AM 7.5.0

Platform Password node

The Platform Password node prompts the user to enter their password and stores it in a configurable property of the shared node state.


Product Compatible?

ForgeRock Identity Cloud


ForgeRock Access Management (self-managed)

This functionality requires that you configure AM as part of a sample ForgeRock Identity Platform deployment.


ForgeRock Identity Platform (self-managed)



This node uses the _id of the object for policy evaluation.

For existing users, the user’s _id must be in the shared state to evaluate user-specific policies, such as password history, cannot-contain-others, and so on. No _id is available for new users.


If this node’s Validate Password setting is enabled, the node relies on IDM for password policies.


Property Usage

Validate Password

When enabled, this node uses the password policies in IDM to validate the user’s input. It returns any policy failures as errors.

For example, if you submitted an invalid password on registration, the response from this node would include a list of failed policies:

    "name": "failedPolicies",
    "value": [
        "{ \"params\": { \"minLength\": 8 }, \"policyRequirement\": \"MIN_LENGTH\" }",
        "{ \"params\": { \"numCaps\": 1 }, \"policyRequirement\": \"AT_LEAST_X_CAPITAL_LETTERS\" }",
        "{ \"params\": { \"numNums\": 1 }, \"policyRequirement\": \"AT_LEAST_X_NUMBERS\" }"

Default: disabled

Password Attribute

The attribute used to store a password in the managed identity object.

Default: password

Confirm Password

Enable this option to require the user to enter the password identically in a second field.

This property only appears when the node is placed within a Page node.

Default: disabled

Checkmark Policy Display

Enable this option to show a checkmark instead of faded bullet points on successful password validation.

This property only appears when the node is placed within a Page node.

Default: disabled


On success, this node updates the Password Attribute property in the shared node state with the password.

The captured password is transient, persisting only until the authentication flow reaches the next node requiring user interaction. It may be persisted to the secure state if required later in the journey.


Single outcome path.


This node does not log error or warning messages of its own.

If it fails to get the result from IDM for a validation request, this node throws an exception with a Communication failure message.


The following journey uses a Page node containing the Platform Username node and Platform Password node to collect the username and password and set their values in the shared node state:

Username and password authentication
Copyright © 2010-2024 ForgeRock, all rights reserved.