The ForgeRock solution supports the principle of ‘least privileged access’, for example by only permitting customers or employees access to the exact information and resources necessary for a particular and legitimate purpose.
ForgeRock delivers this through fine-grained authorization, a mechanism used to distribute and assign strongly typed scopes to applications, API endpoints, and other protected resources. Scopes are coupled with real-time context at policy-enforcing gates throughout the identity ecosystem. Scopes for fine-grained, actionable rules that can be used to make authorization decisions are also applied.
The ForgeRock solution can grant customized scopes to different groups of users based on their identity data attributes. One of these could be the organization they belong to (for example, based on location, reporting hierarchy, or lines of business). ForgeRock can also add custom scopes for users depending on other user attributes in the user directory. For example, a parent can grant children on a family plan additional rights or revoke the rights as needed.
Identity Cloud documentation:
Identity Platform documentation: