User self-service overview
User self-service lets users create and manage their own accounts, while you control the available features. You manage features and user journeys through the Identity Platform admin UI. Because this service uses both AM and IDM to work, it requires the platform to function.
It is possible to configure authentication journeys through the AM admin UI, where they are called trees; however, this documentation uses the Identity Platform admin UI:
|
Before continuing, make sure you have successfully configured the platform. There are several methods you can use to set up the platform:
-
Configure and set up the platform using Kubernetes.
For more information about setting up the ForgeRock Identity Platform with Kubernetes, refer to the ForgeOps documentation.
-
Alternatively, manually configure the platform integration between AM and IDM.
For details, refer to the platform setup pages.
This documentation references sample authentication trees that demonstrate various features of self-service.
Depending on your configuration method, these trees may already be included.
If they aren’t already present, or you deleted the trees and want to re-create them,
find the sample trees in sample-trees-7.3.0.zip
included with AM.
For more information about adding these trees to the platform,
refer to Configure authentication trees.
This documentation focuses on the platform implementation of user self-service. ForgeRock recommends this implementation for new deployments. To use the IDM-specific or AM-specific implementations, refer to the instructions in the IDM self-service reference and the AM user self-service documentation. |
Nodes for self-service journeys
Self-service nodes
The following nodes are designed for self-service journeys, although you can use them in any journey.
Incompatible nodes
Since user self-service is built using authentication journeys, nearly any authentication node can be used in your self-service flow. The following nodes are not compatible with platform-based self-service, however:
OAuth 2.0 node |
Social Facebook node |
Social Google node |
Social Ignore Profile node |
OpenID Connect node |
Provision IDM Account node |
Create Password node |
Password Collector node |
Username Collector node |
If you are using a third-party node from the ForgeRock Marketplace, check with the developer for compatibility.
Sample journeys include the following:
- Registration
-
The sample Registration journey describes a basic registration flow, where ForgeRock Identity Platform prompts the user to provide several profile attributes, then attempts to create the user and log the user in. You can find this journey in AM samples in
root/AuthTree/PlatformRegistration.json
. For details, refer to User self-registration. For more information about configuring registration to include social identity providers, refer to Social authentication. - Login
-
The sample Login journey describes a basic login flow, where the user is prompted to provide a username and password, then passed to a progressive profile journey before being logged in. You can find this journey in AM samples in
root/AuthTree/PlatformLogin.json
. For details, refer to Login with self-service. For more information about including social identity providers in a login journey, refer to Social authentication. - Progressive Profiles
-
The sample Progressive Profile journey is called by the Login journey sample. It checks the login count to check whether further action is needed. If no action is required, it returns to the Login journey to complete logging in. If the specified number of logins is reached, it instead checks whether user preferences have been set, and if not, prompts the user to set those preferences. It then returns to the Login journey to finish logging in. You can find this journey in AM samples in
root/AuthTree/PlatformProgressiveProfile.json
. For more information about using progressive profiling, refer to Progressive profile. - Password Reset
-
The Password Reset sample journey provides a method for users to reset their password by providing their email and answering some security questions. If the questions are answered correctly, the user is emailed a password reset link, which they must click to proceed. They are then presented with a password prompt to enter a new password. You can find this journey in AM samples in
root/AuthTree/PlatformResetPassword.json
. For more information, refer to Password reset. - Forgotten Username
-
The Forgotten Username sample journey gives users a method to recover their username by entering an email address. If the email address is associated with a user account, the account’s username will be emailed to the user. The email includes a link to log in, which will take the user through the Login journey. You can find this journey in AM samples in
root/AuthTree/PlatformForgottenUsername.json
. For more information, refer to Username recovery. - Update Password
-
The Update Password sample journey lets users change their passwords. The journey assumes that the user has already logged in successfully. It checks the user’s session data and, if the session is valid, prompts the user to update their password. You can find this journey in AM samples in
root/AuthTree/PlatformUpdatePassword.json
. For more information, refer to Password updates.