ForgeRock® Identity Cloud Deep Dive: Identity Management

Code: IC-420

The Getting Started With ForgeRock® Identity Cloud course introduced students to a broad range of the identity management and access management features of ForgeRock® Identity Cloud (Identity Cloud). Each lesson briefly covered the core concepts and basic implementation of a feature, but did not go into any depth. This course explores the identity management-related features in more depth, how they work, and the configuration options available during implementation.

Note: Revision A of this course is based on version 7 of ForgeRock Identity Management.


Target Audiences

The target audiences for this course include:

  • ForgeRock Identity Cloud Administrators
  • System Integrators
  • System Consultants
  • System Architects
  • System Developers


Objectives

Upon completion of this course, you should be able to:

  • Model a custom user profile onto an existing user managed object type, query objects using the REST interface, create an organization model, and describe the relationship properties between objects
  • Create and configure connections between external resources and Identity Cloud
  • Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store


Prerequisites

The following are the prerequisites for successfully completing this course:


Duration

3 days



Course Contents

Chapter 1: Modeling Identities

Model a custom user profile onto an existing user managed object type, query objects using the REST interface, create an organization model, and describe the relationship properties between objects.

Lesson 1: Modeling an Identity Profile

Learn about the different object types in Identity Cloud, and how you can model a custom user profile onto an existing managed user object type in Identity Cloud:

  • Review the Identity Cloud documentation
  • Describe the different object types in Identity Cloud
  • Map an identity object to a managed object
  • Describe how to use placeholder attributes
  • Model a managed user object in Identity Cloud

Lesson 2: Querying Identity Cloud Objects

Use the Identity Cloud Identity Management REST interface to query Identity Cloud objects:

  • Describe how to query objects using the REST interface
  • Describe how to use the Identity Cloud Postman collection
  • Prepare Identity Cloud and configure the Identity Cloud Postman collection variables
  • Query Identity Cloud objects using the Identity Cloud Postman collection

Lesson 3: Managing Organizations

Set up managed organizations to delegate user administration based on the owner of hierarchical trees:

  • Describe the roles and privileges within an organization
  • Implement the organization example

Lesson 4: Introducing Relationships

Describe relationships between managed objects:

  • Describe the purpose of relationships
  • Describe how relationships are stored in the schema
  • Query an object relationship using the REST interface


Chapter 2: Managing Connectors

Create and configure connections between external resources and Identity Cloud.

Lesson 1: Connecting to External Resources Using Connectors

Describe the connectors supported in Identity Cloud, and how to create connector configurations to communicate with external resources:

  • Describe how to connect external resources to Identity Cloud
  • Configure communication between Identity Cloud and a Remote Connector Server (RCS)
  • Describe how to connect to external resources using Identity Connector Framework (ICF) connectors

Lesson 2: Configuring Connectors With the Admin UI

  • Describe the process for creating a connector configuration using the Admin UI
  • Add a connector configuration for an external LDAP resource

Lesson 3: Configuring Connectors Over REST

  • Describe the process for creating a connector configuration over REST
  • Describe the core connector configuration settings
  • Describe the object types and property mappings
  • Generate a full connector configuration JSON object over REST

Lesson 4: Connecting to Databases

Describe the ICF connectors for connecting to databases, and how to create connector configurations to access identity data stored in SQL databases:

  • Describe how to use the Database Table Connector
  • Configure the Database Table Connector
  • Describe how to use the Scripted SQL Connector
  • Create a scripted SQL connector configuration

Lesson 5: Connecting to External Resources Using a Scripted REST Connector Configuration

  • Describe the use cases for using a scripted REST connector
  • Connect to DS using the scripted REST connector


Chapter 3: Managing Synchronization and Reconciliation

Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store.

Lesson 1: Performing Basic Synchronization

Describe how to use the Identity Management Admin UI to create synchronization mappings (sync mappings) to reconcile identities between Identity Cloud and an external resource:

  • Describe how to create mappings to synchronize identity objects and properties
  • Describe how to create a sync mapping from Identity Cloud to an external resource
  • Describe how to add source and target properties to the sync mapping
  • Describe how to add a correlation query and a situational event script
  • Describe how to set the situational behaviors and run reconciliation
  • Add a sync mapping from Identity Cloud to an LDAP server
  • Describe the sync mapping from an LDAP server to Identity Cloud
  • Add a sync mapping from an LDAP server to Identity Cloud

Lesson 2: Running Selective Synchronization and LiveSync

Filter objects that are synchronized and automate synchronization using LiveSync:

  • Describe the different methods that you can use to filter entries
  • Run selective synchronization using filters
  • Describe how to use LiveSync to synchronize changes
  • Trigger LiveSync on a connector
  • Describe how to schedule LiveSync
  • Schedule LiveSync with an external resource

Lesson 3: Configuring Role-Based Provisioning

Automatically provision users to a set of LDAP groups based on role membership:

  • Describe how to provision attributes to a target system based on static role assignments
  • Describe the steps to enable role-based provisioning
  • Query the role assignment properties using the REST interface
  • Provision attributes to a target resource based on static role assignments
  • Describe how to provision attributes to a target system based on dynamic role assignments
  • Provision attributes to a target resource based on dynamic role assignments
  • Describe how to add temporal constraints to a role
  • Add temporal constraints to a role

Price (ex. VAT)

€ 3.304,00 per person

Duration

3 days

Schedule

Please send us a message with the form below

Delivery methods

  • Classroom
  • On-site (at your location)
  • Virtual (instructor online)

Inquire

We will contact you to discuss your requirements