ForgeRock Identity Management Core Concepts

The ForgeRock Identity Management Core Concepts course is for students who want to learn how to implement ForgeRock® Identity Management (IDM) to manage the lifecycle and relationship of digital identities within the context of a Customer Identity and Access Management solution (CIAM), and the integration with the ForgeRock Identity Platform™.

Note that Revision B.1 of this course is built on version 6.5 of IDM.

Target Audiences

• The following are the target audiences for this course:System Integrators
• System Consultants
• System Architects
• System Administrators

Objectives

• Upon completion of this course, you should be able to:Introduce IDM and explore the fictitious ForgeRock Entertainment Company (FEC) CIAM solution
• Install IDM and examine the default interfaces
• Deploy and manage IDM as a development project
• Perform basic IDM troubleshooting
• Configure the default user registration process
• Configure the User Self-Service functions, including password reset, forgotten username, and KBA options
• Add a custom field to the End User UI registration page
• Delegate the administration privileges of account properties to a group of users
• Configure social identity providers
• Integrate IDM with the ForgeRock Identity Platform
• Use the REST interface to access IDM
• Connect to external resources using OpenICF
• Perform basic synchronization
• Run selective synchronization and LiveSync
• Configure role-based provisioning
• Manage user preferences
• Configure privacy and consent
• Enable progressive profiling and add terms and conditions
• Enable the profile and privacy management dashboard
• Manage a basic relationship within the managed user object
• Model relationships based on a given use case
• Manage a relationship between a user and device
• Deploy and test a given workflow
• Explore the beginnings of creating a workflow

Prerequisites

• The following are prerequisites to successfully completing this course:Basic knowledge and skills using the Linux operating system to complete labs
• Basic knowledge of JSON, JavaScript, REST, Java, Groovy, SQL, and LDAP helpful for understanding examples; however, programming experience is not required

Duration

5 days

Certification

Earn a Digital Badge from attending this course. Learn more about ForgeRock badges at www.youracclaim.com/organizations/forgerock/badges

Course Contents

Chapter 1: Introducing IDM and Getting Started

Introduce IDM and describe where it fits within the ForgeRock Identity Platform to provide identity management services for a CIAM solution. Also, describe how to get started using IDM within a development environment.

Lesson 1: Introducing IDM and Exploring the FEC Solution

• Provide an overview of IDM and become familiar with the end of class solution for the FEC use cases so you better understand the core concepts of IDM that you learn throughout this course:Describe how IDM is used in the ForgeRock Identity Platform to deliver a CIAM solution
• Demonstrate each of the core concepts from an end user and administrator perspective

Lesson 2: Installing IDM

• Perform a basic installation of IDM, explore the default user interfaces, and then run one or more of the sample configurations shipped with IDM:Describe the basic IDM installation requirements for deploying IDM
• Install and start IDM for the first time and explore the default UIs
• Start IDM with the CSV sample configuration and run the sample
• Start IDM with the LDAP sample configuration and run the sample

Lesson 3: Deploying and Managing IDM as a Project

• Deploy and manage IDM as a development project to help you capture your configuration changes throughout the project:Set up a new IDM project for development
• Configure IDM to run as a background process

Lesson 4: Performing Basic IDM Troubleshooting

• Learn how to examine the different log files to assist in troubleshooting configuration errors that might occur during development. Learn how you can get additional help for troubleshooting assistance:Examine the different log files in IDM
• Get additional help troubleshooting outside of IDM

Chapter 2: Enabling User Registration and Self-Service

Implement self-service so end users can self-register for services, update and manage their profile information, and reset their passwords when forgotten (or retrieve their username when forgotten). Also, delegate the administration of subscriber accounts to a subset of help desk administrators.

Lesson 1: Configuring the Default User Registration Process

• Enable and configure the self-service user registration form options of IDM to let users self-register on the IDM Self-Service UI:Configure the outbound email service
• Enable email-based self-registration

Lesson 2: Configuring IDM User Self-Service

• Configure the other user self-services features of IDM that include forgotten username, password reset, and additional KBA questions. Also, add additional fields to the user registration page:Enable email-based password reset and username retrieval
• Expand the KBA options
• Add a custom field to the Self-Service UI registration page

Lesson 3: Delegating Administration Privileges

• Delegate administration of managed users to a new group of help desk administrators responsible for managing a subset of subscriber account properties:Add a new internal role and set up privileges to delegate administration

Chapter 3: Adding Social Registration and Authentication

Allow users to register with IDM using standards-compliant social identity providers such as Google, Facebook, and so on. Also, delegate all authentication to ForgeRock® Access Management (AM) and explore how to theme the IDM Self-Service UI.

Lesson 1: Configuring Social Identity Providers

• Configure IDM to allow end users to authenticate and register with IDM using multiple social identity providers:Set up a social ID provider for Google and test social registration
• Set up a social ID provider for Facebook or others (optional)

Lesson 2: Integrating IDM with the ForgeRock Identity Platform

• Integrate IDM with AM and ForgeRock® Directory Services (DS) to delegate IDM authentication services to AM:Prepare the ForgeRock Identity Platform components
• Delegate all IDM authentication to AM

Chapter 4: Managing Synchronization and Reconciliation

Synchronize identity data across multiple external resources in real time or by scheduling reconciliation events. Consolidate multiple identity data stores into one centralized identity store using IDM.

Lesson 1: Using the REST Interface to Access IDM

• Use the IDM REST interface to query data from the connectors and managed user objects stored in the repository:Query and manipulate IDM objects using the API Explorer and cURL

Lesson 2: Connecting to External Resources Using OpenICF

• Update the LDAP connector to communicate with DS, acting in the role of the subscriber’s LDAP directory:Describe how to connect to external resources using OpenICF
• Add a connector to an external LDAP resource

Lesson 3: Performing Basic Synchronization

• Create basic sync mappings to reconcile subscribers between the IDM repository and external LDAP directory server:Describe how to create sync mappings to flow identity objects and properties between IDM and one or more external resources
• Add a sync mapping from the IDM repository to the LDAP server
• Add a sync mapping from the LDAP server to the IDM repository

Lesson 4: Running Selective Synchronization and LiveSync

• Filter objects that are synchronized and automate synchronization using LiveSync:Run selective synchronization using filters
• Identify methods of determining change events with LiveSync
• Schedule LiveSync with the LDAP directory

Lesson 5: Configuring Role-Based Provisioning

• Automatically provision users to a set of LDAP groups based on role membership:Provision attributes to one or more external resources based on static role assignments
• Provision attributes to one or more external resources based on dynamic role assignments
• Add temporal constraints to a role

Chapter 5: Managing the IDM Privacy and Consent Options

Learn how to configure the privacy and consent options available in IDM that let end users consent or approve their digital identity being shared, via connectors, to external resources.

Lesson 1: Managing User Preferences

• Manage the user preferences and consent options for end users to help establish a trusted digital relationship:Configure synchronization filters with user preferences
• Extend the user preferences to include additional properties (optional)

Lesson 2: Configuring Privacy and Consent

• Enable the Privacy & Consent system preference to allow an administrator to use the Privacy & Consent option on a connector and during user registration:Configure privacy and consent on a sync mapping
• Configure privacy and consent during user registration

Lesson 3: Enabling Progressive Profiling and Adding Terms and Conditions

• Configure IDM to conditionally collect additional user profile data after a user registers a new account, and enable terms and conditions as part of the user registration process:Enable and configure progressive profiling
• Add terms and conditions to the registration process

Lesson 4: Enabling the Profile and Privacy Management Dashboard

• Enable an end user with self-service capabilities to view and/or update their user profile, security settings, user preferences, trusted devices, applications, Privacy & Consent preferences, UMA sharing, UMA history, and account controls from the IDM Self-Service UI:Describe the tabs available on the Profile and Privacy Management Dashboard
• Review the IDM Self-Service UI while integrated with AM to display additional options on the dashboard

Chapter 6: Managing Relationships Between Objects in IDM

Create and manage a relationship between two managed objects in IDM. Demonstrate an end-to-end flow of provisioning devices and automatically assign them as part of a relationship.

Lesson 1: Managing Relationships in IDM

• Explain how relationships work in IDM and how to build a basic relationship between two objects:Describe the basic relationship model in IDM and why you might use relationships
• Demonstrate the existing manager and reports relationship within the managed user object
• Create a dashboard to visualize relationships
• Examine the managed user, role, and assignment object relationships in IDM

Lesson 2: Modeling Relationships in IDM

• Set up a relationship between user managed objects to add support for a user to add other user objects as a member of their own subscribers list:Describe how to model a new relationship based on business requirements
• Create a new relationship for a given relationship model in IDM

Lesson 3: Managing Devices and Things in IDM (Optional)

• Add a new connector, a new managed object, and set up a relationship from the new managed object to the existing user managed object to manage generic devices. Also, create a sync mapping to provision devices from a connector and assign them automatically to the given relationship property (demonstrating an end-to-end perspective): Add a connector to import device identities
• Create a new device managed object
• Set up a relationship between device managed objects and user managed objects
• Create a sync mapping to provision devices to the IDM repository

Chapter 7: Getting Started with Workflow

Test the sample workflows provided in the IDM samples and a custom workflow provided by the instructor to help learn the basics of the workflow engine, and then create new workflow processes using the Activiti Designer.

Lesson 1: Deploying and Starting a Workflow

• Enable the Activiti workflow engine and deploy a sample workflow to learn how to manage workflow tasks and processes in the IDM Admin UI, and by using the REST API workflow interfaces:Describe use cases for workflows
• Describe how workflows are implemented in IDM
• Enable the workflow service in IDM and examine a sample workflow

Lesson 2: Deploying and Creating a Workflow

• Build and deploy a custom workflow from a skeleton project to help learn the basic components of a workflow:Describe the structure of workflow files
• Describe how to model workflows
• Describe how to use forms in workflows
• Examine, deploy, and start a workflow to let subscribers create Family and Friend accounts
• Create and deploy a simple workflow using Activiti Explorer