Administrator federation
Administrator federation allows administrators to use single sign-on (SSO) to log in to an Identity Cloud tenant.
By using federation to authenticate your administrators to Identity Cloud, you can quickly and easily deprovision users by going to your centralized identity provider and removing that user’s access.
Types of federation providers
ForgeRock supports federation using the OIDC standard:
-
Azure Active Directory: Microsoft’s Azure Active Directory (Azure AD) pre-configured with Open ID Connect. For more information, refer to What is Azure Active Directory?.
-
Active Directory Federation Services: Microsoft’s Active Directory Federation Services (ADFS) pre-configured with Open ID Connect. For more information, refer to Active Directory Federation Services.
Types of administrators
You can assign the following types of administrators in Identity Cloud:
-
Super administrators: Administrators that can manage the tenant and tenant administrators by:
-
Granting or revoking
Super administratorrights to and from tenant administrators. -
Enabling federation for a tenant.
-
Requiring some or all administrators in a tenant to use federation.
-
-
Tenant administrators: Administrators that can manage the tenant, but not tenant administrators.
To configure Identity Cloud to use federation providers, you first need to set up a federation provider. Then, you need to enable federation for your tenants. Afterwards, to deprovision an administrator, revoke the administrator’s access.