Getting Started with ForgeRock® Identity Cloud

This course takes students from a high-level understanding of how ForgeRock® Identity Cloud (Identity Cloud) works, through the various online resources available to them, to a fully functional hands-on development environment, where they learn how to implement the many features of Identity Cloud in a training environment. Students take real-world use cases and implement them in a provided live Identity Cloud environment, where they learn the concepts and tasks necessary to successfully manage identities, applications, and user journeys in their own Identity Cloud.

Target Audiences

The target audiences for this course include:

• ForgeRock Identity Cloud Administrators
• Technical users new to Identity Cloud and other ForgeRock products
• Those new to Identity Cloud and considering taking the certification exam

Objectives

Upon completion of this course, you should be able to:

• Describe the benefits and features of Identity Cloud, understand how to access an Identity Cloud tenant and your CloudShare lab environment
• Manage the onboarding of users through self-service, understand managed objects, import identities, and synchronize identities between Identity Cloud and external resources
• Manage journeys to support how end users authenticate and perform self-service with Identity Cloud
• Integrate application client profiles and gateway profiles into Identity Cloud to support external applications accessing Identity Cloud for identity and access management services
• Manage federation to let employees with credentials stored in a remote Active Directory (AD) data store access services in Identity Cloud

Prerequisites

The following are the prerequisites for successfully completing this course:

• Completion of the ForgeRock Product Essentials courses available at: https://backstage.forgerock.com/university/cloud-learning
  • ForgeRock Access Management Essentials
  • ForgeRock Identity Management Essentials
  • ForgeRock Identity Gateway Essentials
  • ForgeRock Directory Services Essentials

Duration

3 days

Course Contents

Chapter 1: Introducing Identity Cloud

Describe the benefits and features of Identity Cloud, understand how to access an Identity Cloud tenant and your CloudShare lab environment.

Lesson 1: Introducing ForgeRock Identity Cloud

Provide an overview of Identity Cloud, and the onboarding process:

• Describe Identity Cloud
• Explain Identity Cloud onboarding services

Lesson 2: Getting Access to Identity Cloud

Describe Identity Cloud tenant registration:

• Describe the tenant registration process
• Introduce the Identity Cloud Admin UI

Lesson 3: Accessing Your Lab Environment

A short lesson to introduce and access your tenant and the CloudShare lab environment:

• Access your tenant and CloudShare lab environment
• Log in to your tenant and CloudShare lab environment

Chapter 2: Managing User Identities

Manage the onboarding of users through self-service, understand managed objects, import identities, and synchronize identities between Identity Cloud and external resources.

Lesson 1: Managing Identities

Manage user identities and invite additional administrators using the Identity Cloud Admin UI, which is an administrative interface to manage your tenant settings:

• Manage user profiles in Identity Cloud
• Manage a user profile in Identity Cloud
• Manage administrators
• Invite a top-level administrator
• Explain UI integration options
• Configure themes for the Alpha and Bravo realms
• Manage password policies
• Configure password policies

Lesson 2: Onboarding Users With Self-Service

Add new users to your tenant through self-registration:

• Describe self-registration
• Register a user
• Describe self-service
• Explore self-service features

Lesson 3: Introducing Organizations

Explain how an organization hierarchical structure can be used to model a brand hierarchy to control access to business applications:

• Explain how to model an organization structure

Lesson 4: Adding Identities With Bulk Import

Bulk import user identities from a CSV file:

• Describe bulk import
• Import customers and employees

Lesson 5: Customizing Placeholder Properties

Update managed user object placeholder properties to display custom labels:

• Manage placeholder properties
• Customize placeholder properties

Lesson 6: Synchronizing Identities from External Resources

Connect to external resources using a Remote Connector Server (RCS), and synchronize identities between Identity Cloud and on-prem resources:

• Explain how to connect to external resources
• Configure a connection between Identity Cloud and an external DS
• Explain synchronization
• Populate Identity Cloud with DS entries
• Configure bi-directional synchronization
• Populate Identity Cloud with AD users
• Configure an RCS Cluster (Optional)

Lesson 7: Managing Provisioning Roles and Assignments

Manage provisioning roles and assignments to dynamically provision attributes to external resources:

• Introduce provisioning roles and assignments
• Create assignments and provisioning roles

Lesson 8: Additional Administration Tasks

Explain additional tasks that an Identity Cloud administrator should be aware of:

• Add a custom domain name
• Introduce Identity Cloud REST APIs
• Explore logs
• Monitor your tenant

Chapter 3: Managing User Journeys

Manage journeys to support how end users authenticate and perform self-service with Identity Cloud.

Lesson 1: Exploring Default Journeys

Describe the default journeys included with Identity Cloud, and explore self-service journeys as an Identity Cloud administrator and end user:

• Introduce journeys
• Explain self-service journeys
• Explore self-service journeys

Lesson 2: Modifying Journeys

Use the journey editor in Identity Cloud to manage a journey, and understand the use of authentication nodes and email templates in a journey flow:

• Introduce authentication nodes
• Manage journeys
• Modify the Login journey
• Explore email templates and nodes
• Configure email templates
• Modify an email template

Lesson 3: Configuring Self-Service

Configure the self-service features of Identity Cloud to empower end users to independently make changes to their identity, instead of going through a help desk:

• Explore knowledge-based authentication (KBA) options
• Configure self-service to use KBA
• Explain terms and conditions
• Configure terms and conditions

Lesson 4: Configuring Social Registration and Authentication

Configure Identity Cloud to let end users register and authenticate new accounts using a social provider:

• Explain social registration and authentication
• Configure an OAuth 2.0 client for Identity Cloud and configure Google as an identity provider
• Add social registration to the Registration journey
• Add social authentication to the Login journey

Chapter 4: Integrating Applications and Gateways

Integrate application client profiles and gateway profiles into Identity Cloud to support external applications accessing Identity Cloud for identity and access management services.

Lesson 1: Defining Applications

Describe the role of an application in Identity Cloud:

• Describe supported application types

Lesson 2: Adding an Application Client Profile

Add a new application client profile in Identity Cloud for a ForgeRock SDK sample application, and validate the application can authenticate with Identity Cloud using the client profile:

• Explain how the ForgeRock SDKs are used with Identity Cloud
• Add a single-paged application
• Enable a JavaScript application to use Identity Cloud for authentication

Lesson 3: Integrating Identity Gateway

Show how ForgeRock® Identity Gateway (Identity Gateway) can protect an application when it is integrated with Identity Cloud:

• Introduce Identity Gateway
• Integrate Identity Gateway with Identity Cloud
• Integrate the Identity Gateway sample application with Identity Cloud

Chapter 5: Managing Federation

Manage federation to let employees with credentials stored in a remote AD data store access services in Identity Cloud.

Lesson 1: Integrating Third-Party Services using SAML

Integrate Identity Cloud with a third-party provider using SAML v2.0 (SAML) to provide single sign-on services:

• Introduce Federation
• Explain how to configure Identity Cloud as an SP
• Configure Identity Cloud as an SP
• Explain how to configure ADFS as an IdP
• Configure ADFS as an IdP
• Explain how to configure Identity Cloud to use an IdP
• Configure Identity Cloud to use an IdP