Do ForgeRock products work with Microsoft Azure?

Overview

Microsoft Azure provides over 200 products and cloud services to help you find the right solution to an extensive array of use cases.

This article looks at four key Azure services that ForgeRock is commonly asked about:

• Azure Active Directory (Azure AD)
• Azure Kubernetes Service (AKS)
• Azure Load Balancer
• Azure Firewall

Azure Active Directory (Azure AD)

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service that lets users sign in and access resources. See Azure Active Directory (Azure AD) for further information.

You can synchronize IDM managed users and Azure AD users if required, or implement SSO.

See the following resources for further information:

• Synchronize data between IDM and Azure Active Directory
• How do I configure AM (All versions) as an Identity Provider for Microsoft Office 365 and Azure using WS-Federation?
• How do I integrate Microsoft Azure AD with Autonomous Identity for SSO?

ForgeRock also provides an Intelligent Access node on Marketplace that allows you to query the riskyUser resource type in Azure AD via the Microsoft Graph. See Azure Active Directory - User Posture for further details.

Azure Kubernetes Service (AKS)

AKS is a hosted Kubernetes service that allows you to quickly and simply deploy a managed Kubernetes cluster in Azure. See Azure Kubernetes Service for further information.

ForgeOps (ForgeRock DevOps) enables you to deploy the ForgeRock Identity Platform in a Kubernetes containerized environment, including AKS.

See the following resources for further information:

• ForgeOps Start here
• Cloud Deployment Model Documentation
• AKS setup checklist

Azure Load Balancer

Azure load balancer is a service that evenly distributes incoming traffic to ensure high performance and low latency. See Azure Load Balancer for further information.

Azure offers three SKUs within the load balancer service (Basic, Standard and Gateway) to ensure you can choose the most appropriate offering for your use case: SKU comparison.

See the following resources for further information:

• Load balancing (AM)
• On load balancers (DS)
• Proxy Protocol (DS)
• IDM in a cluster
• Prepare for load balancing and failover (IG)
• Configure load balancers and reverse proxies (Web Agents)
• Configure load balancers and reverse proxies (Java Agents)

Azure Firewall

Azure offers both a Firewall and a Web Application Firewall (WAF) for you to choose which is the most appropriate for your deployment. Both of these firewalls are cloud-based services and protect either your Azure Virtual Network resources or your web applications, including ForgeRock products. See Azure Firewall and Azure Web Application Firewall for further information.

One consideration when configuring a firewall or WAF is that you don't block legitimate traffic, which can cause web applications to fail. For example, blocking AM traffic will cause authentication flows to fail. Additionally, if you utilize the managed rule sets provided by Azure for their WAF, it is important to check nothing is broken after a managed rule is updated. Although managed rule sets provide rapid protection when new issues emerge, you may also find previously working web applications fail after an update. 

See Also

What is Azure?

Secure Your Enterprise with ForgeRock and Microsoft

Cloud Storage (DS)