How To
ForgeRock Identity Cloud

How do I get the Organization Model in my Identity Cloud environment?

Last updated Jun 23, 2021

The purpose of this article is to provide assistance to Identity Cloud customers who have older tenant environments that were created before the organization model was available, and so are missing the default configuration in their customized model.

Background information

Some Identity Cloud customers pre-date the default configuration required in order to use the new Organization Model feature.

We are providing a tool for customers to be able to add in the configuration as part of their development lifecycle.


In order to use the tool, you will need to:

  • Install python3 (if not already installed)
    • If you are using macOS, you will need to install SSL certificates by running: Applications > Python <version> > Install Certificates.command
  • Download the add_org_model.pex (417 kB) bundle.
  • Pause any continuous integration tooling you have in place that would otherwise update the managed object definitions.

Once the prerequisites have been completed, follow the appropriate set of steps.

Adding the organization model to a customer's development environment


You cannot use this tool to add the organization model configuration to staging or production environments. To add them to those environments, first add them to your development environment, then request promotions to have the configuration moved to the downstream environments.

See also: Understanding Identity Cloud environments and promotion process

  1. Work out the environment name for the development environment:If the environment is at, the environment name would be acme-usw-dev
  2. Run the tool in a terminal, substituting with your environment name:python3 add_org_model.pex acme-usw-dev
  3. You will be prompted to authenticate using a URL that is displayed in the terminal:
    1. Copy the URL to your browser (or if your terminal supports it, ctrl-click to open it).
    2. Sign in using your ID Cloud platform admin credentials.
    3. Approve consent for the IDC.CLI client (the suffix will be unique to your tenant name):
  1. Once authentication has completed the browser will direct you back to the terminal:
  1. The terminal should show the outcome of the process. If you had a continuous integration process that you disabled previously, you should now update your external copy of the managed object configuration before then resuming the CI process by fetching the full content from the managed objects configuration REST API endpoint: https://<domain>/openidm/config/managed

Adding the organization model to a demo or sandbox environment

  1. Work out the environment name for the environment:If the environment is at, the environment name would be acme-sandbox.
  2. Run the tool in a terminal, substituting with your environment python3 add_org_model.pex acme-sandbox
  3. Continue from step 3 in the instructions above.

See Also

Object Modeling Guide › Managed Organizations

Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.