Product Q&As
ForgeRock Identity Cloud
ForgeRock Identity Platform

Does the ForgeRock CIAM solution support login analytics and decision logic?

Last updated Jun 30, 2022

This article provides answers to frequently asked questions on login analytics and decision logic when evaluating the ForgeRock Identity Platform for Customer Identity and Access Management (CIAM).


Does the solution provide usage analytics?

Yes. ForgeRock provides usage analytics that can help provide data for meeting service level agreements (SLAs), measuring performance, and gaining greater insight into how end users and their devices interact with applications and services.

ForgeRock Intelligent Access enables you to collect fine-grained metrics for analyzing elements of the user journey. The platform uses Dropwizard's Metrics as its common metrics framework for adding monitoring capabilities to an application. It includes native support for monitoring component metrics using Prometheus and visualizing this information using Grafana.

The platform's common audit logging service captures the activity of users, devices, and things with a unique ID label. Usage data, including authentication attempts, authorization requests, and federation events, are recorded. These logs are commonly consumed by third-party SIEM and analytics products such as FireEye, Guardian Analytics, the Elastic Stack and Splunk.

Does the solution evaluate whether logins result in increased abandoned shopping carts?

Yes. The number of journeys that are started but not completed can be tracked using the metrics produced by ForgeRock Intelligent Access. The stage of the journey at which the user's authentication session timed out and/or was abandoned is also recorded. The correlation of this information with shopping cart data allows you to monitor carts abandoned at the login step.

Does the solution assess the average time for call-outs to fraud systems?

Yes. ForgeRock Intelligent Access includes timer nodes that record the time taken between authentication steps. The timer node provides a simple mechanism to capture the additional time added to a customer's journey for an activity such as a call-out to a fraud system.

See  Timer nodes (Identity Cloud) and Timer nodes (AM) for further information.

Does the solution monitor the performance of SLAs that impact login journeys?

Yes. ForgeRock provides usage analytics that can help provide data for meeting service level agreements (SLAs), measuring performance, and gaining greater insight into how end users and their devices interact with applications and services.

Usage analytics can occur at many different points during a user's interaction with a service. With ForgeRock Intelligent Access, many different contextual signals may be used during a customer login to control and adapt the authentication journey, establish the level of assurance or risk from the authentication, and to gather useful data about the authentication. For example, login journeys may make use of the user's geolocation to detect fraudulent activity or provide a more seamless experience. The same information can be provided to downstream applications and APIs or stored or forwarded for analytics.

Does the solution determine if shorter login journeys result in fewer help desk calls?

Yes. As well as being able to time individual nodes or groups of nodes within a journey, it is possible to time the whole authentication journey and therefore the impact on average duration due to changes to the tree flow. A shorter journey is likely to be a simpler one that relies more on context and risk signals to only introduce additional authentication steps where necessary. By collating the average length of authentication journey with help desk call statistics, it is possible to show a reduction in calls.

See Also

Does Identity Cloud include an audit logging service?

Does the ForgeRock Identity Platform include an audit logging service?

Documentation:


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.