Access Management 7.3.1

Prepare external stores

You need at least one DS server to store AM data. AM has several distinct data types; for example, configuration data, information about identities, client applications, policies, sessions, and so on.

Apart from identity data, AM stores all data after the installation process in its configuration store. This keeps basic deployments simple.

For advanced and high-load deployments, you can configure different sets of replicated DS servers to keep distinct data types separate and to tune DS for different requirements.

AM supports following DS data stores:

Store name Type of data Required during installation?

Configuration store

Stores the properties and settings used by the AM instance.

Yes

Identity or user store

Stores identity profiles; that is, information about the users, devices, or things that authenticate to your systems. You can also configure AM to access existing directory servers to obtain identity profiles.

No, but you can configure one during the installation process

In production deployments, you must configure an external identity store, or configure AM to access an existing identity store.

Policy store

Stores policy-related data, such as policies, policy sets, and resource types.

No

Application store

Stores application-related data, such as web and Java agent configurations, federation entities and configuration, and OAuth 2.0 client definitions.

No

CTS token store

Stores information about sessions, SAML v2.0 assertions, OAuth 2.0 tokens, and session denylists and allowlists.

No

UMA store

Stores information about UMA resources, labels, audit messages, and pending requests.

No

The following table lists the supported directory servers for storing different data types:

Supported Data Stores
Directory server Versions Configuration Apps / policies CTS Identities UMA

Embedded ForgeRock Directory Services(1)

7.3

External ForgeRock Directory Services

6 and later

File system-based

N/A

Oracle Unified Directory

11g R2

Oracle Directory Server Enterprise Edition

11g

Microsoft Active Directory

2016, 2019

IBM Tivoli Directory Server

6.4

(1) Demo and test environments only.

The procedure for preparing external directory servers for AM to use is similar for each data type and includes the following steps:

  1. If you don’t have an existing directory server, install the external directory server software; for example, Directory Services.

  2. As the directory administrator, you may need to perform the following steps:

    1. Apply the relevant schema to the directory.

    2. Create indexes to optimize data retrieval from the directory server.

    3. Create a user account with the minimum required privileges for AM to bind to the directory server and access necessary data.

To prepare the external stores AM needs during installation, refer to the following pages:

Where do I find more information about the other external stores?

You can configure all data stores except the configuration store after you install AM:

Copyright © 2010-2024 ForgeRock, all rights reserved.