ForgeRock Reviews

I use the solution in my company for all of our authentications, specifically microservice authentications.

Microservice authentication and authorization is built using the product. Third party vendors have been integrated with our platform using OAuth 2.0 supported by the product. MPIN and Biometrics development has been made using product API's

The solution's most valuable feature is that it comes shipped with directory services and LDAP, which is packaged with it. It also has high support for DevOps. You can manage OAuth 2.0 clients as code.

The product's customization is a bit complicated. The tool is customized by exporting config files to Git and bundling them as images. It is hard for the developers to maintain it as it requires training.

Kubernetes deployment for ForgeRock which is called ForgeOps is not included in product support. The company does not officially support ForgeOps as a product feature but they support it on a best effort basis. It would be better to have ForgeOps as a part of product support.

I have been using ForgeRock for two years. I am just a customer of the tool.

It doesn't actually have any bugs.

It is a very scalable solution in terms of Kubernetes architecture.

All the developers in my company work with ForgeOps APIs, and around 10 to 15 developers make customizations in the product.

As ForgeOps is not internally supported as a product feature, one always has to have professional service to support it. I rate the technical support an eight or nine out of ten.

Our company started off with Forgerock as the IDAM solution but was considering switching to KeyCloak. However we further made an investment on developing MPIN and Biometrics using product API's, a reason why my company continues with the product.

The product's initial setup phase was not difficult as it started supporting Helm charts. With the latest releases, it has been made easier to manage. Just making the tool highly available requires some expertise.

The product is easy to use in a development environment. It is easy to set up the tool, and it is easy to configure the product in the development environment, but it requires expertise to set up a highly available deployment and use the product in multiple environments.

The solution is deployed on an on-premises model.

Our company was considering switching back to Keycloak from ForgeRock, so as to not pay any license fees. ForgeRock also supports M-PIN and biometric features that Keycloak does not provide. My company started developing for M-PIN and biometric, a reason why my company continues with the product.

I would suggest others use the product after asking them to consider their use cases. SSO may be a use case for some, and using the product as an IDM tool may be a use case. At the moment, my company is not deploying all the components of ForgeRock itself. My company uses ForgeRock for OAuth 2.0. For example, my company is not deploying the IDM and identity gateway components. You should consider your use case and select the required components for that use case.

My company does not use the SSO features of the tool. My company uses SSO to access ForgeRock's AM Console for individual users. My company does not use single sign on features of the product and instead, we use Auth0.

I rate the tool a seven or eight out of ten.

One of the best features of ForgeRock OpenIDM is that once you configure all the connectors, scripts, and modifications, you can migrate that project directory to other higher environments. We don't need to reinstall. Installation and configuration are pretty easy for ForgeRock OpenIDM.

ForgeRock OpenAM is also pretty easy to install and configure. The easiest part of the solution is the workflows, which are pretty easy and very good. We used to have chains that we would not use in the latest release.

ForgeRock does not provide support for issues related to SCIM connectors as their engineers or developers do not know exactly about it. The solution's documentation is not very good, and they do not give more details.

I have been using ForgeRock for about five years.

I rate ForgeRock somewhere between eight and nine out of ten for scalability.

ForgeRock's technical support is pretty good compared to other products. The only thing is they don't want you to ask any questions about how to do something. They will not tell you, and you have to figure it out. You can get a lot of online material and blogs for products like SailPoint, Oracle, or Okta. Since ForgeRock is not used much, people do not put anything in blogs. So you have to figure it out on your own.

Neutral

I compared ForgeRock with various tools. I worked on Oracle IDM, Oracle Access Manager, and SailPoint. SailPoint is pretty good for provisioning, and it has a lot of different things. The governance feature in ForgeRock is comparatively new, and they also came up with the reporting feature. So some features are still new, but it has improved a lot.

ForgeRock's initial setup is straightforward. It's not complex for an experienced engineer or developer.

ForgeRock's pricing is more competitive than other products. I worked on a very big project about ten years ago. Oracle was extremely aggressive on pricing, and they go based on the number of users. Oracle offers very less pricing for educational projects. I'm unsure about ForgeRock's pricing structure for the financial industry, education universities, and big projects.

ForgeRock has four modules, namely, OpenIDM, OpenAM, OpenDS, and Identity Gateway.

ForgeRock is a pretty simple solution compared to other products. As simple as it is, you will have some product limitations somewhere. You can do a lot on Oracle and SailPoint since they have in-depth solutions for anything. However, ForgeRock has some limitations.

Overall, I rate ForgeRock an eight out of ten.

We use ForgeRock for access management. We access ForgeRock over VMs, but it is technically deployed on-premises.

ForgeRock is an extensive product with many functionalities and capabilities, much more than many other tools combined. It comes with XML functionality and the latest standards, including IoT, providing almost all the major identity-use cases. ForgeRock is comprehensive and open and can extend its functionality. ForgeRock has multiple units inside it, such as identity gateways. It has extensive application management and supports all sorts of protocols.

The only problem with ForgeRock is that it is derived from an open-source product, so sometimes it's a bit unstable. Likewise, ForgeRock is not very user-friendly.

I am currently using ForgeRock.

ForgeRock is very scalable. We have more than 100,000 users in our company, with over 1,000 admins using the solution to control access.

The initial setup for ForgeRock was easy.

Though it is a bit unstable, ForgeRock is one of the best solutions, given its cost. However, where you might have a better GUI in other tools, ForgeRock is not as user-friendly. Given the functionality it provides, I recommend ForgeRock but don't purchase the solution assuming it will be a cakewalk.

In AUS, there is an accredited open banking solution. We worked on a security profile using ForgeRock. We used four or five ForgeRock components, including Access Management, Identity Gateway, Identity Management, and Directory Stores. Another use case is the insurance side, but it's also consumer identity and Access management.

When I'm working on the client's site, it's a different user base, so I'm not sure how many people or products there are. I think both organizations are using ForgeRock to manage that data for many projects.

With ForgeRock, we don't need to do everything independently because it's a PaaS. Before ForgeRock, we used our own custom authentication mechanism, so we had to write custom code. After integrating with ForgeRock, we can use GUI instead of messing with the backend as much. 

We also have to maintain that code and upgrade it every time there is a library change or customization. We need to manage it, but it's easier to customize and maintain in ForgeRock.

ForgeRock products are customizable, and the out-of-the-box features are solid, too. I primarily use the OIDC compliance features. It's just a configuration. it's easy to set up and customize trees. We can add our own features if necessary. Banks and corporations have different standards and specific validations. 

There are many issues with the latest version, so we've raised many tickets. They added new features, but that also needs some improvement. It may be related to some standards like requirements and specific settings that need to be improved. 

We are using OIDC and SAML Federation standards, and I think SAML things also need some improvement. It is a known issue that's already in their release notes. So I guess that is already there.

I have been using ForgeRock for three years.

I haven't had issues with ForgeRock's stability, but there could be some performance improvements. Initially, it took some time to maintain some features. In the directory stores, it took a lot of time. There are some lags due to different reasons, or maybe it's a network issue. We have problems connecting with the database. We need to add monitoring tools for all those parts and immediately verify which components went down.

I think ForgeRock is easy to scale on the cloud side, but I've never worked on the cloud. We are already using four sites, so I think it's different when you have your own servers and on-prem. We have only four servers, and we are managing everything on these four servers, so I can't say much about scalability. Our user base is big. A million people are using the whole CIAM process on one site.

We raised tickets asking for improvements, but sometimes we don't get the proper solution. They are responding, but the ticket is open for weeks and weeks. For some issues, we don't get a satisfactory solution or the solution doesn't work. 

I think ForgeRock support needs some improvement. Sometimes the person managing the ticket is not in that particular field, and he needs to confirm with his team or other technical teams.

I worked on the development side. From the Ping perspective, it's mostly a configuration we did. It was another vendor doing the whole development for the Ping Foundation, mostly on the performance side. They were looking into that part.

I worked on two different projects based on ForgeRock, and both are automated deployments. One is a UI-based deployment. It's an automated process using some scripts.  

The deployments are done through Octopus, so it's also automated. We first deploy the essential components of AM and then implement additional configurations like Amster Imports. After that, we import all the SAML Federation data and add some certificates.

We have two teams of five and three team members working on the different deployment processes. One is working on the dev side, another is looking at the higher environment, and one is managing the data.

In another project, I'm the only developer. We also deploy on the dev environments so that anyone can test new features, configurations, and client requirements. They can test it on the dev environment, but a team of four people manages higher environments.

The Access Management component involves the most customization, which takes around 15 to 20 minutes because of the need to import the Amster configuration. If another deployment is simultaneously happening, it may be a little slower and take around 30 minutes. The other components, like the user data stores, take about five to seven minutes. It's another five to 10 minutes for Identity Management. 

After deployment, the maintenance is mostly checking for security vulnerabilities. If ForgeRock shares security vulnerabilities or advisories, we check to see if there is something inside we need to maintain. Other than that, we just install updates when they add features each month.  

I rate ForgeRock nine out of 10. I would recommend ForgeRock to others. They're constantly coming out with new features, and you can do each feature in multiple ways. The way you go about it is up to you and your requirements.

We use ForgeRock for providing application security.

All of the product's features are good.

The product's support services in the French language are not free. It is challenging to communicate with their team in the English language. This particular area needs improvement.

We have been using ForgeRock for two years as a partner.

I rate ForgeRock's stability a nine out of ten.

We manage 200 to 2,000 ForgeRock customers. They are all enterprise businesses.

The technical support services could be better.

Positive

The product is easy to set up. However, the evaluation setup lacks a few components. I rate the process a nine out of ten. The deployment involves access management and directory services configuration. It is time-consuming to set components like directory table policies and target DNS. It takes around ten days to complete.

It is a good and stable product. I rate it a nine out of ten.

If for example, you click on facebook.com, the request goes from your browser to the application server. On the application server, one of the gateways may block your request. First it enters the firewall and then it reaches the application server where Facebook is deployed and it reaches a policy enforcement point. This policy enforcement point (PEP) would be the web agent.

This request is blocked by this PEP, and it asks the basic first question of whether the URL is protected. The user then provides their credentials on their login screen and again, this PEP takes up this request to PDP and asks whether this user is authenticated to access this service. The credentials are checked in a user store. 

So as soon as it checks your credentials, it gives back an answer to the policy decision point that this user is available in the user store. ForgeRock answers all these questions using its own codes.

We could previously make Authorization policies, and based upon these policies, only provide the access to certain resources. Right now our identity is not limited to just people but also items such as a smart refrigerator and a smart car.

This entire login flow or registration flow is now taken care of by intelligence authentication. Almost all the notes which are required for these journeys are out of the box. If you want to enable biometrics, you can get these notes from ForgeRock marketplace. This is one of the features which I like the most about this solution. Most technologies are out of the box or require a minimum configuration.

ForgeRock is an open source solution and is available to everyone but it is not freeware. If you need support, you need a subscription for ForgeRock. Many of its functionalities need to be built up with the help of a consultant.

There are some limitations and some issues. It requires you to create a code ticket and then work on it with ForgeRock. In a future release, we would like to add additional security to our environment. We would also like to have identity and access management technology for passwordless logins. 

I have been using this solution for five years.

This is a stable solution. When you do experience any issues, you will see it in your DB logs or audit logs so you can easily reach a conclusion of might be causing it.

This is a scalable solution. To add multiple users to the environment, you can enable a self-service access for user registration, a ForgeRock password and ForgeRock username. A user can do this by themselves. This solution also has a high data capacity. You can use the directive service as a replication server as well to replicate your user data between different directive services environment. 

I would rate the support for this solution a three out of five because you can't depend entirely on them. You have to try troubleshooting by yourself as well. 

Neutral

I have been working on other IAM products since the start of my career eight years ago. I have been using ForgeRock for the past five years.

The initial setup is out of the box and simple, especially if you are creating a basic user journey with a registration and login. If you are going with an identity gateway, it may require some basic understanding about the technology.

To deploy it from start to finish, took six to seven months.

You can get an environment once you register on their site with your ID, and you will get a whole lot of downloads. If you enable ForgeRock on a consumer level, then you have to pay for it.

Go to forgerock.com and create your ID. After that, you can complete multiple self-led trainings. There are documents which are very thorough. I would certainly recommend this solution to others. Onboarding on ForgeRock is quite easy. 

I have been working on all the products of ForgeRock and I have worked on other products of the same category.

I would rate this solution an eight out of ten.

We mainly use the solution for profile management authorization, and authentication as well as data migration. 

We have found the identity and access management tools in the solution to be particularly useful for our organization.

We would like this solution to be developed for use with mobile applications.

We would also like to be able to customize the default modules that are available, to include some of our specific requirements.

We have been using this solution for over two years.

We have found this solution to be extremely stable.

This product has proved to be very easily scalable.

The technical support team is very good; as soon as I email them, they contact me straight away. 

Positive

We were previously using a different solution, and switched as this product provided much better, and more efficient security for our customers.

The initial setup of the solution wasn't complex, but there was very little guidance available.

We implemented the product using a combination of a vendor team, and our own in-house team. The vendor team were knowledgeable, but not very collaborative with our in-house team, which has meant a steep learning curve for them.

I would rate the ROI from using this solution a ten out of ten, as it has helped our business grow through increased customer trust.

The licences for this solution are available for a period of either one, or two years.

I would rate this product a nine out of ten.

We use it for our enterprise workforce as well as for customer identity and access management. Our enterprise workforce is around 60,000 users and our customer base is approximately 100 million users.

We used it to implement multi-factor authentication and to improve our security to reduce the potential for attacks. It has enabled us to implement access control policies through authentication and authorization layers. 

The main feature that I like about ForgeRock is the workflow engine. It allows us to define some of the custom users depending upon the user's contextual access.  Other than that, the deployment and management of the tool is extremely difficult.

The user interface could be improved as it is cumbersome and outdated. It doesn't have a responsive UI. Secondly, the customization could be improved. You cannot develop customizations quickly. For example, if you want to add a custom attribute, you need to use other tools. You have to write the code and deploy it as a JAR in the server. 30 minutes of work takes five to six hours and you need specialized skills to write the JAR file. 

We have been using this solution for five to six years.

This is a stable solution from a performance perspective.

You cannot scale this solution vertically or horizontally. 

The support for this solution is good.

Positive

The initial setup is straightforward to some extent when it comes to integrating with Active Directory and LDAP. These are the only two straightforward components. 

If you want to configure it in the distributed architecture, for example, you need to deploy ForgeRock in five data centers and you need to have that session replicated across all the different data centers. You need to set up a code token service and schema when using Forgerock and this cannot be automated. The setup takes a few weeks. 

If you try to deploy a patch, that patch has to be backwardly compatible with the custom development. We cannot use patches as they are released by ForgeRock. The reason is that that patch might inhibit the custom code that is developed. What we have to do is re-engineer the custom node to work with the most up-to-date patch. 

We implemented this solution in-house. They offer detailed documentation. However, the documentation doesn't reflect the actual product.

We have not yet experienced a return on investment. 

The solution costs $2 per user. Any custom development involves additional fees. If the use case is only for the workforce and only to implement a single sign-on solution using standard out-of-the-box features, then this is the right tool to go for.

This solution is extensively used, but we are not happy with the performance of the product or the customizations. Within the next six months we are evaluating other products because it is extremely difficult for us to scale it horizontally or vertically. 

We are also not able to adopt the new standards as it is not a standard based code solution. We have to update the code every time for each customer whenever they request any division, improvement or feature. 

I would rate this solution a five out of ten. The product is good but the underlying stack is not modern. They are not building out more adaptive features that other service providers offer.

In future, we are looking for a cloud-hosted solution like PingOne, Okta, or Azure Active Directory.