ForgeRock applies contextual identity, fine-grained authentication, adaptive risk and multi-factor authentication (MFA) at the time of authentication as well as at any point during a digital session. Our continuous security approach ensures the authenticity of people, things and services at all times and can mitigate risk whenever an anomaly is detected.
Contextual authorization is implemented through Intelligent Access journeys and, in certain cases, associated client-side scripting or SDKs, and authorization policies. With Intelligent Access, signals such as context (for example, IP address, operating system, browser, device, time of day), behavior (for example, 'does the user log in at a particular hour', or 'is the location familiar'), and risk-based factors (such as 'is the user accessing sensitive data') can be considered. If an environmental or context attribute changes (for example, the user’s IP address), reauthentication or a stronger credential can be requested.
Authorization policies define the rules upon which authorization decisions are made. Since policy decisions are made at the time of access rather than user authentication, contextual authorization enables continuous real-time authorization decisions based on live data. Predefined objects and methods are available to access the user's profile and session data, together with helper functions allowing access to external resources such as web services and REST services. Additionally, authorization policy scripts can be used to define more complex policy decisions locally or call out to external services for additional information upon which to make a decision.
Identity Cloud documentation:
Identity Platform documentation: