Identity Cloud

Plan for data object modeling

Refer to the Plan for Identity Cloud section for understanding the deployment process as a whole.

When preparing an Identity Cloud deployment, one of the most important phases of the planning process is data object modeling. Data object modeling is the process of creating an identity data model describing the data types, its structures, and its relationships that meet the business requirements of your company.

Successful deployment of Identity Cloud requires early and detailed consideration of the data object model. This applies as much to Identity Cloud as it does to a customer’s own deployment of the ForgeRock software.

A structured approach of discovery and rationalization creates a solid foundation for the implementation of the object model, and allows for evolution over time in line with business requirements.

Planning considerations for data object modeling

The key planning considerations for data object modeling are the following:

Item Description

User communities

Determine the different user communities the platform will serve, such as customers, business partners, and employees.


Determine the different entities and identities that make up each of these communities, such as end users, organizations, and devices.

Authentication and authorization requirements

Determine the information needed for each of these entities to support your authentication and authorization requirements.

Use Introduction to Authentication to understand authentication. Use Authorizations and policy decisions to understand authorization.

Combine the two together with Journeys.

Data organization

Determine how end user identities (or data) are organized and how the organization affects authentication and authorization.

Utilize realms, relationships, organizations, and groups to aggregate entities and identities into business units, standalone organizations, or families of users.

Identity mappings

Determine the specific identity mappings required for your applications. It is important to understand how identity information is created or updated in Identity Cloud and which information is managed externally.

The development of the new identity model should preserve the entities and attributes relevant to your business requirements while leaving behind the identity data relevant only internally to your organization.

Identity Cloud uses schemas and other techniques to provide a common and consistent way to manage new and existing data sources across your organization. Identity Cloud offers extensive flexibility for identity profiles and their associated business processes. However, the overall object model is relatively fixed, as expected of a Software as a Service (SaaS) delivery model. The data object modeling process therefore involves some level of adaptation for any pre-existing customer identity model. It is unlikely—​and often undesirable—​that the existing model can be implemented exactly as-is within Identity Cloud.

For technical details on the building blocks of the identity model, refer to object modeling.

Copyright © 2010-2024 ForgeRock, all rights reserved.