Identity Cloud

Journeys

Identity Cloud comes with pre-configured end-user journeys. A journey is an end-to-end workflow invoked by an end user or device. Identity Cloud provides templates for common end-user journeys; for example, account registration and sign-in.

You can use the Identity Cloud hosted pages theme editor to configure or modify the layout and appearance of journeys.

You can use the drag-and-drop journey editor to configure or modify the journey templates:

Authentication template

Use the Login authentication template to configure sign-in journeys.

User self-service templates

Use a self-service template to let end users manage their accounts or resolve simple password issues without having to engage a tenant administrator.

Custom journey

Start with a blank canvas when you want to build a custom journey, and drag and drop nodes from the nodes list.

Default end-user journey

The journey Identity Cloud displays to end users when they access a default webpage URL. For example, application webpages commonly display a sign-in link. When the end user clicks the link, the Login journey is invoked by default.

Set a default end-user journey as follows:

  • Set a new journey as the default:

    • In the Identity Cloud admin UI, click Journeys and New Journey.

    • On the New Journey page, enable the option Default journey for end users.

  • Set an existing journey as the default:

    • In the Identity Cloud admin UI, click Journeys to view the list of journeys.

    • Select a journey, and click and Set as default.

Device profiling support

Use the ForgeRock SDKs to create authentication journeys based on device context. For more information, refer to Configure device profiling authentication.

Scripting

Add JavaScript to a Scripted Decision node to customize the outcome of an authentication journey.

Use the auth scripting editor to do the following:

Authentication templates

Login

Create a basic Login journey for end users to authenticate and sign in to an app or service with a username and password.

  1. In the Identity Cloud admin UI, go to Journeys > Login.

  2. Hover over the journey schematic, and click Edit.

  3. Enter information for each node in the journey:

    For information about all available nodes, refer to Nodes for journeys.

  4. To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.

  5. When you’re satisfied with your journey, click Save.

For more information on the Login journey, refer to Login with self-service.

If you implement account lockout using the Account Lockout node, it creates a persistent lockout on user accounts. User accounts can be unlocked by a tenant administrator.

Identity Cloud also supports configurable persistent and duration account lockout. Refer to Account lockout.

Device profiling

Use the ForgeRock SDK to create journeys that let inanimate objects authenticate based on device context. Cell phones and smartwatches are examples of devices that have their own identities. Device context provides Identity Cloud with information about how or where a device is used to authenticate.

For detailed instructions, refer to Configure device profiling authentication.

User self-service templates

Registration

Create a registration journey to let end users create their own account for an app or service.

  1. In the Identity Cloud admin UI, go to Journeys > Registration.

  2. Hover over the journey schematic, and click Edit.

  3. Enter information for each node in the journey:

  4. To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.

  5. When you’re satisfied with your journey, click Save.

For more information on the Registration journey, refer to User self-registration.

Progressive profile

Create a Progressive Profile journey to trigger a conditional event in the journey.

The default journey triggers a reminder to set preferences for receiving news and special offers. The reminder is displayed only if the end user logs in three times without selecting preferences. If the end user makes no selection, the reminder expires and is not displayed again. If the end user selects one or more options, the preferences get set in the end user’s profile.

  1. In the Identity Cloud admin UI, go to Journeys > Progressive Profile.

  2. Hover over the journey schematic, and click Edit.

  3. Enter information for each node in the journey:

  4. To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.

  5. When you’re satisfied with your journey, click Save.

For more information on the Progressive Profile journey, refer to Progressive profile.

Update password

Create an Update Password journey to let end users change their passwords. End users may be required to change passwords at regular intervals or if a password is compromised.

  1. In the Identity Cloud admin UI, go to Journeys > Update Password.

  2. Hover over the journey schematic, and click Edit.

  3. Enter information for each node in the journey:

  4. To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.

  5. When you’re satisfied with your journey, click Save.

For more information on the Update Password journey, refer to Password updates.

Reset password

Create a Reset Password journey to let end users change their existing passwords. End users typically reset their passwords when they’ve forgotten the password they set.

  1. In the Identity Cloud admin UI, go to Journeys > Reset Password.

  2. Hover over the journey schematic, and click Edit.

  3. Enter information for each node in the journey:

  4. To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.

  5. When you’re satisfied with your journey, click Save.

For more information on the Reset Password journey, refer to Password reset.

Forgotten username

Create a Forgotten Username journey to let end users retrieve their username from their user account data.

  1. In the Identity Cloud admin UI, go to Journeys > Forgotten Username.

  2. Hover over the journey schematic, and click Edit.

  3. Enter information for each node in the journey:

  4. To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.

  5. When you’re satisfied with your journey, click Save.

For more information on the Forgotten Username journey, refer to Username recovery.

Custom journeys

Create a custom journey when none of the ready-to-use templates suits your needs.

  1. In the Identity Cloud admin UI, click Journeys.

  2. Click + New Journey.

  3. Enter journey details:

    • Name: Name to display in the Journeys list.

    • Identity Object: Identifier for the user or device to authenticate.

    • (Optional) Description: Summarize end user interaction.

    • (Optional) Tags: For organizing journeys to make them easier to find.

  4. Click Create journey.

  5. Use the journey editor to create your custom journey.
    Drag nodes from the palette and arrange them on the blank canvas.

  6. Provide information for each node, and connect nodes.

    For information about all available nodes, refer to Nodes for journeys.

  7. To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.

  8. When you’re satisfied with your journey, click Save.

Deactivate journeys

Deactivate a journey to prevent end users using it to authenticate. If you deactivate it, you can reactivate it at any time.

For example, if you are building a new journey in your development environment and you need to run a promotion, you can deactivate the journey prior to the promotion so that there’s no risk of the journey being discovered and used by end users in your upper environments and potentially allowing insecure access. You can activate the journey in your development environment again after a promotion.

ForgeRock recommends you deactivate any default journeys not in use. Refer to Deactivate unused or insecure journeys.

  1. In the Identity Cloud admin UI, go to Journeys to view the existing journeys list.

  2. Find the journey.

  3. Click its More () menu:

    • To deactivate the journey, choose Deactivate, then in the Deactivate Journey dialog, click Deactivate.

    • To activate the journey, choose Activate.

You can also deactivate and activate a journey using the More () menu in the journey editor.

Duplicate journeys

Duplicate a journey to preserve a template for future use. For example, if you are testing a journey, start with a duplicate. Give the duplicate journey a unique name.

Create a duplicate journey in the following ways:

  • Click Journeys to view the existing journeys list. Find the template name. Then, click its More () menu, and choose Duplicate.

  • In the Journey editor, click More (), and choose Duplicate.

Export journeys

You can export journeys, including all dependencies like nodes, inner journeys, and scripts of any type apart from library scripts.

Use this feature to export journeys from one environment, such as a development environment, to another.

  1. In the Identity Cloud admin UI, go to Journeys.

  2. Check the checkbox beside one more journeys.

  3. Click Export.

  4. View the information on the Export Journeys page.

  5. Click Export.

Import journeys

You can import journeys, including all dependencies such as nodes, inner journeys, and scripts, and scripts of any type apart from library scripts.

Use this feature to import a journey from one environment, such as a development environment, to another.

  1. In the Identity Cloud admin UI, go to Journeys, and click Import.

  2. Download or skip back up:

    • Download a backup of your existing journeys so that you can restore them in case of error or unexpected behavior during or after import:

      1. To view the backup summary, click Show backup summary.

      2. Click Download Backup.

    • Skip the download:

      1. Click Skip Backup.

      2. In the dialog box, click Skip Backup again.

  3. Configure the import:

    1. On the Import Journeys page, browse to and select a JSON file that contains the journey’s configurations to import.

    2. Select the identity object that the journey authenticates.

    3. In the Conflict Resolution section, choose how the system resolves import conflicts:

      • Overwrite all conflicts (default)

      • Manually pick conflict resolution

    4. Click Next.

    5. Review the information on the Import Summary page.

    6. Click Start Import.

    7. On the Import Complete page, click Done.

Copyright © 2010-2024 ForgeRock, all rights reserved.