End-user UX journey flows
Journey flows define the sign-in experience for end users. The End-user UX options available in Identity Cloud offer two journey flows:
Not every end-user UX option supports both centralized and embedded journey flows. Refer to Compare end-user UX options for more information.
Centralized journey flows
Centralized journey flows redirect end users to an external page to sign in. This is a common experience for most users. This approach is considered the security best practice for Identity Cloud, ensuring all your applications and websites can share the same, centralized authentication processes.
An example of a centralized journey flow is Google G Suite, where an end user is redirected to the same authentication page no matter which application they’re trying to access.
The following video shows a centralized journey flow with ForgeRock SDKs:
Use the hosted pages and the SDK end-user UX options to implement centralized journey flows.
Embedded journey flows
Embedded journey flows offer a more traditional sign-in experience, as end users are not redirected to an external page.
Embedded journey flows aren’t considered to be a security best practice for the following reasons:
-
Individual applications have access to end user’s credentials.
-
Individual applications have access to the authorization grant.
-
Each application must manually build in security during the sign-in process.
The following video shows an embedded journey flow with ForgeRock SDKs:
Use the Login Widget and the SDK end-user UX options to implement embedded journey flows.