Before You Install

This chapter covers requirements to consider before you run ForgeRock Identity Management software, especially before you run the software in your production environment.

If you have a special request to support a component or combination not listed here, contact ForgeRock at info@forgerock.com.

Due to the underlying Java platform, IDM software runs well on a variety of processor architectures.

When you install IDM for evaluation with the embedded DS repository, you need 256 MB memory (32-bit) or 1 GB memory (64-bit) available.

You also need 10 GB free disk space for the software and for sample data.

Important

A DS repository (whether embedded or external) requires free disk space of 5% of the filesystem size, plus 1 GB by default. To change this requirement, set the disk-full-threshold in the DS configuration. For more information, see Disk Space Thresholds in the DS Maintenance Guide.

In the case of an embedded DS instance, you can manage the configuration using the dsconfig command in /path/to/openidm/db/openidm/opendj/bin.

In production, disk space and memory requirements will depend on the size of your external repository, as well as the size of the audit and service log files that IDM creates.

The amount of memory that IDM consumes is highly dependent on the data that it holds. Queries that return large data sets will have a significant impact on heap requirements, particularly if they are run in parallel with other large data requests. To avoid out-of-memory errors, analyze your data requirements, set the heap configuration appropriately, and modify access controls to restrict requests on large data sets.

Identity Management 7 software is supported on the following operating systems:

  • Red Hat Enterprise Linux (and CentOS Linux) 7.0 and 8.0

  • Ubuntu Linux 16.04, and 18.04

  • Windows Server 2012 R2, 2016, and 2019

Identity Management software supports the following Java environments:

Supported Java Versions
VendorVersions

OpenJDK, including OpenJDK-based distributions:

  • AdoptOpenJDK/Eclipse Adoptium

  • Amazon Corretto

  • Azul Zulu

  • Red Hat OpenJDK

ForgeRock tests most extensively with AdoptOpenJDK/Eclipse Adoptium.

11

Oracle Java

11

Important

ForgeRock recommends that you keep your Java installation up to date with the latest security fixes.

You must install IDM as a stand-alone service, using the bundled Apache Felix framework and Jetty web application container. Alternate containers are not supported.

IDM bundles Jetty version 9.4.22.

The following repositories are supported for use in production:

  • ForgeRock Directory Services (DS) 7.

    Note

    By default, IDM uses an embedded DS instance for testing purposes. The embedded instance is not supported in production. If you want to use DS as a repository in production, you must set up an external instance.

  • MySQL version 5.6.4, 5.7, and 8.0 with MySQL JDBC Driver Connector/J (at least version 5.1.18).

  • MariaDB version 10.2 and 10.3 with MySQL JDBC Driver Connector/J (at least version 5.1.18).

  • Microsoft SQL Server 2014, 2016, and 2017.

  • Oracle Database 12c, 12c Releases 1 (12.1) and 2 (12.2), 19c.

  • PostgreSQL 9.6, 10.1, 11.6, 12.1, and 12.5.

  • IBM DB2 10.1, 10.5, and 11.

ForgeRock supports repositories in cloud-hosted environments, such as AWS and GKE Cloud, as long as the underlying repository is supported. In other words, the repositories listed above are supported, regardless of how they are hosted.

Note

These repositories might not be supported on all operating system platforms. See the specific repository documentation for more information.

Do not mix and match versions. For example, if you are running Oracle Database 19c, and want to take advantage of the support for Oracle UCP, download driver and companion JARs for Oracle version 19c.

The following table summarizes supported clients and their minimum required versions:

Supported Clients
Client Platform Native Apps [a] Chrome 62+Internet Explorer 11+Edge 25+Firefox 57+Safari 11+Mobile Safari
Windows 8 or later [b]   
Mac OS X 10.11 or later     
Ubuntu 14.04 LTS or later      
iOS 9 or later     
Android 6 or later      

[a] Native Apps is a placeholder to indicate the platform is not limited to browser-based technologies. An example of a native app would be something written to use our REST APIs.

[b] Windows 10 only.


IDM bundles the following connectors:

  • Adobe CM Connector

  • CSV File Connector

  • Database Table Connector

  • Google Apps Connector

  • Groovy Connector Toolkit

    This toolkit lets you create scripted connectors to virtually any resource.

  • Kerberos Connector

    The Kerberos connector that is bundled with IDM 7 is not backward-compatible with IDM 6.x. IDM 7 uses Groovy version 3.0. IDM 6.5 uses version 2.5, and IDM 6 uses version 2.4. The bundled Kerberos connector requires Groovy version 3.0.

  • LDAP Connector

    Using the LDAP connector to provision to Active Directory is supported with Active Directory Domain Controllers, Active Directory Global Catalogues, and Active Directory Lightweight Directory Services (LDS).

  • Marketo Connector

  • MongoDB Connector

  • Salesforce Connector

  • SCIM Connector

  • Scripted REST Connector

    The scripted REST connector that is bundled with IDM 7 is not backward-compatible with IDM 6.x. IDM 7 uses Groovy version 3.0. IDM 6.5 uses version 2.5, and IDM 6 uses version 2.4. The bundled scripted REST connector requires Groovy version 3.0.

  • Scripted SQL Connector

    The scripted SQL connector that is bundled with IDM 7 is not backward-compatible with IDM 6.x. IDM 7 uses Groovy version 3.0. IDM 6.5 uses version 2.5, and IDM 6 uses version 2.4. The bundled scripted SQL connector requires Groovy version 3.0.

  • ServiceNow Connector

  • Scripted SSH Connector

    The scripted SSH connector that is bundled with IDM 7 is not backward-compatible with IDM 6.x. IDM 7 uses Groovy version 3.0. IDM 6.5 uses version 2.5, and IDM 6 uses version 2.4. The bundled scripted SSH connector requires Groovy version 3.0.

You can download a PowerShell Connector Toolkit from the ForgeRock BackStage download site. This Toolkit lets you create scripted connectors to address the requirements of your Microsoft Windows ecosystem.

Additional connectors are available from the ForgeRock BackStage download site.

Windows Server 2012 R2, and 2016 are supported as the remote systems for connectors and password synchronization plugins.

You must use the supported versions of the .NET Connector Server, or the Java Connector Server. The 1.5.x Java Connector Server is backward-compatible with the version 1.1.x connectors. The 1.5.x .NET Connector Server is compatible only with the 1.4.x and 1.5.x connectors. For more information, see "IDM / ICF Compatibility Matrix".

The Java connector server requires Java 11, and is supported on any platform on which Java runs.

The .NET connector server requires the .NET framework (version 4.5 or later) and is supported on Windows Server versions 2012 R2, and 2016.

Important

Although the scripted connector toolkits are supported, connectors that you build with these toolkits are not supported. You can find examples of how to build connectors with these toolkits in the Samples Guide.

The following table lists the connector and connector server versions that are supported across IDM versions. For a list of connectors supported with this IDM release, see Overview. For a list of connector releases associated with this version of IDM, see Connector Release Notes Overview

IDM / ICF Compatibility Matrix
IDM VersionConnector Server VersionJava ConnectorsScripted Groovy Connectors.NET Connectors
4.x1.4.x, 1.5.xJava connectors version 1.1.x - 1.5.x Scripted REST, Scripted CREST, Scripted SQL, SSH, Kerberos connectors up to version 1.5.1.0. PowerShell Connector 1.4.x
5.x1.4.x, 1.5.xJava connectors version 1.1.x - 1.5.x Scripted REST, Scripted CREST, Scripted SQL, SSH, Kerberos connectors up to version 1.5.1.0. PowerShell Connector 1.4.x
6.x1.4.x, 1.5.xJava connectors version 1.1.x - 1.5.x Scripted REST, Scripted CREST, Scripted SQL, SSH, Kerberos connectors up to version 1.5.1.0. PowerShell Connector 1.4.x
7.x1.4.x, 1.5.xJava connectors version 1.1.x - 1.5.x Scripted REST, Scripted SQL, SSH, Kerberos connectors version 1.5.x. PowerShell Connector 1.4.x

The following table lists the supported password synchronization plugins:

Supported Password Synchronization Plugins
PluginSupported Version
DS Password Synchronization Plugin

7.0.1, supported with DS 7.0.x and IDM 7.0.x

6.5.0, supported with DS 6.5.x and IDM 6.5.x

6.0, supported with DS 6.0.x and IDM 6.0.x

5.5.0, supported with DS 5.5.x and IDM 5.5.x

5.0, supported with DS 5.0.x and IDM 5.0.x

3.5, supported with OpenDJ 3.5 and OpenIDM 4.x

DS Password Sync plugins are not supported with DS OEM

Active Directory Password Synchronization Plugin1.4.0, 1.3.0, 1.2.0 and 1.1.0 supported on Windows Server versions 2012 R2, 2016, and 2019

Read a different version of :