General
ForgeRock Identity Cloud

Best practice for raising an Identity Cloud ticket with ForgeRock Support

Last updated May 20, 2021

The purpose of this article is to help us solve your issue as soon as possible if you are raising a ticket for Identity Cloud. We are here to help and opening a Support Ticket is the best way to connect with our ForgeRock experts! Adhering to these guidelines will help reduce time to resolution.


Overview

Note

Please refer to Best practice for raising an Identity Platform ticket with ForgeRock Support for guidance if you are raising a ticket for the Identity Platform (AM, DS, IDM or IG).

Raising a ticket

Tickets can be raised whenever you need our assistance; here are some examples of when it is appropriate to open a ticket:

  • Identity Cloud service is down or performance is degraded.
  • Config Requests such as :
    • You want to promote configuration changes.
    • You want to deploy secrets and/or environment-specific configuration to your environments.
    • You want to restore from backup.
  • Suspected problem or incident with the ForgeRock Identity Cloud.
  • Requests for assistance (please look at the documentation and Knowledge Base first).

You can raise a ticket using BackStage. This link shows all currently open support tickets and allows you to raise a new one by clicking New Ticket.

What information should I provide? 

When raising a Support ticket, you should provide sufficient details from the start to allow us to work on your ticket effectively. This should include clear details of the request, the domain name(s) of the instances your ticket relates to (for example, openam-acme-inc-dev.id.forgerock.io), and if it relates to a suspected problem or incident, you should provide a detailed problem statement with the following details: your use case, reproducible steps, any changes made prior to the issue occurring, any error messages, HAR files etc. See What should I include in my Support Ticket? for further guidance. Lack of information from the outset could delay resolution.

Issue tracking

For issue tracking purposes, please submit a separate support ticket for each request or issue. This also allows us to better focus on the new issue and not mix vital information, which can delay time to resolution.

Can my team see all the ticket updates? 

Yes. You can cc individual users on a support ticket as needed. Navigate to: Tickets, select the required ticket and add any users who should receive updates to the CCs field.

If you would like individuals or your entire team included on all ticket updates, please let us know through a support ticket so we can set up permissions correctly to allow your team members to view and comment on all tickets.

What can I do if I am having issues accessing BackStage?

If you are having any issues using the system or have any queries about your subscription, you can email: backstagehelp@forgerock.com

A ticket or a call?

The ticket is the single best point of reference

The most efficient model of supporting you and resolving an issue is through our ticketing system on BackStage. This is because through a ticket we can:

  • Analyze technical details accurately and have them available for reference during the ticket.
  • Get several technical resources to review the details, including our support, engineering and management teams.
  • Attempt to reproduce your issue in our test environments.
  • Follow a logical path of troubleshooting.
  • Keep a record of the actions taken, for accountability and auditing purposes.
  • Progress multiple issues asynchronously.
  • If required, hand over urgent issues to the next timezone.

Phone calls and web conferences are generally not optimal, especially in the early stages of troubleshooting and diagnosis. However, they can be useful in some circumstances. 

What if a call is needed?

In the event that a call is needed, we will set up a time-limited web conference and send you the link. If it is not urgent, we will schedule this for the following day or later in the week (as appropriate).

  • We will agree an agenda at the start of the call (or in the ticket prior to the meeting if there is time) and determine next steps at the end of the call.
  • It should be determined before the call who the most relevant person(s) from your organization and ForgeRock are to join the meeting to help with a successful resolution. Uncontrolled calls with large audiences are not productive.
  • We will attempt to determine the full extent of the issue and offer a workaround if this is possible.
  • The support engineer will not necessarily make changes to your systems. We operate a hands-off approach wherever possible to allow you to make changes once you have deemed them appropriate. We will only make changes if the required change is outside your control.
  • Notes will be made about the content of the call and documented in the appropriate support ticket.
Note

You may be asked to show us that the issue is not related to third-party applications and that it is an Identity Cloud issue.

What should you do prior to a call?

Ticket priorities

There are four priorities for tickets in this system:

  1. Urgent (P1) - there is an issue in your Production environment affecting all or most end users. No workaround is available. This priority cannot be used for issues in your Staging or Development environments.
  2. High (P2) - there is a major feature or function that is not working correctly in your Production environment, which is blocking full use of the system, but other features are operational. Or there is a major feature or function that is not working correctly in your Staging or Development environments that could delay promotion.
  3. Normal (P3) - there is a minor issue or non-production issue impacting usability or administration of the system, but a workaround is available and major functionality is working correctly
  4. Low (P4) - there is intermittent or unexpected behavior observed which suggests a possible problem or a request for enhancement (RFE). Low or no user impact.

These priorities should be used with prudence and only be selected if they meet your situation. Our aim is to always respond and progress your requests in a timely manner.

Caution

We treat Urgent issues very seriously; we will expect that you have carried out all reasonable testing and that you have good reason to suspect the Identity Cloud is the cause of your issue. 

Why did you change the priority of my ticket? 

When you raise an Urgent ticket and the Production environment operation is restored, we will normally change it to High. We recognize that even after the service is back to normal there will be some focus on finding the root cause to regain confidence that the same thing will not happen again.

There are a few situations where we might downgrade a ticket without asking, for instance, questions that have been raised with a High or Urgent priority but where it is clear from the context that the wrong priority has been selected.

Multiple Tickets

If you have multiple tickets open simultaneously, please help us to prioritize them for you by using the appropriate level for all your tickets. Using High or Urgent for all tickets will dilute the focus on which tickets require the highest attention. Our primary focus will be to help you get the environment back up and running; root cause analysis will then follow. For issues outside the scope of Support, we may refer you to Deployment Support Services, or we can introduce you to one of our local partners.

Can I request to change the priority of a ticket? 

Yes. You can submit a change request by clicking on the 'Change Priority' button, located in the Comments section of the ticket form.

What should I include in my Support Ticket?

Your support ticket should include enough information for us to understand what you are requesting and be able to help you effectively.

  • Ticket Subject: Ensure the Ticket subject contains a clear request or problem statement.

For example, "Can't access Identity Cloud" isn't a particularly useful problem statement, whereas "Can't access Dev or Staging environments - get a 'Sorry that isn't right. Try again' error when we access the login page" is much more descriptive and gives us immediate context and scale of the problem.

Promote configuration type tickets

If you want to promote configuration between environments, you should provide us with the following details:

  • What environment do you want to promote changes from/to?
  • Are there any timeframes that we should avoid when doing the promotion? Bear in mind that promotions are done within normal business hours in the GMT timezone.
  • The domain name(s) of the instances your ticket relates to (for example, openam-acme-inc-dev.id.forgerock.io).

If you want to deploy any secret or non-secret values that vary between environments, you should provide these to us in a separate ticket.

See Understanding Identity Cloud environments and promotion process for further information.

Deploy secrets and/or environment-specific configuration type tickets

If you want to deploy any environment-specific configuration, you should include the following details in your ticket: 

  • Any non-secret configuration values that vary between environments, including, but not limited to:
    • URLs for external systems.
    • Domain names if you use custom domain names.

You should provide the Staging and Production values at the same time to ensure we have all values ready for when you want to promote the configuration to Production. 

  • Whether you have any secret configuration values that vary between environments - do not provide unencrypted secret values in the ticket. If you do have secret values that vary between environments, we can provide you with instructions for encrypting them before sending them to us.
  • The domain name(s) of the instances your ticket relates to (for example, openam-acme-inc-dev.id.forgerock.io).

See How do I reference an environment-specific secret or non-secret value from a script in the Identity Cloud? for additional details if you want to reference environment-specifc values in a script.

Suspected problem or incident type tickets

For suspected problems or incidents, you should include the following details where possible to ensure we fully understand your issue and can start troubleshooting immediately:

  • Detailed problem description with steps to reproduce the issue. If the issue is with a downloadable component, you should let us know which component and version.
    • Include any error messages that are appearing in the browser or logs.
    • Include a HAR file which details the web browser's interaction with Identity Cloud and provides the transaction IDs (x-forgerock-transactionid headers) as this will allow us to trace the issue through the logs. You can create a HAR file as detailed in How do I create a HAR file for troubleshooting Identity Cloud?
      • If for some reason you cannot create a HAR file (for example, the requests are made by an app or proxy), it would be useful if you can provide the HTTP responses at least as these should also include the transaction IDs.
    • Explain in as much detail as possible what you were doing at the time of receiving the errors, include any URLs relevant to the issue.
  • What environment are you seeing issues in? Development, Staging or Production?
  • The domain name(s) of the instances your ticket relates to (for example, openam-acme-inc-dev.id.forgerock.io).
  • Please provide details of the use case. What are you trying to achieve, what are the expected results?
  • What led you to try this approach? (Provide links to any documentation or KB articles you followed).
  • Date and time at which the issue was first seen?
  • Has this worked in the past?
    • If yes, what has recently changed prior to the issue being seen? (For example, configuration changes, adding/deleting applications, increased user load, new SP or IdP etc.)
  • How frequently is the issue seen? (Is the issue seen during specific times or is it intermittent?)
  • Can you reproduce the issue at will?
    • If yes, please provide the exact timestamp(s)and corresponding transaction ID(s) of when the issue was reproduced so we can correlate this with the logs.
    • Provide reproducible steps.
  • What troubleshooting steps and debugging have already been tried?
  • Assign an appropriate priority to the ticket. See Ticket priorities for further details.
Note

You can attach log files to tickets in the BackStage support portal. See Sending troubleshooting data to ForgeRock Support for analysis for further information.

Reopening a ticket in Solved or Closed status

When tickets are resolved they are set to a status of solved. After they have maintained their solved status for 2 weeks they are automatically moved to closed.

  • Solved tickets can be reopened and updated. Tickets marked as solved can be reset to an open status by either responding in the ticket on BackStage or replying to an email notification that was sent from the solved ticket that you want to reopen.
  • Closed tickets cannot be altered or reopened. However, you can create a follow-up request by email. This creates a new ticket that references the closed request and includes a link back to the original ticket history where support can review previous comments. Alternatively you can open a new ticket via BackStage.
  • Follow up tickets can be created by replying to an email notification that was sent from the closed ticket that you want to create a follow-up for.

See Also

How do I create a HAR file for troubleshooting Identity Cloud?

Understanding Identity Cloud environments and promotion process

Getting started with ForgeRock Support (Identity Cloud)



Copyright and TrademarksCopyright © 2021 ForgeRock, all rights reserved.
Loading...