This page is about the ForgeRock packages available to purchase. Data is from the slides they shared with us extended with email communication.
Text with red colour: Vacuumlabs explanation of what is needed and what is not and why.
Table of Contents
Executive Summary
FR Package | Proposal |
---|---|
Core | YES |
Access Plus | YES |
Identity Plus | NO |
Edge | Only Microservices Capabilities |
Sync | NO |
Autonomous Access | probably (not really a technical dependency, more based on business / risk needs) |
Cloud Support Services | This is a business decision (Platinum?) |
Cloud Onboarding Services | If this is not a recurring cost but a single payment for onboarding (and not astronomical), we may want to go with FLEX. Can we select some items from FLEX or do we have to buy the whole package? |
Identity Cloud
Package Structure
Core
TL;DR: proposal: we do need this package
We need this package since this is the Core.
Access Plus
TL;DR: proposal: we do need this package
We need (at least) these features from the package:
WebAuthN passwordless authentication (if we plan to use public key infrastructure)
Transactional Authorization
Most probably we will need Token transformation & Exchange
Identity Plus
TL;DR: proposal: we do NOT need this package
Delegated Administration Features
Feature | Description | Documentation Links |
---|---|---|
Managed Organizations | Organizations let you give users fine-grained administrative privileges to users based on hierarchical groups. | |
Delegated Administration | Grant role-based, limited access to perform fine-grained administrative tasks on managed objects. |
Managed Organizations link is inaccessible.
We do not need Delegated Administration since we do not plan to use IDM’s user management functions. User management will not be in IDM.
User Privacy and Consent Capabilities
Feature | Description | Documentation Links |
---|---|---|
Profile and Privacy Management Dashboard | Dashboard for managing personal user information. | |
Consent and Preference Management | Configurable user preferences. |
We do not plan to use the End User UI, all user related configuration will be in the mobile app or via backoffice systems.
We do not want to configure consent for self-registration or social registration. Consent (T&C, etc) management is handled by other systems.
Social Identity Capabilities
Registration | User registration with social identity accounts. | |
Attribute Scope Management | Administrators can include any or all scopes available, by social identity provider. |
We do not plan to use social identities.
Edge
TL;DR: proposal: we only need Microservices Security from this package
Identity Gateway Capabilities
Feature | Description | Documentation Links |
---|---|---|
Studio | User interface for rapid development and prototyping. | |
Single Sign-On | Single sign-on in a single domain and across domains. | |
Password Replay | Secure replay of credentials to legacy applications or APIs. | |
Policy Enforcement | Enforcement of centralized authorization policies for applications requiring Access Management. | |
Federation | OpenID Connect 1.0. | |
| OAuth 2.0. | |
| SAML 2.0. | |
| SAML resources for mobile applications. | |
Finance APIs | Support for OAuth 2.0 Mutual TLS and Financial-Grade APIs. | |
WebSocket Protocol | Detection of requests to upgrade from HTTPS to the WebSocket protocol, and creation of a secure, dedicated tunnel to send and receive WebSocket traffic. | |
Throttling | Throttling to limit access to protected applications. |
Our APIs use our own API gateway and since the API will be developed from scratch, we do not need IG’s password replay, policy enforcement, or other features targeted for legacy applications. For now, we do not need federation capabilities either.
Microservices Capabilities
Microgateway | Sidecar-type, container-optimized gateway for securing microservices. | |
Token Validation Microservice | Platform satellite for introspection of stateful and stateless OAuth 2.0 access tokens. |
These are the parts that we most probably need except if we implement our own solution.
Sync
TL;DR: proposal: we do NOT need this package
We do not plan to use identity and access provisioning, FR’s REST API will be used for user creation and credentials update.
Autonomous Access
TL;DR: proposal: we may want this package
Overview: https://www.forgerock.com/platform/autonomous-access
https://www.forgerock.com/resources/view/133270084/solution-brief/fr-autonomous-access-sb.pdf
We may want to use this to add risk assessment capabilities.
Cloud Support Services
TL;DR: This is a business decision
Cloud Onboarding Services
TL;DR: If this is not a recurring cost but a single payment for onboarding, we may want to go with FLEX.
When do we have these Professional Team members? In any of the packages?
Attachments:
Identity Cloud Packages.jpg (image/jpeg)
Identity Cloud Core.jpg (image/jpeg)
Identity Cloud Access Plus.jpg (image/jpeg)
Identity Cloud Identity Plus.jpg (image/jpeg)
Identity Cloud Edge.jpg (image/jpeg)
Identity Cloud Sync.jpg (image/jpeg)
Autonomous Access.jpg (image/jpeg)
Sync-1.jpg (image/jpeg)
Sync-2.jpg (image/jpeg)
AA-1.jpg (image/jpeg)
AA-2.jpg (image/jpeg)
AA-3.jpg (image/jpeg)
Cloud Support Services.jpg (image/jpeg)
Cloud Onboarding Serivces.jpg (image/jpeg)
OS-1.jpg (image/jpeg)
OS-2.jpg (image/jpeg)