End-user UX options for authentication journeys and account management

Identity Cloud hosted pages provide OOTB UIs for the following:

This is the most straightforward end-user UX option since all the necessary capabilities are readily available.

The UI layouts are fixed but can be themed per realm. You can add company logos and change button, link, and background colors. The UIs support web applications but not native applications.

Hosted pages are useful if you have limited theming needs or want to quickly try new registration or authentication flows without integrating them into an application.

This UX option only lets you use centralized journey flows in your applications, with embedded journey flows not supported. Specifically, ForgeRock does not support embedding hosted pages in HTML frames.

This is the only UX option that supports SAML journey flows that use Identity Cloud as the IDP.

For more information, refer to Identity Cloud hosted pages.

The ForgeRock Login Widget provides an OOTB UI for end-user authentication journeys, such as login, registration, and password reset. It does not provide a UI for account management.

The Login Widget is low-code and framework-agnostic; it can be initiated with a few lines of code and can be easily integrated into any modern JavaScript application. It does not currently support server-side rendering (SSR), including Node.js.

The Login Widget provides OOTB support for localization, social login, WebAuthn, passkey, device profile, token management, and compliance with WCAG standards. It is highly themeable and customizable with CSS and Javascript.

For more information, refer to ForgeRock Login Widget.

The ForgeRock SDKs let you develop your own custom UI for web, Android, or iOS applications. You then integrate it with your Identity Cloud tenant using the REST API.

Each SDK provides an OOTB UI module that allows you to prototype your custom UI; however, it is only provided as a starting point, and it is not intended for production use.

This option offers a lot of flexibility if you want to customize the behavior, layout, and theming of the UI, or want to support Android and iOS applications. Using it requires a higher level of technical skill than the previous options.

SDKs can use centralized and embedded journey flows.

For more information, refer to ForgeRock SDKs.

The most flexible UX option is to build your own custom UIs and integrate with the Identity Cloud REST API. However, this is also the most complex and time-consuming UX option, as you need to build everything yourself without any ForgeRock prebuilt components.

In addition, you will also need deep identity implementation experience, including an understanding of how to securely store tokens locally.

For more information, refer to Identity Cloud REST API.

ForgeRock also provides the hosted pages UIs as distributable packages, known as the platform login and end-user UIs. You can self-host one or both of the UIs and configure them to use your Identity Cloud tenant.

This UX option offers flexibility if you want to customize the layout of the UIs or customize the theming beyond what the hosted pages provide. The UIs support web applications but not native applications.

This UX option also lets you use both centralized and embedded journey flows in your applications.

For background information about the platform end-user and login UIs, refer to Platform UIs.