UI integration options for Identity Cloud
Overview
When you integrate your applications with your Identity Cloud tenant, you will need to consider how to manage the journey and account pages that your end users will use. There are a number of user interface (UI) options available, and the one you choose will be based on a combination of the following factors:
-
Hosting: Do you want to host your own UI?
-
Application platform: Do you only need to support web applications, or do you also need to support native applications?
-
Theming: How much control do you want over the look and feel of the UI?
-
Journey flow: Do you want to redirect end users to a central UI, or embed a UI into each application?
For a quick take on these factors against each of the UI options, refer to the summary below.
Journey flows
Centralized journey flows
Centralized journey flows are an increasingly familiar sign-in experience to end users and are considered a security best practice. An example of a centralized journey flow is Google G Suite, where a user is redirected to the same authentication page no matter which application they are trying to access.
Centralized journey flows are possible using all UI options.
Embedded journey flows
Embedded journey flows offer a more traditional sign-in experience, as end users are not redirected outside an application. However, embedded journey flows are not considered a security best practice, as individual applications then have access to both the user’s credentials and to the authorization grant.
Embedded journey flows are not recommended, but are possible using the self-hosted Login UI or SDKs.
UI options
Identity Cloud hosted pages
This is the easiest option, as your Identity Cloud tenant already provides hosted pages that allow you to manage:
-
End user journey pages, such as login, registration, and password reset
-
End user account pages, such as user profile and delegated administration
The UI layout is fixed, but can be themed per realm. You can add company logos and change button, link, and background colors. The UI supports web applications but not native applications.
This option is useful if you have limited theming needs or want to quickly try new registration or authentication flows without integrating them into an application.
This option only lets you use centralized journey flows in your applications. Additionally, this is the only option that supports SAML journey flows that use Identity Cloud as the IDP.
ForgeRock does not support the use of Identity Cloud hosted pages in embedded journey flows. Specifically, embedding hosted pages in HTML frames is not supported. |
ForgeRock Identity Platform end-user and login UIs (self-hosted)
In this option, you self-host the end-user UIs, the login UIs, or both, and configure them to use your Identity Cloud tenant.
This option offers flexibility if you want to customize the layout of the UIs or customize the theming beyond what the default hosted pages provide. The UIs support web applications but not native applications.
This option also lets you use both centralized and embedded journey flows in your applications.
For background information about the platform end-user and login UIs, refer to Platform UIs.
ForgeRock SDKs
For background information about ForgeRock SDKs (SDKs), see https://sdks.forgerock.com/getting-started/using-sdks/.
In this option, you use the SDKs to develop your own custom UI for web, Android, or iOS applications. You then integrate it with your Identity Cloud tenant using the REST API.
Each SDK provides an out-of-the-box UI module that allows you to prototype your custom UI. However, it is only provided as a starting point and is not intended for production use.
This option offers maximum flexibility if you want to customize the behavior, layout, and theming of the UI, or want to support Android and iOS applications. However, it requires a higher level of technical skill than the other options.
It also lets you use both centralized and embedded journey flows in your applications.
Summary
UI | App Platform | Theming | Journey Flows | Notes |
---|---|---|---|---|
Identity Cloud hosted pages |
Web |
Limited |
Centralized |
|
Platform end-user and login UIs |
Web |
No limitation |
Centralized or embedded |
|
SDKs |
Web, Android, iOS |
No limitation |
Centralized or embedded |
|