Identity Cloud

Configure AM for authentication

AM uses authentication nodes and journeys (previously called trees) to authenticate users, and provides a large variety of authentication nodes. Based on your authentication requirements, you connect these nodes to create a journey that guides users through the authentication process.

Authentication journeys are extremely flexible, and can be adapted to suit your specific deployment. Although the number of choices can seem daunting, once you understand the basic process, you will be able to configure multiple journeys to protect access to most applications in your organization.

Self-managed AM deployments can also use a legacy authentication mechanism, with modules and chains. Modules and chains are not supported in ForgeRock Identity Cloud, even though it might appear that you can configure them in the UI. All authentication to Identity Cloud must use an authentication journey.

Authentication is configured per realm. The following table summarizes the high-level tasks required to configure authentication in a realm:

Task Resources

Configure the required authentication mechanisms

You need to decide how your users are going to log in. For example, you may require your users to provide multiple credentials, or to log in using third-party identity providers, such as Facebook or Google.

Configure the success and failure URLs for the realm

By default, AM redirects users to the UI after successful authentication. No failure URL is defined by default.

Copyright © 2010-2023 ForgeRock, all rights reserved.