Identity Cloud guide
ForgeRock® Identity Platform serves as the basis for our simple and comprehensive Identity and Access Management solution. We help our customers deepen their relationships with their customers, and improve the productivity and connectivity of their employees and partners. For more information about ForgeRock and about the platform, see https://www.forgerock.com.
This guide is for ForgeRock Identity Cloud evaluators, administrators, and architects. It provides examples of how to integrate your business application and APIs with Identity Cloud for Single Sign-On and API Security, with ForgeRock Identity Gateway.
Example installation for this guide
Unless otherwise stated, the examples in this guide assume the following installation:
-
Identity Gateway installed on
http://ig.example.com:8080
, as described in Download and start IG. -
Sample application installed on
http://app.example.com:8081
, as described in Using the sample application. -
The ForgeRock Identity Cloud, with the default configuration, as described in the ForgeRock Identity Cloud Docs.
When you are using the ForgeRock Identity Cloud, you need to know the value of the following properties:
-
The root URL of your ForgeRock Identity Cloud. For example,
https://myTenant.forgeblocks.com
.The URL of the Access Management component of the ForgeRock Identity Cloud is the root URL of your Identity Cloud followed by
/am
. For example,https://myTenant.forgeblocks.com/am
. -
The realm where you work. The examples in this document use
alpha
.Prefix each realm in the hierarchy with the
realms
keyword. For example,/realms/root/realms/alpha
.
If you use a different configuration, substitute in the procedures accordingly.
Set up an IG agent in Identity Cloud
This procedure sets up an agent that acts on behalf of IG. After the agent is authenticated, the token can be used to get the user profile, evaluate policies, and connect to the AM notification endpoint.
-
Log in to the Identity Cloud admin UI as an administrator.
-
Click verified_user Gateways & Agents > New Gateway/Agent > Identity Gateway > Next, and add an agent profile:
-
ID: agent-name
-
Password: agent-password
Use secure passwords in a production environment. Consider using a password manager to generate secure passwords.
-
-
Click Save Profile > Done. The agent profile page is displayed.
-
To add a redirect URL for CDSSO, go to the agent profile page and add the URL.
-
To change the introspection scope, click open_in_new Native Consoles > Access Management, and update the agent in the AM admin UI. By default, the agent can introspect OAuth 2.0 tokens issued to any client, in the realm and subrealm where it is created.
Set up a demo user in Identity Cloud
This procedure sets up a demo user in the alpha realm.
-
Log in to the Identity Cloud admin UI as an administrator.
-
Go to group Identities > Manage > settings_system_daydream Alpha realm - Users, and add a user with the following values:
-
Username:
demo
-
First name:
demo
-
Last name:
user
-
Email Address:
demo@example.com
-
Password:
Ch4ng3!t
-