Product Q&As
ForgeRock Identity Cloud
ForgeRock Identity Platform

What open standards does ForgeRock support?

Last updated Jan 23, 2023

ForgeRock supports both basic and advanced open standards, including OAuth 2.0, OpenID Connect (OIDC), SAML 2.0, User-Managed Access (UMA) 2.0, OAuth 2.0 Device Flow and Proof-of-Possession, Client-Initiated Backchannel Authentication (CIBA), FIDO2, and Web Authentication (WebAuthn).


The ForgeRock platform comprises a number of standards-based components, built on a common framework using best-in-class open technologies. ForgeRock contributes to many of these standards to ensure they continue to develop and retain relevancy as technology and requirements evolve.

ForgeRock supports all major federation, authorization and provisioning standards, including:

In addition to these, ForgeRock supports advanced OAuth 2.0 standards including OAuth 2.0 Device Authorization Grant and Proof-of-Possession. Its implementation of Client Initiated Backchannel Authentication (CIBA) works as an alternative to OAuth redirect flows and aims to solve the problems OAuth redirect flows raise.

ForgeRock also supports FIDO2 and WebAuthn,​​​​​​ a W3C standard based on FIDO2 protocols for strongly authenticating users. 


UMA is not currently available in Identity Cloud deployments.

ForgeRock's dedication to open standards

ForgeRock sees open standards as vital to ensuring compatibility and interoperability with external systems, guarding against obsolescence, providing choice, and avoiding vendor lock-in. 

Examples of ForgeRock's dedication to open standards include (but are not limited to) the following: 

  • OpenID Connect (OIDC): ForgeRock is one of the pioneers in OIDC, releasing one of the first officially supported implementations of the open standard while providing ongoing enhancements, security updates and code contributions to ensure the standard is secure and continuing to meet evolving requirements.
  • User-Managed Access (UMA): ForgeRock was pivotal in creating the UMA specification, having staff members of the Kantara board, technical staff developing the spec and our support staff providing fixes and ongoing support for users of the protocol.
  • Identity Connector Framework (ICF): Based on the OpenICF Framework, ICF provides a consistent layer of integration between the ForgeRock platform and target resources and applications enabling comprehensive provisioning, reconciliation, and bi-directional synchronization that supports the various stages in the identity lifecycle.
  • REST: The ForgeRock platform is entirely accessible via a common REST API. This provides an easily accessible, developer-friendly platform, enabling the implementation of applications and systems all based on the REST open standard.
  • Open Banking: ForgeRock was part of a select group of identity vendors invited to participate in the UK's Open Banking working group and actively contributed to their decision to define an OIDC-based solution. In addition, ForgeRock was selected by the UK Open Banking Implementation Entity (OBIE) to provide a Reference Bank Application used by leading banks and third parties to build their own applications in accordance with Open Banking standards. 

See Also

ForgeRock Open Standards

What federation standards does AM support?

Identity Cloud documentation:

Identity Platform documentation:

Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.