Product Q&As
ForgeRock Identity Cloud
ForgeRock Identity Platform

Does the ForgeRock solution support distributed scope design with least privileged access?

Last updated Jan 23, 2023

ForgeRock enables the principle of 'least privileged access' to only allow the granting of access that is essential to perform an intended purpose.


The ForgeRock solution supports the principle of ‘least privileged access’, for example by only permitting customers or employees access to the exact information and resources necessary for a particular and legitimate purpose.

ForgeRock delivers this through fine-grained authorization, a mechanism used to distribute and assign strongly typed scopes to applications, API endpoints, and other protected resources. Scopes are coupled with real-time context at policy-enforcing gates throughout the identity ecosystem. Scopes for fine-grained, actionable rules that can be used to make authorization decisions are also applied.

The ForgeRock solution can grant customized scopes to different groups of users based on their identity data attributes. One of these could be the organization they belong to (for example, based on location, reporting hierarchy, or lines of business). ForgeRock can also add custom scopes for users depending on other user attributes in the user directory. For example, a parent can grant children on a family plan additional rights or revoke the rights as needed.

See Also

What types of authorization methods and access controls are offered by the ForgeRock solution?

Identity Cloud documentation:

Identity Platform documentation:

Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.