Gateways & Agents

Overview

Integrate Identity Cloud with ForgeRock Identity Gateway and policy agents to secure access to your web resources.

ForgeRock Identity Gateway

ForgeRock Identity Gateway (IG) integrates your web applications, APIs, and microservices with Identity Cloud. IG enforces security and access control without modifying your applications or the containers where they run—whether on premises, in a public cloud, or in a private cloud.

Based on reverse proxy architecture, IG intercepts client requests and server responses. In this process, IG enforces user or service authentication and authorization to HTTP traffic. Identity Cloud acts as the authentication and authorization provider.

IG can also conduct deep analysis, then throttle and transform requests and responses when necessary.

See the ForgeRock Identity Gateway Identity Cloud Guide for these detailed instructions and examples:

Policy agents

ForgeRock policy agents are Access Management (AM) add-on components. They operate as policy enforcement points (PEPs) for websites and applications.

Policy agents natively plug into web or applications servers. The agents intercept inbound requests to websites, and interact with AM to:

  • Ensure that clients provide appropriate authentication.

  • Enforce AM resource-based policies.

Use Web Agents to protect services and web resources hosted on a web or proxy server. Use Java Agents to protect resources hosted on application or portal servers.

Although both agents enforce authentication and authorization to protected resources, they differ in the way they derive policy decisions and enforce them.

See these guides for examples of how to transition from on-premises access management to ForgeRock Identity Cloud without changing the architecture of the agent-based model: