Monitor your tenant

Identity Cloud lets you monitor uptime status and system performance.

Identity Cloud also provides APIs for extracting log data. For more information, refer to View audit and debug logs.

Monitor uptime status

Tenant status page

Use your tenant status page to monitor uptime and historical trends for your production and staging tenant environments.

Production environment

For the production environment, the tenant status page shows individual statuses for these services:

Access Management
Identity Management
End User UI
Login UI
Registration UI
Administrator UI
Logs

Staging environment

For the staging environment, the tenant status page combines the individual service statuses into a single status.

Access your tenant status page

Identify your tenant domain name by removing the protocol and any trailing slash from your tenant FQDN.

Example: openam-mycompany-mytenant-usw1.id.forgerock.io
Obtain your tenant status page URL by appending your tenant domain name to the Identity Cloud status page URL, https://status.id.forgerock.io.

Example: https://status.id.forgerock.io/openam-mycompany-mytenant-usw1.id.forgerock.io
Open your tenant status page URL in a browser.
On the sign-in page, enter the credentials you received when you registered with Identity Cloud.

If you don’t have access to this page, submit a ForgeRock Support ticket.
Click Authenticate.

Your tenant status page displays, showing real-time status information for your staging and production tenant environments:

View incident reports in your production tenant environment

Filter your status page to show service incidents in your production tenant environment:

Click View historical uptime.
Select the Incidents tab.
For the production environment, click Filter Components, then select one or more Identity Cloud services.
Click Filter Components again to view the incident reports.

Add more tenant administrators to the tenant status page

If monitoring Identity Cloud uptime status is part of a tenant administrator’s role, submit a ForgeRock Support ticket to request that the administrator receive access to the tenant status page.

You can request access on behalf of one or more tenant administrators, including yourself.
In the request, provide the email address of each tenant administrator you want to have status page access.

Monitor system performance

Monitor using health check endpoint

Use the HTTP response codes from the /monitoring/health endpoint to integrate your tenant environment with external monitoring tools such as Pingdom.

$ curl 'https://<tenant-env-fqdn>/monitoring/health'

This endpoint returns the following HTTP response status codes:

200: Indicates all critical services in an environment are healthy. This status code also shows the informational message OK.
503: Indicates one or more critical services in an environment are not healthy. This status code also shows the informational message Service Unavailable.

Monitor using Prometheus endpoints

Identity Cloud provides monitoring endpoints you can use with Prometheus.

Endpoint Purpose

Endpoint	Purpose
`/monitoring/prometheus/am`	Produces Prometheus-formatted metrics for Access Management
`/monitoring/prometheus/idm`	Produces Prometheus-formatted metrics for Identity Management

/monitoring/prometheus/am

Produces Prometheus-formatted metrics for Access Management

/monitoring/prometheus/idm

Produces Prometheus-formatted metrics for Identity Management

You must obtain API credentials to authenticate to these endpoints. Refer to Obtaining API Credentials.

You can download and run a Docker-based example of a Grafana dashboard. The demo requires that you have Docker Desktop installed, and requires macOS.

To try the demo:

Download and extract the ForgeRock Identity Cloud Monitoring Demo ZIP file.
Edit the setup_monitoring_config.sh file:
1. In the TENANT_DOMAIN variable, enter the domain name of your tenant.
  
  Do not include the protocol, and do not add a trailing slash.
  
  For example:
  TENANT_DOMAIN="openam-mycompany-mytenant-usw1.id.forgerock.io"
2. In the API_KEY_ID and API_KEY_SECRET variables, enter the API credentials you obtained earlier.
  
  For example:
  API_KEY_ID="b977d5724ef...562e4c57" API_KEY_SECRET="d3628be865ce152f49...870e5fd3506c4"
3. Save your changes.
Run the setup_monitoring_config.sh script.

The Shell script will set up the following config files:

Config File Description

prometheus/prometheus.yml

The script populates the tenant domain and API credentials.

docker/docker-compose.yml

The script populates the working directory path.
Run the following Docker command:
```
docker-compose -f docker/docker-compose.yml up
```
The command downloads a Prometheus Docker image and configures it for your tenant. It also downloads a Grafana Docker image, and configures it to use the Prometheus image as a data source.
When the command output for the "grafana_1" container displays a message that contains "HTTP Server Listen", open http://localhost:3000 in a web browser.
Log in with username admin, password admin.
Enter a new password to use for the administrator, or click Skip.
On the Grafana Home page, select Dashboards in the left-side hamburger menu.

The Dashboards page appears.
Select AM Overview to view the AM overview dashboard:
Select IDM Sample Dashboard to view the IDM sample dashboard.
Go to http://localhost:9090 to view the Prometheus dashboard.