ForgeRock IP is the MySQL of the Identity Management World

Welcome to Technology Fridays! In lune with ForgeRock’s recently announced filling fro IPO, I thought we should cover the platform in this week’s Technology Friday. ForgeRock Identity Platform(IP) may be one of the coolest identity management suites you’ve never heard of. The platform has been winning in the complex world of identity management using an unconventional formula based on open source, simplicity and a passionate developer community.

ForgeRock UP is an open source identity management platform(IAM) build from the ground up to automate the lifecycle of most aspects of identity management solutions. That part is actually very relevant because most IAM stacks in the market focus on specific capabilities such as authentication, identity federation or user management. Contrasting with that model, ForgeRock provides a comprehensive suite of products that cover most aspects of the lifecycle of identity management solutions.

From a functional standpoint, ForgeRock IP is based on four fundamental building blocks: access management, identity management, identity gateway and directory services. All together, the four components enable end-to-end identity lifecycle management capabilities that can be implemented in diverse environments ranging from small startups to large enterprises. All ForgeRock IP products provide a consistent programming model based on standard and lightweight user interfaces that enable devops to easily interact with the platform.

ForgeRock IP delivers access management capabilities using its OpenAM product which provides features such as authentication, authorization, single-sign-on and others in a cohesive product. OpenAM exposes its capabilities using a simple REST API based on standards such as OAuth 2.0. SDKs for programming languages such as Java or C++ are also available in the platform.

OpenDJ is ForgeRock IP’s product responsible for automating directory services capabilities. By providing an open, lightweight and easily manageable user directory, OpenDJ cab be seamlessly deployed on both on-premise and cloud environments. OpenDJ provides robust capabilities such as password management, replication, monitoring as well as REST and LDAP interfaces.

OpenIDM is the identity management arm of the ForgeRock IP platform. OpenIDM enables the provisioning and management of identities across devices and applications. OpenIDM provides a very modular architecture based on OSGi that includes connectors to many line of business and enterprise security systems. Those connectors are typically implemented using the OpenICF(Identity Connector Framework). Capabilities such as password synchronization or workflow provisioning are also part of OpenIDM.

The fourth component of the ForgeRock IP stack is OpenIG which is a centralized identity gateway that enables capabilities such as single sign-on and sign-out, password capture-replay and policy management. OpenIG delivers its capabilities via standards such as SAML2.


ForgeRock operates in very competitive market that includes cloud IAM platforms like Okta, PingIdentity, OneLogin or SailPoint which have gained strong market traction in the last decade. Similarly, identity services included platform as a service(PaaS) stacks such as Azure Active Directory or AWS IAM are also strong competitors. Innovative startups such as Auth0 have become a favorite of developers when comes to high level IAM tasks. Finally, traditional enterprise software powerhouses such as IBM, CA or Oracle still remain competitive in the enterprise IAM space.

CEO of IntoTheBlock, Chief Scientist at Invector Labs, I write The Sequence Newsletter, Guest lecturer at Columbia University, Angel Investor, Author, Speaker.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store