ForgeRock® Identity Cloud Deep Dive: Identity Management

The Getting Started With ForgeRock® Identity Cloud course introduced students to a broad range of the identity management and access management features of ForgeRock® Identity Cloud (Identity Cloud). Each lesson briefly covered the core concepts and basic implementation of a feature, but did not go into any depth. This course explores the identity management-related features in more depth, how they work, and the configuration options available during implementation.

Note: Revision A of this course is based on version 7 of ForgeRock Identity Management.

Target Audiences

The target audiences for this course include:

• ForgeRock Identity Cloud Administrators
• System Integrators
• System Consultants
• System Architects
• System Developers

Objectives

Upon completion of this course, you should be able to:

• Model a custom user profile onto an existing user managed object type, query objects using the REST interface, create an organization model, and describe the relationship properties between objects
• Create and configure connections between external resources and Identity Cloud
• Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store

Prerequisites

The following are the prerequisites for successfully completing this course:

• Completion of the ForgeRock® Identity Management Essentials course available at: https://www.forgerock.com/support/university/forgerock-university/forgerock-identity-management-essentials
• Completion of the Getting Started With ForgeRock® Identity Cloud course available at: https://www.forgerock.com/support/university/forgerock-university/getting-started-forgerock-identity-cloud

Duration

3 days

Course Contents

Chapter 1: Modeling Identities

Model a custom user profile onto an existing user managed object type, query objects using the REST interface, create an organization model, and describe the relationship properties between objects.

Lesson 1: Modeling an Identity Profile

Learn about the different object types in Identity Cloud, and how you can model a custom user profile onto an existing managed user object type in Identity Cloud:

• Review the Identity Cloud documentation
• Describe the different object types in Identity Cloud
• Map an identity object to a managed object
• Describe how to use placeholder attributes
• Model a managed user object in Identity Cloud

Lesson 2: Querying Identity Cloud Objects

Use the Identity Cloud Identity Management REST interface to query Identity Cloud objects:

• Describe how to query objects using the REST interface
• Describe how to use the Identity Cloud Postman collection
• Prepare Identity Cloud and configure the Identity Cloud Postman collection variables
• Query Identity Cloud objects using the Identity Cloud Postman collection

Lesson 3: Managing Organizations

Set up managed organizations to delegate user administration based on the owner of hierarchical trees:

• Describe the roles and privileges within an organization
• Implement the organization example

Lesson 4: Introducing Relationships

Describe relationships between managed objects:

• Describe the purpose of relationships
• Describe how relationships are stored in the schema
• Query an object relationship using the REST interface

Chapter 2: Managing Connectors

Create and configure connections between external resources and Identity Cloud.

Lesson 1: Connecting to External Resources Using Connectors

Describe the connectors supported in Identity Cloud, and how to create connector configurations to communicate with external resources:

• Describe how to connect external resources to Identity Cloud
• Configure communication between Identity Cloud and a Remote Connector Server (RCS)
• Describe how to connect to external resources using Identity Connector Framework (ICF) connectors

Lesson 2: Configuring Connectors With the Admin UI

• Describe the process for creating a connector configuration using the Admin UI
• Add a connector configuration for an external LDAP resource

Lesson 3: Configuring Connectors Over REST

• Describe the process for creating a connector configuration over REST
• Describe the core connector configuration settings
• Describe the object types and property mappings
• Generate a full connector configuration JSON object over REST

Lesson 4: Connecting to Databases

Describe the ICF connectors for connecting to databases, and how to create connector configurations to access identity data stored in SQL databases:

• Describe how to use the Database Table Connector
• Configure the Database Table Connector
• Describe how to use the Scripted SQL Connector
• Create a scripted SQL connector configuration

Lesson 5: Connecting to External Resources Using a Scripted REST Connector Configuration

• Describe the use cases for using a scripted REST connector
• Connect to DS using the scripted REST connector

Chapter 3: Managing Synchronization and Reconciliation

Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store.

Lesson 1: Performing Basic Synchronization

Describe how to use the Identity Management Admin UI to create synchronization mappings (sync mappings) to reconcile identities between Identity Cloud and an external resource:

• Describe how to create mappings to synchronize identity objects and properties
• Describe how to create a sync mapping from Identity Cloud to an external resource
• Describe how to add source and target properties to the sync mapping
• Describe how to add a correlation query and a situational event script
• Describe how to set the situational behaviors and run reconciliation
• Add a sync mapping from Identity Cloud to an LDAP server
• Describe the sync mapping from an LDAP server to Identity Cloud
• Add a sync mapping from an LDAP server to Identity Cloud

Lesson 2: Running Selective Synchronization and LiveSync

Filter objects that are synchronized and automate synchronization using LiveSync:

• Describe the different methods that you can use to filter entries
• Run selective synchronization using filters
• Describe how to use LiveSync to synchronize changes
• Trigger LiveSync on a connector
• Describe how to schedule LiveSync
• Schedule LiveSync with an external resource

Lesson 3: Configuring Role-Based Provisioning

Automatically provision users to a set of LDAP groups based on role membership:

• Describe how to provision attributes to a target system based on static role assignments
• Describe the steps to enable role-based provisioning
• Query the role assignment properties using the REST interface
• Provision attributes to a target resource based on static role assignments
• Describe how to provision attributes to a target system based on dynamic role assignments
• Provision attributes to a target resource based on dynamic role assignments
• Describe how to add temporal constraints to a role
• Add temporal constraints to a role