Product Q&As
ForgeRock Identity Cloud
ForgeRock Identity Platform

Does the ForgeRock CIAM solution offer hierarchical, multi-brand, and complex organization design?

Last updated Jan 23, 2023

This article provides answers to frequently asked questions on multi-brand and complex organization design when evaluating ForgeRock for Customer Identity and Access Management (CIAM).


How does the solution support unique identity and access management configurations for different hierarchies or lines of business (LOBs)?

The ForgeRock solution allows the creation of organizations and child organizations to manage hierarchies of users and model the existing lines of business. ForgeRock makes no assumption about what an organization represents. For example, in a CIAM context, a child organization could represent a partner, a customer organization, or a specific brand.

Once defined, the organization can be used as an administration limit in both identity management and access management use cases.

How does an administrator set up the solution to support multiple brands or online properties of the same parent organization?

The ForgeRock administrator can define as many themes, organizations and journeys as needed. The default data model allows users to be linked to an organization at any level of the hierarchy, as a member, administrator or owner. In addition, properties can be defined at the organization or user level, and their value computed with custom logic, for example, to implement inheritance.

Multiple brands are supported. ForgeRock can be configured with a single identity per person to be used across all brands or an identity per brand, or a combination of these approaches. Different registration, authentication and self-service flows can be configured for the different brands.

The linking of identities from different systems to create a single version of the identity is a common use case fully supported by ForgeRock. See Does the ForgeRock CIAM solution provide support for a single view of identities? for further information.

If users have more than one social identity provider, they can link them to the same user account, from the self-service UI. By configuring access through more than one social identity provider, users can select and manage the providers they use, while establishing a single consumer identity.

See Also

How do I get the Organization Model in my Identity Cloud environment?

Does the ForgeRock solution support social authentication?

Identity Cloud documentation:

ForgeRock Identity Platform documentation:

Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.