End-user UX options for authentication journeys and account management
When you integrate your applications with Identity Cloud, you must provide your end users with a UX (user experience) that handles authentication journeys and account management.
Identity Cloud provides these end-user UX options:
Identity Cloud hosted pages
Use Identity Cloud’s built-in and fully-featured UIs with no development work.
ForgeRock Login Widget
Use SDKs for web, Android, or iOS applications. Integrate the SDK into Identity Cloud using the REST API.
Identity Cloud REST API
Build your own custom UIs without any ForgeRock prebuilt components and integrate with Identity Cloud REST API.
The options are not mutually exclusive, and you may need a combination of them to meet your company’s requirements. For a quick take on which option is most suitable for you, refer to Compare end-user UX options.
Identity Cloud hosted pages provide OOTB UIs for the following:
End-user authentication journeys, such as login, registration, and password reset
End-user account activities, such as managing profile information, viewing application access, and viewing roles and entitlements
This is the most straightforward end-user UX option since all the necessary capabilities are readily available.
The UI layouts are fixed but can be themed per realm. You can add company logos and change button, link, and background colors. The UIs support web applications but not native applications.
Hosted pages are useful if you have limited theming needs or want to quickly try new registration or authentication flows without integrating them into an application.
This UX option only lets you use centralized journey flows in your applications, with embedded journey flows not supported. Specifically, ForgeRock does not support embedding hosted pages in HTML frames.
This is the only UX option that supports SAML journey flows that use Identity Cloud as the IDP.
For more information, refer to Identity Cloud hosted pages.
The ForgeRock Login Widget provides an OOTB UI for end-user authentication journeys, such as login, registration, and password reset. It does not provide a UI for account management.
For more information, refer to ForgeRock Login Widget.
The ForgeRock SDKs let you develop your own custom UI for web, Android, or iOS applications. You then integrate it with your Identity Cloud tenant using the REST API.
Each SDK provides an OOTB UI module that allows you to prototype your custom UI; however, it is only provided as a starting point, and it is not intended for production use.
This option offers a lot of flexibility if you want to customize the behavior, layout, and theming of the UI, or want to support Android and iOS applications. Using it requires a higher level of technical skill than the previous options.
SDKs can use centralized and embedded journey flows.
For more information, refer to ForgeRock SDKs.
The most flexible UX option is to build your own custom UIs and integrate with the Identity Cloud REST API. However, this is also the most complex and time-consuming UX option, as you need to build everything yourself without any ForgeRock prebuilt components.
In addition, you will also need deep identity implementation experience, including an understanding of how to securely store tokens locally.
For more information, refer to Identity Cloud REST API.
|ForgeRock no longer recommends or supports this UX option due to the complexity of configuring the distributable packages. For a quick take on alternative options, refer to Compare end-user UX options.
ForgeRock also provides the hosted pages UIs as distributable packages, known as the platform login and end-user UIs. You can self-host one or both of the UIs and configure them to use your Identity Cloud tenant.
This UX option offers flexibility if you want to customize the layout of the UIs or customize the theming beyond what the hosted pages provide. The UIs support web applications but not native applications.
This UX option also lets you use both centralized and embedded journey flows in your applications.
For background information about the platform end-user and login UIs, refer to Platform UIs.