UI Integration Options for Identity Cloud

Overview

When you integrate your applications with your Identity Cloud tenant, you will need to consider how to manage the journey and account pages that your end users will use. There are a number of user interface (UI) options available, and the one you choose will be based on a combination of the following factors:

  • Hosting: Do you want to host your own UI?

  • Application platform: Do you only need to support web applications, or do you also need to support native applications?

  • Theming: How much control do you want over the look and feel of the UI?

  • Journey flow: Do you want to redirect end users to a central UI, or embed a UI into each application?

For a quick take on these factors against each of the UI options, see the summary below.

Journey flows

Centralized journey flows

Centralized journey flows are an increasingly familiar sign-in experience to end users and are considered a security best practice. An example of a centralized journey flow is Google G Suite, where a user is redirected to the same authentication page no matter which application they are trying to access.

Centralized journey flows are possible using all UI options.

Embedded journey flows

Embedded journey flows offer a more traditional sign-in experience, as end users are not redirected outside an application. However, embedded journey flows are not considered a security best practice, as individual applications then have access to both the user’s credentials and to the authorization grant.

Embedded journey flows are not recommended, but are possible using the self-hosted Login UI or SDKs.

UI options

Identity Cloud hosted pages

This is the easiest option, as your Identity Cloud tenant already provides hosted pages that allow you to manage:

  • End user journey pages, such as login, registration, and password reset

  • End user account pages, such as user profile and delegated administration

The UI layout is fixed, but can be themed per realm. You can add company logos and change button, link, and background colors. The UI supports web applications but not native applications.

This option is useful if you have limited theming needs or want to quickly try new registration or authentication flows without integrating them into an application.

This option only lets you use centralized journey flows in your applications, as embedded journey flows are not supported. Additionally, this is the only option that supports SAML journey flows that use Identity Cloud as the IDP.

Self-hosted ForgeRock Login UI and ForgeRock End User UI

For background information on the ForgeRock Login UI (Login UI) and ForgeRock End User UI (End User UI), see https://backstage.forgerock.com/docs/platform/7.1/platform-setup-guide/#platform-ui.

In this option, you self-host one or both of the Login UI and End User UI, and configure them to use your Identity Cloud tenant.

This option offers flexibility if you want to customize the layout of the UIs or customize the theming beyond what is provided by the default hosted pages. The UIs support web applications but not native applications.

This option also lets you use both centralized and embedded journey flows in your applications.

ForgeRock SDKs

For background information on ForgeRock SDKs (SDKs), see https://sdks.forgerock.com/getting-started/using-sdks/.

In this option, you use the SDKs to develop your own custom UI for web, Android, or iOS applications. You then integrate it with your Identity Cloud tenant using the REST API.

Each SDK provides an out-of-the-box UI module (FRUI) that allows you to prototype your custom UI. However, it is only provided as a starting point and is not intended for production use.

This option offers maximum flexibility if you want to customize the behavior, layout, and theming of the UI, or want to support Android and iOS applications. However, it requires a higher level of technical skill than the other options.

It also lets you use both centralized and embedded journey flows in your applications.

Summary

UI Application Platform Theming Journey Flows Notes

Identity Cloud hosted pages

Web

Limited

Centralized

  • Default UI for your Identity Cloud tenant

  • Allows rapid journey prototyping

Self-hosted Login UI
Self-hosted End User UI

Web

No limitation

Centralized or embedded

  • Choice of self-hosting one or both of the UIs

SDKs

Web, Android, iOS

No limitation

Centralized or embedded

  • Higher level of technical skill required