Identity Cloud

Create journeys

When your company purchases the Autonomous Access add-on capability, ForgeRock Professional Services configures an example journey in your tenants using three Autonomous Access nodes.

This section outlines several example journeys to illustrate how can configure journeys for your specific use cases. Consult with your ForgeRock representative to formulate your specific journeys.

Example journey

ForgeRock uses the following example journey for data collection and API calls to the Autonomous Access AI server to get the risk scores. This journey is also a good starter template to create more advanced journeys for production purposes.

Example Autonomous Access journey

auto access default journey nodes

  1. In the Identity Cloud admin UI, go to Journeys, and edit the Autonomous Access template.

  2. Provide details for these nodes in the journey:

  3. To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito or Browsing mode.

  4. When you’re satisfied with your journey, click Save.

Example journey with step-up multifactor authentication

The following example journey illustrates a step-up multifactor authentication (MFA) with Autonomous Access nodes.

There are various ways to implement MFA using journeys. Consult with your ForgeRock representative to discuss your particular application.

This example MFA setup uses the ForgeRock Authenticator (OATH) module, which supports HMAC one-time password (HOTP) and a time-based one-time password (TOTP) authentication method. It is assumed that the user has an OATH-compliant device that can provide a password.

auto access journey mfa
Figure 1. Autonomous Access journey with step-up authentication

The journey starts off in the same manner as the Example journey in the previous section, except that the journey uses an Inner Tree Evaluator node, relabelled as "MFA-EVALUATION" that calls a subtree called "PushStepUp."

The journey also implements three Autonomous Access result nodes: two "SUCCESS" nodes and one "FAILURE" node. The first result node takes the destination of a true outcome in the "MFA-EVALUATION" node. The node has a "SUCCESS" outcome and MFA Enabled checkbox enabled, so that the AAI server can keep track of users and knows that MFA has completed successfully.

The second result node has a "SUCCESS" outcome for low decision scores. This node does not have MFA Enabled as low and medium risk scores are passed through successfully. The third result node is for "FAILURE" states and has MFA Enabled checked, so that Autonomous Access knows that the MFA journey has failed during the its process.

auto access mfa result
Figure 2. Autonomous Access result node

The MFA EVALUATION node calls a subtree, PushStepUp, as follows:

auto access journey pushstepup
Figure 3. Push step up subtree journey
  1. In the Identity Cloud admin UI, go to Journeys, and edit the Autonomous Access template.

  2. Provide details for these nodes in the MFA journey:

  3. To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito or Browsing mode. A login screen prompts you to enter your user ID and password.

  4. Verify that you can use the ForgeRock Authenticator application to perform MFA. For more details, refer to Authentication nodes and journeys.

  5. When you’re satisfied with your journey, click Save.

Copyright © 2010-2024 ForgeRock, all rights reserved.