ForgeRock Identity Management Core Concepts (IDM-400)
Note that Revision B of this course is built on version 6.0.0 of ForgeRock Identity Management.
The following are the target audiences for this course:
- System Integrators
- System Consultants
- System Architects
- System Administrators
- Web Developers
Upon completion of this course, you should be able to:
- Deploy and manage IDM as a project
- Start, log, and perform basic troubleshooting in IDM
- Configure the default user registration process
- Configure other User Self-Service functions
- Configure social Identity Providers
- Integrate IDM with the ForgeRock Identity Platform
- Theme the Self-Service User Interface
- Run the IDM samples (optional)
- Use the REST interface to access IDM
- Connect to external resources using OpenICF
- Connect to a JDBC database using the Scripted SQL Connector
- Perform basic synchronization
- Synchronize identity data between multiple external resources
- Run selective synchronization and LiveSync
- Configure role-based provisioning
- Manage user preferences
- Configure privacy and consent
- Enable progressive profiling and add terms and conditions
- Manage relationships between objects
- Configure workflow
The following are prerequisites to successfully completing this course:
- Completion of the ForgeRock Identity Management Product Overview course
- Basic knowledge and skills using the Linux operating system to complete labs
Chapter 1: Enabling Self-Service and User Registration
Implement self-service so end users can self-register for services, update and manage their profile information, and reset their password when forgotten (or retrieve their username when forgotten).
Lesson 1: Deploying and Managing IDM as a Project
Deploy and manage IDM as a development project to help you capture your configuration changes throughout the project.
- Install and start IDM for the first time and explore the default UIs
- Set up a new IDM project for development
Learn how to start and stop IDM in your development environment and learn how to examine the different log files to assist in troubleshooting configuration errors that might occur during development.
- Configure IDM to run as a background process
- Examine the different log files in IDM
Enable and configure the self-service user registration form options of IDM to let users self-register on the IDM Self-Service UI.
- Configure the outbound email service
- Enable email-based self-registration
Configure the other user self-services features of IDM that include; forgotten username, password reset, additional KBA questions, and Google ReCAPTCHA.
- Enable email-based password reset and username retrieval
- Expand the KBA options
- Enable Google reCAPTCHA options to protect from spam and abuse (optional)
Chapter 2: Adding Social Registration and Authentication
Allow users to register with IDM using standards-compliant social identity providers such as Google, Facebook, and so on.
Lesson 1: Configuring Social Identity Providers
Configure IDM to allow end users to authenticate and register with IDM using multiple social identity providers.
- Set up a social ID provider for Google
- Set up a social ID provider for Facebook
Integrate IDM with AM and DS to delegate IDM authentication services to AM.
- Prepare the ForgeRock Identity Platform components
- Delegate all IDM authentication to AM
Theme the IDM Self-Service UI and perform basic customization of the IDM HTML templates to add a custom field to the IDM Self-Service UI registration page.
- Update the Self-Service UI theme (optional)
- Add a custom field to the Self-Service UI registration page
Chapter 3: Creating a Global Customer View Through Synchronization and Reconciliation
Synchronize identity data across multiple external resources in real-time or by scheduling reconciliation events and consolidate multiple identity data stores into one centralized identity store using IDM.
Lesson 1: Running the IDM Samples (Optional)
Learn how you can quickly perform basic user provisioning, one of the core functions of IDM, between an external resource and IDM using the shipping samples included with IDM.
- Start IDM with a sample configuration and run the sample
- Start IDM with the LDAP sample configuration and run the sample
Use the IDM REST interface to query data from the connectors and managed user objects stored in the repository.
- Query and manipulate IDM objects using the API Explorer and cURL
- Review the default IDM REST endpoints (optional)
Update the LDAP connector to communicate with DS, acting in the role of the subscriber’s LDAP directory.
- Add a connector to an external LDAP resource
Use the Scripted SQL Connector sample to communicate with a JDBC database that contains multiple tables.
- Use the Scripted SQL Connector sample to connect to a MySQL database
- Extend the Scripted SQL Connector sample to your project
Create basic sync mappings to reconcile subscribers between the IDM repository and external LDAP directory server.
- Add a sync mapping from the IDM repository to the LDAP server
- Add a sync mapping from the LDAP server to the IDM repository
Configure the synchronization mappings (sync mappings) between the various source and target resources to synchronize objects and attribute values between multiple external resources.
- Examine the links table within the IDM repository
- Create a sync mapping to seed the repository with subscribers from MySQL
Filter objects that are synchronized and automate synchronization using LiveSync.
- Run selective synchronization using filters
- Identify methods of determining change events with LiveSync
- Schedule LiveSync with the MySQL database
Create a role that can be assigned to a user to automatically provision that user to a set of LDAP groups in the directory based on the value of the role object.
- Provision attributes to one or more external resources based on static role assignments
- Provision attributes to one or more external resources based on dynamic role assignments
- Add temporal constraints to a role
Chapter 4: Managing Privacy and Consent Options
Learn how to configure the privacy and consent options, available in IDM, that let end users consent or approve their digital identity being shared, via connectors, to external resources.
Lesson 1: Managing User Preferences
Manage the user preferences and consent options for end users to help establish a trusted digital relationship.
- Configure synchronization filters with user preferences
- Extend the User Preferences (optional)
Enable the Privacy & Consent system preference to allow an administrator to use the Privacy & Consent option on a connector and during user registration.
- Configure privacy and consent on a sync mapping
- Configure privacy and consent during user registration
Configure IDM to conditionally collect additional user profile data after a user registers a new account and enable terms and conditions as part of the user registration process.
- Enable and configure progressive profiling
- Add terms and conditions to the registration process
Chapter 5: Managing Relationships Between Objects
Create and manage a relationship between two managed objects in IDM.
Lesson 1: Managing Relationships
Explain how relationships work in IDM and how to build a basic relationship between two objects.
- Describe the basic relationship model in IDM and why you might use relationships
- Describe the existing relationship between managed users, roles, and assignments
- Demonstrate in the lab the existing manager/report relationship within the managed user object
- Examine the managed user, role, and assignment object relationship in IDM
Learn how to model and implement a new relationship in IDM.
- Describe how to model a new relationship based on business requirements
- Create a new relationship for a given relationship model in IDM
- Create and test a given relationship between a managed user and device
Chapter 6: Configuring Workflow
Build and deploy a custom workflow that requires asynchronous processing through the built-in Activiti workflow engine included with IDM.
Lesson 1: Deploying a Workflow
Run and test a given workflow to better understand the capabilities available within IDM to implement workflow.
- Describe various use cases for using workflow for asynchronous provisioning of users
- Deploy and test a given workflow in IDM
- Explore the different IDM interfaces affected by workflow
Build and deploy a custom workflow from a skeleton project to help learn the basic components of a workflow.
- Describe the various business process components of BPMN
- Walk through a BPMN diagram for the workflow
- Use forms within a workflow to provide business logic