The ForgeRock platform provides user self-service features that enable users to self-register, securely reset forgotten passwords, retrieve their usernames, and manage their profile and consent settings. The service is fully accessible over REST APIs and through the customizable ForgeRock UI and SDKs.
Supported features relating to user self-service include:
- Social account mapping
- Forgotten password reset
- Forgotten username support
- Email validation
- CAPTCHA (for use with Google's reCAPTCHA v2 and reCAPTCHA v3 and hCaptcha)
- Knowledge-based authentication (KBA) questions
- Terms & Conditions
- Customizable confirmation emails
- Password policy configuration
- Profile management
Various user flows are supported and can be configured easily using Intelligent Access. ForgeRock provides a range of self-service nodes, as well as pre-built flows (designed on best practices) that you can use as a base for configuring your own self-service journeys. These include sample journeys for registration, login, progressive profile, password reset, forgotten username, and password update.
The ForgeRock platform also includes a profile dashboard that enables users to manage all identity data about themselves in a single place, with self-service controls for editing personal information, opting-in or opting-out of data collection, regulating device pairing, authorizing app access with greater login and security options as well as managing privacy and consent features such as "right to be forgotten".
Below are examples of the many ways you can customize out-of-the-box self-service journeys to build in more security:
- CAPTCHA: Add a Google reCAPTCHA node or your own customized node to the registration page, to protect against software bots that may be used against your site.
- Multi-factor authentication (MFA): Add MFA nodes to require all users to respond to out-of-band MFA challenges before they can initiate a password reset.
- Biometrics: Include behavioral biometrics nodes to transparently identify people based on their unconscious actions to determine if they are legitimate account owners.
- Device information: Incorporate device information into the decisioning, such as requiring users to access an assigned managed device and browser in order to register or change their profiles and privacy options.
- Fraud and risk management: Add a fraud and risk management node from the ForgeRock Trust Network to understand whether a user is a legitimate customer or a fraudster.
Yes. Self-service journeys can be defined and customized using Intelligent Access and APIs. Each journey can use its own specific theme and be specific to an application or a subset of users based on any criteria that make sense for a particular use case.
Identity Cloud documentation:
Identity Platform documentation: