Choose how users authenticate
The ForgeRock SDKs simplify the integration between your app and the ForgeRock® Identity Platform. The SDKs provide secure, best practice features for important aspects such as session management and handling tokens.
Before you start using the ForgeRock SDKs, you must decide how your users will authenticate.
You can implement user authentication in two ways:
-
Embedded login authentication
-
Centralized login authentication
| Item | Embedded login | Centralized login |
|---|---|---|
User experience consistency |
Allows you to create a custom user experience for each application or site. |
Allows you to create a consistent user experience for each application or site. |
User experience customization |
Lets you create a custom authentication experience for each app. |
Hard to customize the authentication experience for each app or site. |
User redirection for authentication |
Does not require redirection of user for login. User can authenticate directly within the native experience. |
Impacts the consistency of the user experience—redirecting users out of the native experience and to a browser for login. |
Access to user credentials |
Allows an app to access and collect user credentials. This can create security risks if the app is controlled by a third party. |
Applications do not access user credentials. |
Support for browser single sign-on |
Does not support browser-based single sign-on across your apps. |
Enables seamless browser-based single sign-on across your apps. |
Frequency of application deployment |
May require you to rebuild or redeploy apps after updating the app UX. |
Should not require you to rebuild or redeploy apps. |
Development effort |
Requires you to create a UI login page for each app or site. This can result in extra work and may increase the risk of inconsistencies between apps and sites. |
Does not require a unique UI login page for each app or site. This can reduce the amount of development and maintenance work. |