Identity Cloud

Data models and objects reference

You can customize a variety of objects that can be addressed via a URL or URI. IDM can perform a common set of functions on these objects, such as CRUDPAQ (create, read, update, delete, patch, action, and query).

Depending on how you intend to use them, different object types are appropriate.

Table 1. Object Types
Object Type Intended Use Special Functionality

Managed objects

Serve as targets and sources for synchronization, and to build virtual identities.

For more information, refer to Managed objects.

Provide appropriate auditing, script hooks, declarative mappings and so forth in addition to the REST interface.

Configuration objects

Ideal for look-up tables or other custom configuration, which you can configure externally like any other system configuration.

Adds file view, REST interface, and so forth

Repository objects

The equivalent of arbitrary database table access. Appropriate for managing data through the underlying data store or repository API.

For information on how to access identity related data using REST, refer to REST and IDM.

Persistence and API access

System objects

Pluggable representations of objects on external systems. They follow the same RESTful resource based design principles as managed objects. There is a default implementation for the ICF framework, which allows any connector object to be represented as a system object.

For more information on system objects and connectors, refer to ForgeRock ICF.

For information on REST endpoints relating to system objects, refer to System objects.


Audit objects

Houses audit data in the repository.

For more information on how to access audit data in Identity Cloud, refer to Access logs with API key and secret.



Link objects define relations between source objects and target objects, usually relations between managed objects and system objects.

The link relationship is established by provisioning activity that either results in a new account on a target system, or a reconciliation or synchronization scenario that takes a LINK action.

For more information, refer to Reuse links between mappings.


Copyright © 2010-2024 ForgeRock, all rights reserved.