Identity Cloud

End-user pages

If you choose hosted pages as your UI integration option, Identity Cloud provides an end-user UI for your end users.

The Identity Cloud end-user UI gives users various options, such as updating their profiles and accessing information. The end-user UI pages vary, depending on how you configure the UI, and on which Identity Cloud capabilities you have purchased.

The Identity Cloud End User UI exposes personal information. Deactivate the Identity Cloud End User UI if:

  • You do not want personal information exposed.

  • You’re using ForgeRock SDKs.

  • You’re using your own APIs to create custom web pages.

End-user menu items

end user screens

  • 1 Default navigation menu items.

  • 2 Additional navigation menu items displayed with purchase of Identity Governance.

This page is a reference. The menu items may or may not be present depending on what has been enabled or purchased.
Menu item Description

Dashboard

Dashboard that shows tasks and information that requires an end user’s attention.

Inbox

List of actions for the end user to take.

My Applications

List of applications the end user has access to. Users can click on applications in the list to navigate to them using SSO.

My Access

Access end users have in applications and in Identity Cloud.

This includes:

  • Accounts from onboarded target applications

  • Roles they’re assigned in Identity Cloud

  • Entitlements or privileges they have in onboarded target applications

My Directory

Delegates and direct reports (employees) end users have.

End users can perform the following actions:

  • Manage their delegates. Delegates are individuals that are assigned to their access reviews.

  • Access their direct reports and the access granted to them.

My Requests

End users can create requests to access resources, such as target applications, entitlements, or roles.

Profile

Profile page where end users can manage their information.

When this menu item is selected, additional sections appear that allow end users to take the following actions:

  • Manage their profile information

  • Reset their password

  • Manage devices end users have registered for an additional factor on log in

  • Access the social providers they have used to log in with, such as Google or Facebook

  • Access the devices they have logged in with

  • Manage applications to which they have granted access to their personal information

  • Manage communication preferences

  • Manage the consent they have given on how their data is shared with third-parties.

  • Download and delete their account

The actions on this page vary depending on the configurations set in Configure actions and information for end users.

Log in as an end user

The way your end users log in can differ based on your Identity Cloud configuration.

For example, an end user can embed the login URL on a portal page or associate it with a button.

The appearance of the end user pages, including branding and color, changes according to the theme settings you configure.

To log in to the Identity Cloud End User UI:

  1. Navigate to a URL. For example, use the URL format:

    https://<tenant-env-fqdn>/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=Login

    This URL logs the end user into the Identity Cloud End User UI Alpha realm using the Login journey.

  2. Enter login credentials.

  3. Click Next. The end user is logged in to the Identity Cloud End User UI.

Dashboard

The dashboard provides a list of items that require end users' attention. For example, if Identity Governance is enabled, items that require an end user’s review appear here. If nothing requires an end user’s attention, an Edit Your Profile button displays that links to the profile.

To access the dashboard:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click Dashboard.

Inbox

The Inbox[1] section lists all items assigned to an end user. For example, if an end user is assigned an access review, items display for the user to act on.

To access the inbox:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click Inbox.

Approvals

The Approvals[1] section lists approval items (submitted access requests) for an approver (designated owner) to act on.

If an approver has delegates assigned, then the approval items are also assigned to the delegates.

To view approval tasks:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click Inbox > Approvals.

For more information, refer to Review request items (End user UI).

Access reviews

The Access Reviews[1] section lists the access reviews assigned to a certifier (individual assigned to review the access).

If a certifier has delegates assigned, then the access reviews are also assigned to the delegates.

To view access review tasks:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click Inbox > Access Reviews.

For more information, refer to Certify data using access reviews.

My applications

The My Applications section lists the applications an end user has access to.

The following types of applications display in the My Applications section:

  • SAML-based applications - Configure SAML applications and assign end users or a role to the application. The SAML application then displays to the end user under the My Applications page.

  • Bookmark applications - Bookmark applications do not require authentication and are simply a redirect to a URL. When you assign a bookmark application to an end user or a role, it displays shortcut links on the My Applications page. When an end user clicks one of the links, the browser opens a new tab.

Application templates defined in the application catalog and custom OIDC applications do not display in the My Applications section.

To view and navigate to applications:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click My Applications.

  3. Click the desired application. The end user is redirected to the application.

Click to display an example

The example shows the following:

  1. An end user logging into the Identity Cloud End User UI and having no applications assigned.

  2. An administrator, logged into the Identity Cloud admin UI, assigning a user to a bookmark and SAML application.

  3. The end user refreshing the page and the applications displaying under the My Applications menu item.

  4. The end user selecting a bookmark application (Google) and the application opening up in a new tab.

  5. The end user selecting a SAML application (Sample SAML App) and the user being redirected to the application already logged in a new tab.

My access

The My Access[1] section lists the access end users have in Identity Cloud when they log into the Identity Cloud End User UI. It also lists the access they have in onboarded target applications.

To view access:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click My Access.

  3. Select any of the following tabs to view details:

    • Accounts - The accounts (user entities) that end users have in onboarded target applications. These correlate to the end user Identity Cloud identity.

    • Roles - The provisioning roles assigned to end users in Identity Cloud.

    • Entitlements - The entitlements end users have in onboarded target applications.

My directory

The My Directory[1] section includes the following tabs that allow end users to manage their tooltip:["delegates","Individuals who are auto-assigned an end user’s tasks indefinitely or for a specified time. Useful, for example, if an end user is on vacation and needs someone to cover their items."] and direct reports (employees):

Delegates

In Identity Governance, end users can delegate:

  • Access reviews

  • Line items forwarded to end users

  • Line items reassigned to users

  • Access requests when they’re the approver (designated owner) of a resource

Items still show up in end user’s inbox; however, they’re also sent to the delegate.

Delegation is useful, for example, if an end user is on vacation and needs someone to cover their items.
Assign a delegate

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click My Directory > Delegates.

  3. Click + Add Delegates.

  4. Search for another end user to delegate items to.

  5. (Optional) Set a start and end date for the delegate:

    1. Check the Assign role only during a selected time period box.

    2. Select a start and end date. Items are assigned during this timeframe only.

      If no start and end date is set, the delegate is set indefinitely.

  6. Click Save.

Remove a delegate

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click My Directory > Delegates.

  3. Find the delegate to remove and click > Remove.

  4. Click Delete.

When end users remove a delegate, the items sent to the delegate are automatically removed.

Direct reports

Direct reports are individuals who end users manage. In Identity Governance, end users can review their direct reports and the access their direct reports have.

For end users to view their direct reports' information:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click My Directory > Direct Reports. From this page, end users view their direct reports.

  3. Select the desired employee.

  4. Click the Accounts, Entitlements, and Roles tabs to view a direct reports access. TIP: As a manager, you can submit a remove access request to remove resources from a user. For more information, refer to Request to remove access.

My requests

The My Requests[1] section lets end users:

  • Create a request for themselves or others to gain access to an application, entitlement, or role

  • View requests they have submitted

To view and create requests:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click My Requests. From this page, end users view their pending requests.

  3. To create a request, click + New Request.

    The end user creates the request and sends it to the resource approvers for their approval or rejection.

    For more information, refer to Certify access.

Profile

The Profile section lets end users access and manage their information.

For end users to access the Profile section and update their personal information, you must:

  1. Enable the Personal Information UI menu item.

  2. Decide and configure which profile attributes are accessible to an end user.

For an end user to update their profile information follow these steps:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click Profile.

  3. Select Edit Personal Info.

  4. Update one or more pieces of information.

  5. Click Save.

1. This applies to a feature only available in ForgeRock Identity Governance, which must be purchased separately.
Copyright © 2010-2024 ForgeRock, all rights reserved.