tuning, security, and deployment questions.
Prerequisites
The following are the prerequisites to successfully completing this course:
- Basic knowledge and skills using the Linux operating system to complete labs
- Basic knowledge of HTTP and communications between clients and web applications is critical to understanding and working with IG
- Basic knowledge of JSON, JavaScript, REST, Java, Groovy, SQL, and XML helpful in understanding examples, especially Groovy for scripting within IG
- Attendance at AM400 ForgeRock Access Management Core Concepts course or equivalent knowledge
Course Details
Chapter 1: Integrating a web site and a legacy application with IG
Describe the role and use cases where IG fits within a ForgeRock Identity Platform solution, basic concepts of IG, and how to perform a basic installation and configuration of IG.
Lesson 1: Introducing ForgeRock Identity Gateway
- Provide an overview of IG
- Discuss IG use cases
- Present IG features
Lesson 2: Fronting a website with IG
- Show how IG acts as a reverse proxy
- Discuss proxying WebSocket traffic
- Describe installation requirements and install IG
- Use IG Studio to protect a website
- Examine IG configuration structure
Lesson 3: Routing and processing requests and responses
- Understand how IG routes requests depending on external conditions
- Describe how Handlers direct requests and responses within a route
- Explain how filters process requests and responses
- Implement password replay
Lesson 4: Understanding IG object model and logging
- Understand the IG object model
- Examine request, response, context, and session
- Use a CaptureDecorator to perform logging
- Configure the FileAttributesFilter
Chapter 2: Configuring Agentless Single Sign-On
Demonstrate how to integrate single sign-on in an IG solution by delegating authentication to either an AM solution, including cross-domain, an OIDC provider, or a SAML2 Identity provider.
Lesson 1: Implementing authentication with the SingleSignOnFilter
- Use Freeform technology preview to protect a website
- Configure an AM Service
- Describe the use of the SingleSignOnFilter
- Retrieve information from AM using the UserProfileFilter and SessionInfoFilter
Lesson 2: Configuring CDSSO for the legacy application
- Describe and implement a CrossDomainSingleSignOnFilter
Lesson 3: Performing SSO with IG as an OpenID Connect relying party
- Describe and implement an OAuth2ClientFilter
Lesson 4: Providing SSO with IG as a SAML2 service provider
- Describe and implement a SAML2FederationHandler
- Describe and implement a DispatchHandler
Chapter 3: Controlling access with IG as Policy Enforcement Point
Use IG as a policy enforcement point to protect a given web application, where AM is the policy decision point, using policies and policies with advice to provide authentication step-up and transactional authorization.
Lesson 1: Implementing authorization with a PolicyEnforcementFilter
- Describe and implement a PolicyEnforcementFilter
Lesson 2: Providing step-up authentication and transactional authorization
- Describe and implement step-up authentication
- Describe and implement transactional authorization
Chapter 4: Protecting a REST API
Use IG as an OAuth2 resource server to protect a REST API and demonstrate how the solution can be extended by using scripting
Lesson 1: Configuring IG as an OAuth2 resource server
- Describe and implement an OAuth2ResourceServerFilter
- List access token resolvers
- Observe the flow with the TokenIntrospectionAccessTokenResolver
Lesson 2: Extending functionality with scripts
- Describe the scripting framework for extending IG functionality
- Examine and implement dynamic scopes solution
Chapter 5: Preparing for production with IG
Highlight various areas that must be taken into account when preparing to go to production with an IG solution, such as maintenance, tuning, security, and deployment.
Lesson 1: Auditing, monitoring, and tuning an IG solution
- Describe and implement auditing
- Discuss monitoring
- Examine tuning questions
Lesson 2: Developing awareness of security questions with IG
- Discuss IG best practices regarding security
- Examine and implement common secrets
- Describe and implement throttling
Lesson 3: Deploying IG
- Describe and implement property value substitution
- Set up multiple IG instances
ForgeRock DevOps Training Courses

Course Overview
his expert-led workshop guides students through the deployment of the ForgeRock Identity Platform™ (the Platform) on a Kubernetes cluster running in Google Kubernetes Environment (GKE).
The workshop initially describes how to use the ForgeRock Cloud Developer’s Kit (CDK) to deploy a sample configuration of the Platform, which includes ForgeRock® Access Management (AM) and ForgeRock® Identity Management (IDM), which share ForgeRock® Directory Service (DS) as an identity store.
The CDK is used to configure the Platform and redeploy the updated configuration in an existing Kubernetes cluster.
Students then create a new cluster deploy the Platform by following the Cloud Deployment Model (CDM). Monitoring add-ons tools are included with the CDM example. The skills gained by performing deployments with the CDK and CDM reference examples, help you identify the Kubernetes cluster and the Platform configuration requirements needed for preparation to move deployments into other environments, such as test and production.
The last chapter of the workshop explores the challenges of migrating an existing on-prem ForgeRock deployment to Kubernetes.
This workshop uses the ForgeRock DevOps documentation set as a reference for the hands-on labs.
Also, it is important that you have already successfully completed the relevant ForgeRock Core Concepts courses before attending this workshop. It is beneficial that you also have experience working with DevOps technology such as Kubernetes, Skaffold, Kustomize, Git, among other related tools.
Duration – 3 Days
Who Can Benefit
The target audiences for this course include:
- Developers who customize and deploy ForgeRock® Access Management (AM), ForgeRock® Directory Server (DS), and ForgeRock® Identity Management (IDM) components.
- Deployment engineers who routinely set up Kubernetes clusters and deploy integrated software in the cloud.
- Site engineers who configure the Kubernetes cluster and who launch the Platform into production.
Skills Gained
Upon completion of this course, you should be able to:
- Introduce the ForgeOps toolset and documentation, get familiar with DevOps tools and deploy the ForgeRock® Identity Platform (Identity Platform) using the Cloud Deployment Kit (CDK)
- Configure the ForgeRock® Identity Platform (Identity Platform) using the Cloud Deployment Model (CDM)
- Use the provided ForgeRock scripts to add monitoring, run benchmarks, and explore the backup and restore tools for the ForgeRock® Identity Platform (Identity Platform). Build your custom base Docker images. Manage Secrets
- Migrate the FEC Portal sample application to Kubernetes
Prerequisites
The following are the prerequisites for successfully completing this course:
- Successful completion of the ForgeRock University core concepts courses:
- Knowledge of Linux, working in a Linux environment, using the command-line, and knowledge of shell scripting is expected.
- DevOps experience and experience with Kubernetes and Docker are recommended.
Course Details
Chapter 1: Introducing ForgeRock DevOps and the CDK
Introduce the ForgeOps toolset and documentation, get familiar with DevOps tools and deploy the ForgeRock® Identity Platform (Identity Platform) using the Cloud Deployment Kit (CDK).
Lesson 1: Introducing ForgeRock DevOps Documentation and Examples
Introduce the Identity Platform, describe how to use the ForgeRock DevOps documentation to deploy the Identity Platform to a shared cluster, and introduce the DevOps techniques and tools required for a successful deployment:
- Describe the Identity Platform and related DevOps techniques for deploying the Identity Platform to Kubernetes
- Access your CloudShare lab environment and developer desktop
- Access your associated GCP account for deploying the Identity Platform
- Describe the ForgeRock DevOps documentation and the CDK and CDM methods of deployment
- Describe the DevOps tools for deployment and deploy a simple application to validate the environment
- Deploy a simple application to validate the tools and environment
Lesson 2: Deploying the Identity Platform to GKE using the CDK
Use the DevOps Developer’s Guide: CDK documentation to prepare the Kubernetes cluster, clone the forgeops repository, and deploy the Identity Platform to the Kubernetes cluster running in GKE:
- Prepare your DevOps environment
- Prepare to use an existing cluster for the Identity Platform
- Deploy the Identity Platform to a GKE cluster
- Verify the Identity Platform is deployed and accessible
- Work with basic DevOps commands to explore the Identity Platform
- Remove the Identity Platform deployment and clean up the environment
- Compare deployment of the Identity Platform on other cloud providers
Lesson 3: Troubleshooting When Problems Arise
Provide some troubleshooting tips to help diagnose issues that might occur while performing the hands-on portion of this workshop:
- Approaching troubleshooting of common issues in Kubernetes systematically
- Locating DevOps related troubleshooting references
- Running commands for troubleshooting environment issues
- Running commands for troubleshooting containerization issues
- Running commands for troubleshooting orchestration issues
- Identifying resources for getting additional support
Lesson 4: Deploying the Identity Platform with Custom Docker Images
To build and push Docker images using a private Docker registry to deploy the Identity Platform with customized configurations of ForgeRock® Access Management (AM), ForgeRock® Identity Management (IDM), and ForgeRock® Identity Gateway (IG):
- Navigate the forgeops repository
- Describe data used during deployment of the Identity Platform
- Deploying the Identity Platform using a customized configuration profile
- Deploy the Identity Platform using a customized configuration profile
- Describe how to work with Kubernetes manifests and objects
- Describe how to use Kustomize overlays to modify Kubernetes objects
- Use Kustomize overlays to modify deployment configurations
Chapter 2: Working with the CDM
Configure the ForgeRock® Identity Platform (Identity Platform) using the Cloud Deployment Model (CDM).
Lesson 1: Managing Multiple Deployment Environments
Plan and prepare for moving the Identity Platform Cloud Deployment Model (CDM)-based deployment from the development or Proof of Concept (PoC) stage into a test, and ultimately a production environment:
- Manage multiple environments with Skaffold profiles and Kustomize
- Prepare for deployment to multiple environments
- Move from development to other environments using Property Value Substitution
Lesson 2: Preparing Your Environment for Deployment Based on the CDM
Explain the CDM, describe the requirements for setting up your deployment environment on GKE for the CDM, and deploy a new cluster based on one of the CDM configuration samples:
- Describe the CDM
- Describe the requirements for creating and setting up the deployment environment for the CDM
- Create a Kubernetes cluster
- Deploy the Secret Agent Operator
- Deploy an ingress controller on the cluster
- Deploy the certificate manager on the cluster
- Deploy the monitoring tools on a cluster
- Set up your local environment to push Docker images
Lesson 3: Deploying the CDM
Deploy the Identity Platform using the CDM “small” profile:
- Deploy the CDM
Chapter 3: Building a Staging Environment
Use the provided ForgeRock scripts to add monitoring, run benchmarks, and explore the backup and restore tools for the ForgeRock® Identity Platform (Identity Platform). Build your custom base Docker images. Manage Secrets.
Lesson 1: Monitoring and Benchmarking Your Deployment
Deploy the Prometheus and Grafana monitoring tools within your deployed cluster and monitor your Kubernetes deployment objects and Identity Platform components. Generate test load and benchmark the deployment (optional):
- Describe the monitoring infrastructure for the CDM
- Deploy the monitoring tools on a cluster
- Monitor the CDM deployment
- Benchmark the CDM deployment for monitoring (optional)
Lesson 2: Backing Up and Restoring the Identity Platform
Describe how to back up and restore the Identity Platform on a Kubernetes cluster:
- Describe backup and restore with CDM
- Enable scheduled backups, initiate a backup, and export user data
Lesson 3: Building Your Own Base Docker Images
Build your own base Docker image and reference it in the related product’s Dockerfile for a CDK or CDM deployment of the Identity Platform with your customizations:
- Overview of building custom base Docker images
- Prepare ForgeRock software for your own base Docker images
- Create your own base Docker images
- Deploy your own base Docker images
Lesson 3: Handling Secrets
Describe and handle secrets for securing access to components deployed with your configuration of the Identity Platform:
- Overview of the forgeops secret generation
- Managing secrets
Chapter 4: Migrating an On-Prem Deployment to Kubernetes
Migrate the FEC Portal sample application to Kubernetes.
Lesson 1: General Considerations
Discuss how to migrate an existing, on-prem deployment to Kubernetes, learn about planning the migration, and securing a production environment:
- Plan the migration
- Production Considerations
- Prepare your environment
Lesson 2: Migrating an On-Prem DS Configuration to Kubernetes
Discuss how to migrate an existing DS configuration to Kubernetes, and then implement the migration tasks for the given FEC Portal use case:
- Discuss how you can migrate an existing DS configuration to Kubernetes
- Migrate the DS configuration and sample user data using the CDK
Lesson 3: Migrating an On-Prem AM Configuration to Kubernetes
Discuss how to migrate an existing AM configuration to Kubernetes, and then implement the migration tasks for the given FEC Portal use case:
- Discuss how you can migrate an existing AM configuration to Kubernetes
- Migrate an existing AM configuration to Kubernetes
- Discuss how to customize the AM web application
- Customize the AM web application during deployment
Lesson 3: Migrating an On-Prem IDM Configuration to Kubernetes
Discuss how to migrate a previous IDM deployment to Kubernetes and implement the migration tasks for the given FEC Portal use case:
- Discuss how you can migrate an existing IDM configuration to Kubernetes
- Migrate the configuration from an on-prem IDM to the CDK
- Migrate identity data from a previous version of IDM to Kubernetes
ForgeRock Identity Cloud Training Courses

Course Overview
This course takes students from a high-level understanding of how ForgeRock® Identity Cloud (Identity Cloud) works, through the various online resources available to them, to a fully functional hands-on development environment, where they learn how to implement the many features of Identity Cloud in a training environment. Students take real-world use cases and implement them in a provided live Identity Cloud environment, where they learn the concepts and tasks necessary to successfully manage identities, applications, and user journeys in their own Identity Cloud.
Duration – 3 Days
Who Can Benefit
The target audiences for this course include:
- ForgeRock Identity Cloud Administrators
- Technical users new to ForgeRock Identity Cloud and other ForgeRock products
- Those new to Identity Cloud and considering taking the certification exam
Skills Gained
Upon completion of this course, you should be able to:
- Describe the benefits and features of Identity Cloud, understand how to access an Identity Cloud tenant and your CloudShare lab environment
- Manage the onboarding of users through self-service, importing bulk identities, and synchronizing identities between Identity Cloud and external resources
- Create new user journeys to support how end users authenticate and perform self-service with Identity Cloud
- Integrate application client profiles and gateway profiles into Identity Cloud to support external applications accessing Identity Cloud for identity and access management services
- Manage federation to let employees with credentials stored in a remote Active Directory data store access services in Identity Cloud
Prerequisites
The following are the prerequisites for successfully completing this course:
- Completion of the ForgeRock Product Essentials courses
- ForgeRock® Access Management Essentials
- ForgeRock® Identity Management Essentials
- ForgeRock® Identity Gateway Essentials
- ForgeRock® Directory Services Essentials
Course Details
Chapter 1: Introducing Identity Cloud
Describe the benefits and features of Identity Cloud, understand how to access an Identity Cloud tenant and your CloudShare lab environment.
Lesson 1: Introducing ForgeRock Identity Cloud
Provide an overview of Identity Cloud, starting with what students should already know about it, and relate it to their job role, and the tasks they need to perform to support the business requirements supported by Identity Cloud:
- Describe Identity Cloud
- Describe the top ten customer business requirements
- Describe Identity Cloud onboarding services
Lesson 2: Getting Access to Identity Cloud
Describe the onboarding process or procedure for getting access to Identity Cloud:
- Describe the tenant registration process
- Describe the Identity Cloud Admin UI
Lesson 3: Accessing Your CloudShare Lab Environment
A short lesson to introduce and access the CloudShare lab environment:
- Describe the CloudShare lab environment
- Log in to your CloudShare lab environment
Chapter 2: Managing User Identities
Manage the onboarding of users through self-service, importing bulk identities, and synchronizing identities between Identity Cloud and external resources.
Lesson 1: Managing Identities
Manage user identities as an Identity Cloud administrator using the Identity Cloud Admin UI, which is an administrative interface to manage your tenant settings. Delegate user management in the End User UI to end users:
- Describe use cases and processes for managing identities
- Manage identities using the Identity Cloud Admin UI
- Set up 2-step verification and configure delegated administration
- Describe use cases and processes for password policy management
- Configure default password policies
Lesson 2: Onboarding Users With Self-Service
Add new users to your tenant through self-registration
- Describe use cases and processes for self-registration
- Create a new user using self-registration
- Describe use cases and processes for managing personal data and consent
- Manage personal data and consent
Lesson 3: Adding Identities with Bulk Import
Bulk import user identities from a CSV file:
- Describe use cases and processes for bulk import
- Add customers to Identity Cloud
- Troubleshoot import failures
Lesson 4: Utilizing Placeholder Attributes
Update and extend the managed user object schema to add properties to a user’s profile:
- Describe use cases and processes for placeholder attributes
- Manage placeholder attributes
Lesson 5: Synchronizing Identities from External Resources
Connect to external resources using a Remote Connector Server, and synchronize identities between Identity Cloud and on-premises resources:
- Describe use cases and processes for synchronizing identities from an external resource
- Configure remote connections between your tenant and external ForgeRock® Directory Services (DS)
- Describe how to synchronize identities
- Synchronize entries between DS and Identity Cloud
- Synchronize entries between Identity Cloud and DS
- Configure remote connections between your tenant and an external AD server
- Synchronize AD entries
- (Optional) Configure a Remote Connector Server cluster
Lesson 6: Managing Provisioning Roles and Assignments
Manage provisioning roles and assignments within the platform to provision attributes to external resources:
- Describe roles and assignment use cases and processes
- Create assignments and provisioning roles
Lesson 7: (Optional) Additional Administration Tasks
Discuss and demonstrate additional tasks that an Identity Cloud administrator should be aware of:
- Describe how to add a custom domain name
- Describe how to access Identity Cloud using REST API endpoints
- Describe how to access platform logs
- Describe how to monitor your environment
Chapter 3: Managing User Journeys
Create new user journeys to support how end users authenticate and perform self-service with Identity Cloud.
Lesson 1: Exploring the User Journeys
Describe the purpose of the preconfigured user journeys included with Identity Cloud, and explore each user journey as an Identity Cloud administrator and an end user:
- Describe the preconfigured user journeys
- View the preconfigured user journeys
- Describe the URLs and realms relationship
- Describe the preconfigured ProgressiveProfile journey
- Collect user preferences upon subsequent logins
- Describe the self-service journeys
- Recover your forgotten username, reset your password, and update your password
Lesson 2: Modifying the User Journeys
Use the journey editor in Identity Cloud to duplicate and modify the default Login user journey:
- Describe the role of authentication nodes and trees within Identity Cloud
- Modify the default Login user journey
- Modify the UI theme for an organization
- Make minor branding changes
- Describe how to modify the preconfigured email templates
- Modify an email template for the ResetPassword and Registration journeys
- Describe how to reference variables from within a script
Lesson 3: Configuring User Self-Service
Configure the self-service features of Identity Cloud to empower end users to independently make changes to their identity, instead of going through a help desk:
- Describe the KBA-related journey
- Configure the KBA questions and set requirements
- Describe the Terms and Conditions-related journey
- Configure and set the Terms and Conditions
Lesson 4: Configuring Social Registration and Authentication
Configure Identity Cloud to let end users register and authenticate new accounts using a social provider:
- Describe steps for configuring social registration and authentication
- Configure a social identity provider for Identity Cloud
- Describe how you can add social registration
- Add social registration to the preconfigured Registration user journey
- Describe how you can add social authentication
- Add social authentication to the preconfigured Login user journey
Chapter 4: Integrating Applications and Gateways
Integrate application client profiles and gateway profiles into Identity Cloud to support external applications accessing Identity Cloud for identity and access management services.
Lesson 1: Defining Applications
Describe the role of an application in Identity Cloud:
- Describe the role of applications in Identity Cloud
- Describe the supported application types
Lesson 2: Adding an Application Client Profile
Add a new application client profile in Identity Cloud for a given ForgeRock® SDK sample application, and validate the application can authenticate with Identity Cloud using the client profile:
- Describe the role of the ForgeRock SDKs within Identity Cloud
- Describe the tasks for adding a browser-based type application
- Add a browser-based type application
- Use an SSO token with a browser-based application
Lesson 3: Integrating Identity Gateway
Add a gateway profile, and supporting application client profile, to integrate ForgeRock® Identity Gateway (Identity Gateway) with Identity Cloud:
- Describe the Identity Cloud with Identity Gateway use cases
- Configure Identity Cloud to validate access tokens from Identity Gateway
- Configure Identity Cloud as an OIDC provider
- Configure Identity Cloud as an SSO authentication server
Chapter 5: Managing Federation
Manage federation to let employees with credentials stored in a remote Active Directory data store access services in Identity Cloud.
Chapter 1: Introducing ForgeRock Identity Cloud
Describe the benefits and features of Identity Cloud and how to access an Identity Cloud tenant as an administrator.
Lesson 1: Introducing Identity Cloud
Provide an overview of Identity Cloud, and the onboarding process:
- Describe Identity Cloud
- Explain Identity Cloud onboarding services
Lesson 2: Getting Access to Identity Cloud
Describe Identity Cloud tenant registration:
- Describe the tenant registration process
- Introduce the Identity Cloud Admin UI
Chapter 2: Managing User Identities
Manage the onboarding of users through self-service, understand managed objects, import identities, and synchronize identities between Identity Cloud and external resources.
Lesson 1: Managing Identities
Manage user identities and invite additional administrators using the Identity Cloud Admin UI, which is an administrative interface to manage your tenant settings:
- Manage user profiles in Identity Cloud
- Manage a user profile in Identity Cloud
- Manage administrators
- Invite a top-level administrator
- Explain UI integration options
- Configure themes for the Alpha and Bravo realms
- Manage password policies
- Configure password policies
Lesson 2: Onboarding Users With Self-Service
Add new users to your tenant through self-registration:
- Describe self-registration
- Register a user
- Describe self-service
- Explore self-service features
Lesson 3: Introducing Organizations
Explain how an organization hierarchical structure can be used to model a brand hierarchy to control access to business applications:
- Explain how to model an organization structure
Lesson 4: Adding Identities With Bulk Import
Bulk import user identities from a CSV file:
- Describe bulk import
- Import customers and employees
Lesson 5: Extending the User Identity Schema
Extend the user identity schema to store and display custom properties:
- Manage placeholder properties
- Customize placeholder properties
- Describe how to use custom attributes
- Add custom attributes
Lesson 6: Synchronizing Identities from External Resources
Connect to external resources using a Remote Connector Server (RCS), and synchronize identities between Identity Cloud and on-prem resources:
- Explain how to connect to external resources
- Configure a connection between Identity Cloud and an external ForgeRock® Directory Services (DS)
- Explain synchronization
- Populate Identity Cloud with DS entries
- Configure bi-directional synchronization
- Populate Identity Cloud with AD users
- Configure an RCS Cluster (optional)
Lesson 7: Managing Provisioning Roles and Assignments
Manage provisioning roles and assignments to dynamically provision attributes to external resources:
- Introduce provisioning roles and assignments
- Create assignments and provisioning roles
Lesson 8: Additional Administration Tasks
Explain additional tasks that an Identity Cloud administrator should be aware of:
- Add a custom domain name
- Introduce Identity Cloud REST APIs
- Explore logs
- Monitor your tenant
- View the Identity Cloud analytics dashboard
- Describe how to manage environment secrets and variables
- Create and call an environment variable
Chapter 3: Managing User Journeys
Manage journeys to support how end users authenticate and perform self-service with Identity Cloud.
Lesson 1: Exploring Default Journeys
Describe the default journeys included with Identity Cloud, and explore self-service journeys as an Identity Cloud administrator and end user:
- Introduce journeys
- Explain self-service journeys
- Explore self-service journeys
Lesson 2: Modifying Journeys
Use the journey editor in Identity Cloud to manage a journey, and understand the use of authentication nodes and email templates in a journey flow:
- Introduce authentication nodes
- Manage journeys
- Group journeys
- Modify the Login journey
- Explore email templates and nodes
- Configure email templates
- Modify an email template
- Describe how to debug a journey
- Enable debug mode on a user journey
Lesson 3: Configuring Self-Service
Configure the self-service features of Identity Cloud to empower end users to independently make changes to their identity, instead of going through a help desk:
- Explore knowledge-based authentication (KBA) options
- Configure self-service to use KBA
- Explain terms and conditions
- Configure terms and conditions
Lesson 4: Configuring Social Registration and Authentication
Configure Identity Cloud to let end users register and authenticate new accounts using a social provider:
- Explain social registration and authentication
- Configure an OAuth 2.0 client for Identity Cloud and configure Google as an identity provider
- Add social registration to the Registration journey
- Add social authentication to the Login journey
Lesson 5: Importing and Exporting Journeys
Import and export user journeys using the Identity Cloud Admin UI:
- Describe how to export and import journeys
- Export and import journeys
Chapter 4: Integrating Applications and Gateways
Integrate application client profiles and gateway profiles into Identity Cloud to support external applications accessing Identity Cloud for identity and access management services.
Lesson 1: Defining Applications
Describe the role of an application in Identity Cloud:
- Describe supported application types
Lesson 2: Adding an Application Client Profile
Add a new application client profile in Identity Cloud for a ForgeRock SDK sample application, and validate the application can authenticate with Identity Cloud using the client profile:
- Explain how the ForgeRock SDKs are used with Identity Cloud
- Add an SPA
- Enable a JavaScript application to use Identity Cloud for authentication
Lesson 3: Integrating Identity Gateway
Show how Identity Gateway can protect an application when it is integrated with Identity Cloud:
- Introduce Identity Gateway
- Integrate Identity Gateway with Identity Cloud
- Integrate the Identity Gateway sample application with Identity Cloud
Chapter 5: Managing Federation
Manage federation to let employees with credentials stored in a remote AD data store access services in Identity Cloud.
Lesson 1: Integrating Third-Party Services using SAML
Integrate Identity Cloud with a third-party provider using SAML v2.0 (SAML) to provide single sign-on services:
- Introduce Federation
- Explain how to configure Identity Cloud as an SP
- Configure Identity Cloud as an SP
- Explain how to configure ADFS as an IdP
- Configure ADFS as an identity provider (IdP)
- Explain how to configure Identity Cloud to use an IdP
- Configure Identity Cloud to use an IdP
Certification
ForgeRock offers world-class certifications designed to validate and recognize IT professionals with the technical capabilities and real-world experience needed to effectively design, deploy, and manage ForgeRock technology based identity solutions. Red Education delivers the complete curriculum of ForgeRock University courses. As ForgeRock’s largest Training Provider in Asia Pacific, EMEA, SAARC & LATAM we offer all courses in our popular Virtual-Instructor-Led-Training option or traditional classroom training.
ForgeRock Certified Access Management Specialist Exam – FRX-AM-CSE
The ForgeRock Certified Access Management Specialist exam is targeted at IT professionals responsible for administering and deploying ForgeRock Access Management solutions. The exam validates your ability to install, configure, administer, troubleshoot and maintain components of ForgeRock Access Management.
- The exam consists of 100 questions that must be completed in 120 minutes.
- Questions are multiple choice.
- You must achieve a minimum score of 53% to pass.
There are several requirements you should meet before attempting the exam:
- Successfully complete the ForgeRock Access Management Deep Dive (AM-410) course
- Successfully complete the ForgeRock Access Management: Customization and APIs (AM-421) course will also be of benefit to exam candidates
- Thorough understanding of AM-410 ForgeRock Access Management Deep Dive, including all Access Management documentation and Knowledge Base articles on Backstage
- 3-6 months of experience installing and configuring ForgeRock Access Management
- Working knowledge of Java based environments
ForgeRock Certified Identity Management Specialist Exam – FRX-IDM-CSE
The ForgeRock Certified Identity Management Specialist exam is targeted at IT professionals responsible for administering and deploying ForgeRock Identity Management solutions. The exam validates your ability to install, configure, administer, troubleshoot and maintain components of ForgeRock Identity Management.
- The exam consists of 100 questions that must be completed in 120 minutes.
- Questions are multiple choice.
- You must achieve a minimum score of 68% to pass.
There are several requirements you should meet before attempting the exam:
- Successfully complete the ForgeRock Identity Management Deep Dive (IDM-420)
- Thorough understanding of IDM-420 ForgeRock Identity Management, including all Identity Management documentation and Knowledge Based articles on Backstage
- 3-6 months of experience installing and configuring ForgeRock Identity Management
- Working knowledge of JSON, JavaScript, REST, Java, Groovy, SQL and LDAP
ForgeRock® Identity Cloud Certified Professional Exam - FRX-IC-CPE
The ForgeRock Identity Cloud Professional exam is for IT professionals responsible for administering deployments of the ForgeRock Identity Cloud. The exam validates your ability to configure, administer, troubleshoot and maintain components of ForgeRock Identity Cloud tenants.
- The exam consists of 60 questions that must be completed in 90 minutes.
- Questions are multiple choice.
- You must achieve a minimum score of 65% to pass.
There are several requirements you should meet before attempting the exam:
- Successfully complete the IC-300 Getting Started with ForgeRock Identity Cloud course
- Thorough understanding of IC-300 Getting Started with ForgeRock Identity Cloud, including all Identity Cloud documentation and Knowledge Base articles on Backstage
- 3-6 months of experience configuring and administering ForgeRock Identity tenants
- Working knowledge of OAuth 2.0, OpenID Connect and SAML v2.0
The exam registration process begins at forgerock.com/university as all ForgeRock certification exams require prior ForgeRock authorization. Once authorized, you will be directed to Pearson VUE to book and pay for your exam. If this is your first time taking a ForgeRock certification exam, please create a new web account using the Candidate ID provided in order to schedule the exam that you have been authorized to take. This is required even if you have taken other certification exams at Pearson VUE and have an existing account.