Product Q&As
ForgeRock Identity Platform
ForgeRock Identity Cloud

What certifications has ForgeRock achieved?

Last updated Feb 18, 2022

The purpose of this article is to provide information on the external certifications achieved by ForgeRock for our products and services.


Overview

ForgeRock's external certifications provide independent assurance that our products and services are aligned with industry standards.

ForgeRock is SAML 2.0 certified in accordance with the Kantara Initiative. We have been OpenID Connect (OIDC) conformant since 2015 and Open Banking security conformant since March 2018. We are certified as a Financial-grade API (FAPI 1.0) OpenID Provider, a FAPI-CIBA OpenID Provider, and an OpenID Provider for Basic OP, Implicit OP, Hybrid OP, Config OP, Dynamic OP, and Form Post OP.

ForgeRock has achieved ISO 27001 certification for the development and operation of cloud and on-premises products and services across all of our major locations. We recently achieved a SOC 2 Type 2 certification and report for ForgeRock Identity Cloud, and have Cloud Security Alliance (CSA) Star Level 2 attestation and certification. We also have independent attestations of compliance with Health Insurance Portability and Accountability Act (HIPAA) security and Health Information Technology for Economic and Clinical Health (HITECH) breach notification rule.

ForgeRock product certifications

SAML 2.0 

ForgeRock Access Management is SAML 2.0 certified in accordance with the certification for the Kantara Initiative. See Kantara Initiative Interoperable SAML 2.0 Products and Services for further details.

OpenID Provider

The ForgeRock Identity Platform is a certified OpenID Provider for Basic OP, Implicit OP, Hybrid OP, Config OP, Dynamic OP, and Form Post OP. See OpenID Providers for further details.

FAPI OpenID Provider

The ForgeRock Identity Platform is certified as a Financial-grade API (FAPI 1.0) OpenID Provider. See FAPI OpenID Providers for further details.

FAPI-CIBA OpenID Provider

The ForgeRock Identity Platform is certified as a Certified Financial-grade API Client Initiated Backchannel Authentication Profile (FAPI-CIBA) OpenID Provider. See FAPI-CIBA OpenID Providers for further details.

Microsoft® Azure® Active Directory Federation

ForgeRock Access Management achieved certification as a Microsoft Azure Active Directory federation partner. See Azure AD federation compatibility list for further details.

Compliance

ISO 27001

ForgeRock has achieved ISO 27001 certification for the development and operation of ForgeRock Identity Platform and ForgeRock Identity Cloud products and services across all of our major locations. The supporting technology includes ForgeRock software and cloud development, HR and IT processes, and the BackStage platform that consists of a knowledge base, support portal, access and storage solutions and ticket management.

Our ISO 27001 certificate can be found in the Shellman ISO Certificate Directory.

SOC 2 Type 2

ForgeRock successfully completed the AICPA-certified Service Organization Control (SOC) 2 Type 2 audit. The audit report confirms the Trust Services criteria relevant to the security, availability and confidentiality for ForgeRock Identity Cloud. Our adherence to these standards will be externally validated annually.

Customers and prospects can request access to the audit report here. 

CSA Star Level 2 external audit and self-attestation

ForgeRock has completed an external audit to validate that we meet the criteria required for the Cloud Security Alliance (CSA) Star Level 2 attestation for ForgeRock Identity Cloud. In addition, we have completed a Consensus Assessment Initiative Questionnaire (CAIQ), which is an industry-accepted way to document what security controls exist in cloud services, providing security control transparency. 

Both the CSA Star Level 2 attestation and the CSA CAIQ Questionnaire v3.1 can be viewed in the CSA STAR Registry.

HIPAA and HITECH

ForgeRock Identity Cloud has achieved an independent attestation compliance report for Health Insurance Portability and Accountability Act (HIPAA) security and Health Information Technology for Economic and Clinical Health (HITECH) breach notification rule.

See Also

Security as a Company Value

Is the ForgeRock Identity Platform FIPS 140-2 compliant?

How can ForgeRock assist with the digital identity guidelines described in NIST SP 800-63 (revision 3)?


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.