Identity Cloud

Identity Cloud End User UI screens

If you choose hosted pages as your UI integration option, Identity Cloud provides an end-user UI for your end users.

The Identity Cloud End User UI gives users various options, such as updating their profiles and accessing information. The end-user UI screens vary, depending on how you configure the UI, and on which Identity Cloud capabilities you have purchased.

This page is a reference. The menu items may or may not be present depending on what has been enabled or purchased.

The Identity Cloud End User UI exposes personal information. Deactivate the Identity Cloud End User UI if:

  • You do not want personal information exposed.

  • You’re using ForgeRock SDKs.

  • You’re using your own APIs to create custom web pages.

End user menu items

end user screens

  • 1 Default navigation menu items.

  • 2 Additional navigation menu items displayed with purchase of Identity Governance.

Menu item Description

Dashboard

A dashboard that shows tasks and information that requires an end user’s attention.

Inbox

A list of actions for the end user to take.

My Applications

A list of applications the end user has access to. Users can click on applications in the list to navigate to them using SSO.

My Access

The access end users have in applications and in Identity Cloud.

This includes:

  • Accounts from onboarded target applications

  • Roles they’re assigned in Identity Cloud

  • Entitlements or privileges they have in onboarded target applications

My Directory

The delegates and direct reports (employees) end users have.

End users can perform the following actions:

  • Manage their delegates. Delegates are individuals that are assigned to their access reviews.

  • Access their direct reports and the access the direct reports have.

Profile

The place where end users can manage their information.

When this menu item is selected, additional sections appear that allow end users to take the following actions:

  • Manage their profile information

  • Reset their password

  • Manage devices end users have registered for an additional factor on log in

  • Access the social providers they have used to log in with, such as Google or Facebook

  • Access the devices they have logged in with

  • Manage applications to which they have granted access to their personal information

  • Manage communication preferences

  • Manage the consent they have given on how their data is shared with third-parties.

  • Download and delete their account

The actions on this page vary depending on the configurations set in Configure actions and information for end users.

Log in as an end user

How your end users log in vary depending on how you configure Identity Cloud.

For example, an end user can embed the login URL on a portal page or behind a button.

The end user screens that display vary in branding and color depending on what you configure in the theme.

To log in to the Identity Cloud End User UI:

  1. Navigate to a URL such as:

    https://<tenant-env-fqdn>/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=Login

    This URL logs the end user into the Identity Cloud End User UI Alpha realm using the Login journey.

  2. Enter login credentials.

  3. Click Next. The end user is logged in to the Identity Cloud End User UI.

Click to display an example
end user login

Dashboard

The dashboard provides a list of items that require end users' attention. For example, if Identity Governance is enabled, items that require an end user’s review appear here. If nothing requires an end user’s attention, an Edit Your Profile button displays that links to the profile.

To access the dashboard:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click Dashboard.

Inbox

The Inbox[1] section lists all items assigned to an end user. For example, if an end user is assigned an access review, items display for the user to act on.

To access the inbox:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click Inbox.

Access reviews

The Access Reviews[1] section lists the access reviews assigned to a certifier (individual assigned to review the access).

If a certifier has delegates assigned, then the access reviews are also assigned to the delegates.

To view access review tasks:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click Inbox > Access Reviews.

For more information, refer to Certify data using access reviews.

My applications

The My Applications section lists the applications an end user has access to.

The following types of applications display in the My Applications section:

  • SAML-based applications - Configure SAML applications and assign end users or a role to the application. The SAML application then displays to the end user under the My Applications page.

  • Bookmark applications - Bookmark applications do not require authentication and are simply a redirect to a URL. When you assign a bookmark application to an end user or a role, it displays shortcut links on the My Applications page. When an end user clicks one of the links, the browser opens a new tab.

Application templates defined in the application catalog and custom OIDC applications do not display in the My Applications section.

To view and navigate to applications:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click My Applications.

  3. Click the desired application. The end user is redirected to the application.

Click to display an example

The example shows the following:

  1. An end user logging into the Identity Cloud End User UI and having no applications assigned.

  2. An administrator, logged into the Identity Cloud admin UI, assigning a user to a bookmark and SAML application.

  3. The end user refreshing the page and the applications displaying under the My Applications menu item.

  4. The end user selecting a bookmark application (Google) and the application opening up in a new tab.

  5. The end user selecting a SAML application (Sample SAML App) and the user being redirected to the application already logged in a new tab.

end user my apps demo

My access

The My Access[1] section lists the access end users have in Identity Cloud when they log into the Identity Cloud End User UI. It also lists the access they have in onboarded target applications.

To view access:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click My Access.

  3. Select any of the following tabs to view details:

    • Accounts - The accounts (user entities) that end users have in onboarded target applications. These correlate to the end user Identity Cloud identity.

    • Roles - The provisioning roles assigned to end users in Identity Cloud.

    • Entitlements - The entitlements end users have in onboarded target applications.

My directory

The My Directory[1] section includes the following tabs that allow end users to manage their delegates and direct reports (employees):

Delegates

In Identity Governance, end users can delegate:

  • Access reviews

  • Line items forwarded to end users

  • Line items reassigned to users

  • Access requests when they’re the approver (designated owner) of a resource

Items still show up in end user’s inbox; however, they’re also sent to the delegate.

Delegation is useful, for example, if an end user is on vacation and needs someone to cover their items.
Assign a delegate

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click My Directory > Delegates.

  3. Click + Add Delegates.

  4. Search for another end user to delegate items to.

  5. (Optional) Set a start and end date for the delegate:

    1. Check the Assign role only during a selected time period box.

    2. Select a start and end date. Items are assigned during this timeframe only.

      If no start and end date is set, the delegate is set indefinitely.

  6. Click Save.

Remove a delegate

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click My Directory > Delegates.

  3. Find the delegate to remove and click > Remove.

  4. Click Delete.

When end users remove a delegate, the items sent to the delegate are automatically removed.

Direct reports

Direct reports are individuals who end users manage. In Identity Governance, end users can review their direct reports and the access their direct reports have.

For end users to view their direct reports' information:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click My Directory > Direct Reports. From this screen, end users view their direct reports.

  3. Select the desired employee.

  4. Click the Accounts, Entitlements, and Roles tabs to view a direct reports access.

Profile

The Profile section lets end users access and manage their information.

For end users to access the Profile section and update their personal information, you must:

  1. Enable the Personal Information UI menu item.

  2. Decide and configure which profile attributes should be accessible to an end user.

For an end user to update their profile information follow these steps:

  1. Log in to the Identity Cloud End User UI.

  2. From the left navigation pane, click Profile.

  3. Select Edit Personal Info.

  4. Update one or more pieces of information.

  5. Click Save.

Click to display an example
end user update profile info
1. This applies to a feature only available in ForgeRock Identity Governance, which must be purchased separately.
Copyright © 2010-2023 ForgeRock, all rights reserved.