Identity Cloud

Realm settings


Realms let you manage different sets of identities and applications within the same Identity Cloud tenant. Each realm is fully self-contained and operates independently of other realms within a tenant.

The identities and applications in one realm cannot by default access those in another realm. However, you can grant conditional access across realms.

A typical example of realm management is when a company divides its identities into two realms: one for employees, and one for customers, each with a distinct set of identities and registered applications. The realms provide the means to keep customers from accessing employee information, while allowing employees conditional access to customer information.

Manage realm settings

  1. In the Identity Cloud admin UI (upper left), open the Realm menu.


  2. Go to Realm Settings > Details.

  3. On the Details page:

    • The Status bar indicates whether the realm is Active or Inactive.

    • To take the realm out of service, click Deactivate.
      When a realm is deactivated, users and devices contained in the realm will not be able to access its applications. Identity and app information is still registered to your identity platform.

    • Name: The realm name is non-configurable.

    • (Optional) DNS Aliases: Alternative display names for the realm’s URL.

    • Use Client-based Sessions: Enable this option to allow signing and encryption of the JWT in the global session service.

When you’re satisfied with your changes, click Save.

Override realm authentication attributes

This is useful when you want to adjust the core authentication properties that apply to a realm. For example, you might want to extend the time limit for responding to an authentication verification email. Use the AM admin UI to make this kind of change.

  1. In the Identity Cloud admin UI, click Native Consoles > Access Management.

  2. In the AM admin UI, go to Authentication > Settings.

core auth attributes

For detailed property information, see Core Authentication Attributes.

Delete a realm

  1. In the Identity Cloud admin UI, open the Realm menu (upper left).

  2. Go to Realm Settings > Details.

  3. On the Realm Details page, click Delete Realm.

Once you delete a realm, the realm cannot be restored.

Switch realms

Switch realms when you want to access identities or applications registered to a realm other than the current realm.

  1. In the Identity Cloud admin UI, open the Realm menu (upper left).

  2. Click Switch realm.

  3. In the Switch Realm dialog box, click Switch.

Copyright © 2010-2022 ForgeRock, all rights reserved.