Request authorization from Identity Cloud
When you have configured Identity Cloud to determine whether to grant or deny access based on your configured policies, you must configure policy enforcement points (PEPs) to use Identity Cloud.
The ForgeRock Identity Platform provides the following PEPs:
- Web agents and Java agents
Add-on components installed on the web server or container that serves your applications. The web and Java agents are tightly integrated with Identity Cloud and serve exclusively as PEPs.
- ForgeRock Identity Gateway
A high-performance reverse proxy server that can also function as a PEP.
For more information, refer to Policy enforcement in the ForgeRock Identity Gateway documentation.
The ForgeRock Identity Platform PEPs intercept inbound client requests to access resources in your website or application. Based on internal rules, the PEPs can defer requests to Identity Cloud for policy evaluation. Because they are tightly integrated with Identity Cloud, you do not need additional code to request policy evaluation or to manage advices.
ForgeRock recommends you use the ForgeRock Identity Platform PEPs; however, you can code your own and make REST calls to Identity Cloud to request policy evaluation.
Related information: Request policy decisions over REST