Monitor your tenant
Identity Cloud lets you monitor uptime status and system performance.
Identity Cloud also provides APIs for extracting log data. For more information, refer to View audit and debug logs. |
Monitor uptime status
Tenant status page
Use your tenant status page to monitor uptime and historical trends for your production and staging tenant environments.
- Production environment
-
For the production environment, the tenant status page shows individual statuses for these services:
-
Access Management
-
Identity Management
-
End User UI
-
Login UI
-
Registration UI
-
Administrator UI
-
Logs
-
- Staging environment
-
For the staging environment, the tenant status page combines the individual service statuses into a single status.
Access your tenant status page
-
Identify your tenant domain name by removing the protocol and any trailing slash from your tenant FQDN.
Example:
openam-mycompany-mytenant-usw1.id.forgerock.io
-
Obtain your tenant status page URL by appending your tenant domain name to the Identity Cloud status page URL, https://status.id.forgerock.io.
Example: https://status.id.forgerock.io/openam-mycompany-mytenant-usw1.id.forgerock.io
-
Open your tenant status page URL in a browser.
-
On the sign-in page, enter the credentials you received when you registered with Identity Cloud.
If you don’t have access to this page, submit a ForgeRock Support ticket.
-
Click Authenticate.
Your tenant status page displays, showing real-time status information for your staging and production tenant environments:
View incident reports in your production tenant environment
Filter your status page to show service incidents in your production tenant environment:
-
Click View historical uptime.
-
Select the Incidents tab.
-
For the production environment, click Filter Components, then select one or more Identity Cloud services.
-
Click Filter Components again to view the incident reports.
Add more tenant administrators to the tenant status page
If monitoring Identity Cloud uptime status is part of a tenant administrator’s role, submit a ForgeRock Support ticket to request that the administrator receive access to the tenant status page.
-
You can request access on behalf of one or more tenant administrators, including yourself.
-
In the request, provide the email address of each tenant administrator you want to have status page access.
Monitor system performance
Monitor using health check endpoint
Use the HTTP response codes from the /monitoring/health
endpoint to integrate your tenant
environment with external monitoring tools such as Pingdom.
$ curl 'https://<tenant-env-fqdn>/monitoring/health'
This endpoint returns the following HTTP response status codes:
- 200
-
Indicates all critical services in an environment are healthy. This status code also shows the informational message
OK
. - 503
-
Indicates one or more critical services in an environment are not healthy. This status code also shows the informational message
Service Unavailable
.
Monitor using Prometheus endpoints
Identity Cloud provides monitoring endpoints you can use with Prometheus.
Endpoint | Purpose |
---|---|
|
Produces Prometheus-formatted metrics for Access Management |
|
Produces Prometheus-formatted metrics for Identity Management |
You must obtain API credentials to authenticate to these endpoints. Refer to Obtaining API Credentials.
You can download and run a Docker-based example of a Grafana dashboard. The demo requires that you have Docker Desktop installed, and requires macOS.
To try the demo:
-
Download and extract the ForgeRock Identity Cloud Monitoring Demo ZIP file.
-
Edit the
setup_monitoring_config.sh
file:-
In the
TENANT_DOMAIN
variable, enter the domain name of your tenant.Do not include the protocol, and do not add a trailing slash.
For example:
TENANT_DOMAIN="openam-mycompany-mytenant-usw1.id.forgerock.io"
-
In the
API_KEY_ID
andAPI_KEY_SECRET
variables, enter the API credentials you obtained earlier.For example:
API_KEY_ID="b977d5724ef...562e4c57" API_KEY_SECRET="d3628be865ce152f49...870e5fd3506c4"
-
Save your changes.
-
-
Run the
setup_monitoring_config.sh
script.The Shell script will set up the following config files:
Config File Description prometheus/prometheus.yml
The script populates the tenant domain and API credentials.
docker/docker-compose.yml
The script populates the working directory path.
-
Run the following Docker command:
docker-compose -f docker/docker-compose.yml up
The command downloads a Prometheus Docker image and configures it for your tenant. It also downloads a Grafana Docker image, and configures it to use the Prometheus image as a data source.
-
When the command output for the "grafana_1" container displays a message that contains "HTTP Server Listen", open http://localhost:3000 in a web browser.
-
Log in with username
admin
, passwordadmin
. -
Enter a new password to use for the administrator, or click Skip.
-
On the Grafana Home page, select Dashboards in the left-side hamburger menu.
The Dashboards page appears.
-
Select AM Overview to view the AM overview dashboard:
-
Select IDM Sample Dashboard to view the IDM sample dashboard.
-
Go to http://localhost:9090 to view the Prometheus dashboard.