Access Management Webinar Jan 2017


Andy Hall Product Management Director

The Future is Now: What’s New in ForgeRock Access Management

Chris Kawalek Product Marketing Director


Disclaimer

The presentation represents ForgeRock´s current view of its product development cycle and future directions. It is intended for information purposes only, and should not be interpreted as a commitment on the part of ForgeRock. ForgeRock makes no warranties, expressed or implied, on future functionality and timeline.


2010 Founded

10 Offices worldwide with headquarters in San Francisco

400+ Employees

600+ Enterprise Customers

50% Americas / 50% International commercial revenues

30+ Countries

ForgeRock The leading, next-generation,

identity security software platform, driving digital business.


Users

Iden%ty


Users, Devices, Things, and Services

Iden%ty

Iden%ty

Iden%ty

Iden%ty

Iden%ty

Iden%ty

Iden%ty

Iden%ty

Iden%ty

Iden%ty

Iden%ty

Iden%ty


Everyone And

Every Thing

Identity For

Customer Identity Relationship Management


Frictionless

Personalized

The New Customer Experience

Device / IoT


ForgeRock Identity Platform

UMA Provider Mobile App Synchronization Auditing

LDAPv3 REST/JSON

Replication Access Control

Schema Management

Caching

Auditing

Monitoring

Groups

Password Policy

Active Directory Pass-thru

Reporting

Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2

Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2

Adaptive Risk Stateless/Stateful Registration Aggregated User View

Message Transformation

API Security Scripting

Built from Open Source Projects:

UMA Resource

Access Management Identity Management Identity Gateway

Directory Services

Com

mon

RES

T AP

I

Com

mon

Use

r Int

erfa

ce

Com

mon

Aud

it/Lo

ggin

g

Com

mon

Scr

iptin

g


What’s New in Access Management?


Autonomous Servers Cloud-friendly Architecture

•  Simpler component topology •  Elastically scale up and down •  Parallel instantiations • Unlimited horizontal scalability

AM AM AM …

ELB

Cluster S

ize

Demand


DevOps Support For Automated Deployments

•  AMster •  New lightweight CLI tool •  Remote configuration over

REST •  Export/Import config as json

• Dynamic Boot params •  Supply boot params via

environment variables •  Great for containerization •  Docker container becomes

generic •  Keystores

•  Boot passwords can be stored in secret volumes


Developer Friendly API Descriptors

• Annotated APIs • Swagger-like description of APIs •  Interactive documentation • Easy to test and understand • Rapid app development


IoT and Security Secure OAuth2 Tokens

• OAuth2 widely used in IoT

• Bearer token security critical

• New “Proof-of-Possession” support

• Resource server can verify Access token belongs to client

Resource Server

Authorization Server

Vending Machine

Plane Engine

Smart Thermostat

Smart Tractor

Smart Lightbulb

Smart Garage Door

Healthcare Wearable

Location Beacon


Stronger Security New Cipher Suites

• New Crypto algorithms • More compact and efficient

JWTs for OpenID Connect and Stateless sessions

•  RSA1_5 •  RSA-OAEP •  RSA-OAEP-256 •  A128KW •  A192KW •  A256KW •  A128CBC-HS256

•  A192CBC-HS384 •  A256CBC-HS512 •  A128GCM •  A192GCM •  A256GCM


Smarter Security Common Audit Framework

• Common Audit Framework

• Complete view of activity across all products

• New Splunk and JSON handlers

• Realm-specific Auditing • Fine-grained control of

logging

ForgeRock Iden-ty Pla3orm

Common System

& Activity Logs

Access Management

Identity Management

Identity Gateway

Directory Services


Questions and Answers


Our Next Webinar

The Future is Now: What’s New in ForgeRock Identity Management January 25, 2017 8:00AM PST, 4:00PM GMT Register at forgerock.com/about-us/events


Thank You

Access Management Webinar Jan 2017

Technology

Transcript of Access Management Webinar Jan 2017