This guide is written for administrators that are comfortable securing web applications. Although the authors will attempt to lay out a comprehensive list of actions to take, security is a too-broad subject to tackle and every environment is different; readers are expected to do their own research and complement the information found in this guide.

This guide will not provide guidance to secure advanced AM features, such as OAuth 2.0 or SAML v2.0. You will find the relevant information in their respective guides.

When you deploy AM, you must ensure that your environment is built and configured with security in mind. This includes:

  • The network infrastructure.

  • The operating system.

  • The container where AM runs.

  • The Java installation and the cryptography settings.

  • The clients and applications that will connect to AM.

  • The CTS store, identity stores, and any other application stores.

  • AM's own configuration.

Quick Start


Learn tips and best practices about securing your network infrastructure.

Audit Logging

Learn how AM logs auditing events and configure the Audit Logging Service to suit your needs.

Certificates and keys

Learn about cryptographic keys, keystores, and secret stores.

Protect the Session Cookie from Hijacking

Discover how to protect the session cookie from malicious users.

About ForgeRock Identity Platform™ Software

ForgeRock Identity Platform™ serves as the basis for our simple and comprehensive Identity and Access Management solution. We help our customers deepen their relationships with their customers, and improve the productivity and connectivity of their employees and partners. For more information about ForgeRock and about the platform, see https://www.forgerock.com.

Read a different version of :