ForgeRock Reviews

In AUS, there is an accredited open banking solution. We worked on a security profile using ForgeRock. We used four or five ForgeRock components, including Access Management, Identity Gateway, Identity Management, and Directory Stores. Another use case is the insurance side, but it's also consumer identity and Access management.

When I'm working on the client's site, it's a different user base, so I'm not sure how many people or products there are. I think both organizations are using ForgeRock to manage that data for many projects.

With ForgeRock, we don't need to do everything independently because it's a PaaS. Before ForgeRock, we used our own custom authentication mechanism, so we had to write custom code. After integrating with ForgeRock, we can use GUI instead of messing with the backend as much. 

We also have to maintain that code and upgrade it every time there is a library change or customization. We need to manage it, but it's easier to customize and maintain in ForgeRock.

ForgeRock products are customizable, and the out-of-the-box features are solid, too. I primarily use the OIDC compliance features. It's just a configuration. it's easy to set up and customize trees. We can add our own features if necessary. Banks and corporations have different standards and specific validations. 

There are many issues with the latest version, so we've raised many tickets. They added new features, but that also needs some improvement. It may be related to some standards like requirements and specific settings that need to be improved. 

We are using OIDC and SAML Federation standards, and I think SAML things also need some improvement. It is a known issue that's already in their release notes. So I guess that is already there.

I have been using ForgeRock for three years.

I haven't had issues with ForgeRock's stability, but there could be some performance improvements. Initially, it took some time to maintain some features. In the directory stores, it took a lot of time. There are some lags due to different reasons, or maybe it's a network issue. We have problems connecting with the database. We need to add monitoring tools for all those parts and immediately verify which components went down.

I think ForgeRock is easy to scale on the cloud side, but I've never worked on the cloud. We are already using four sites, so I think it's different when you have your own servers and on-prem. We have only four servers, and we are managing everything on these four servers, so I can't say much about scalability. Our user base is big. A million people are using the whole CIAM process on one site.

We raised tickets asking for improvements, but sometimes we don't get the proper solution. They are responding, but the ticket is open for weeks and weeks. For some issues, we don't get a satisfactory solution or the solution doesn't work. 

I think ForgeRock support needs some improvement. Sometimes the person managing the ticket is not in that particular field, and he needs to confirm with his team or other technical teams.

I worked on the development side. From the Ping perspective, it's mostly a configuration we did. It was another vendor doing the whole development for the Ping Foundation, mostly on the performance side. They were looking into that part.

I worked on two different projects based on ForgeRock, and both are automated deployments. One is a UI-based deployment. It's an automated process using some scripts.  

The deployments are done through Octopus, so it's also automated. We first deploy the essential components of AM and then implement additional configurations like Amster Imports. After that, we import all the SAML Federation data and add some certificates.

We have two teams of five and three team members working on the different deployment processes. One is working on the dev side, another is looking at the higher environment, and one is managing the data.

In another project, I'm the only developer. We also deploy on the dev environments so that anyone can test new features, configurations, and client requirements. They can test it on the dev environment, but a team of four people manages higher environments.

The Access Management component involves the most customization, which takes around 15 to 20 minutes because of the need to import the Amster configuration. If another deployment is simultaneously happening, it may be a little slower and take around 30 minutes. The other components, like the user data stores, take about five to seven minutes. It's another five to 10 minutes for Identity Management. 

After deployment, the maintenance is mostly checking for security vulnerabilities. If ForgeRock shares security vulnerabilities or advisories, we check to see if there is something inside we need to maintain. Other than that, we just install updates when they add features each month.  

I rate ForgeRock nine out of 10. I would recommend ForgeRock to others. They're constantly coming out with new features, and you can do each feature in multiple ways. The way you go about it is up to you and your requirements.

We use ForgeRock for providing application security.

All of the product's features are good.

The product's support services in the French language are not free. It is challenging to communicate with their team in the English language. This particular area needs improvement.

We have been using ForgeRock for two years as a partner.

I rate ForgeRock's stability a nine out of ten.

We manage 200 to 2,000 ForgeRock customers. They are all enterprise businesses.

The technical support services could be better.

Positive

The product is easy to set up. However, the evaluation setup lacks a few components. I rate the process a nine out of ten. The deployment involves access management and directory services configuration. It is time-consuming to set components like directory table policies and target DNS. It takes around ten days to complete.

It is a good and stable product. I rate it a nine out of ten.

If for example, you click on facebook.com, the request goes from your browser to the application server. On the application server, one of the gateways may block your request. First it enters the firewall and then it reaches the application server where Facebook is deployed and it reaches a policy enforcement point. This policy enforcement point (PEP) would be the web agent.

This request is blocked by this PEP, and it asks the basic first question of whether the URL is protected. The user then provides their credentials on their login screen and again, this PEP takes up this request to PDP and asks whether this user is authenticated to access this service. The credentials are checked in a user store. 

So as soon as it checks your credentials, it gives back an answer to the policy decision point that this user is available in the user store. ForgeRock answers all these questions using its own codes.

We could previously make Authorization policies, and based upon these policies, only provide the access to certain resources. Right now our identity is not limited to just people but also items such as a smart refrigerator and a smart car.

This entire login flow or registration flow is now taken care of by intelligence authentication. Almost all the notes which are required for these journeys are out of the box. If you want to enable biometrics, you can get these notes from ForgeRock marketplace. This is one of the features which I like the most about this solution. Most technologies are out of the box or require a minimum configuration.

ForgeRock is an open source solution and is available to everyone but it is not freeware. If you need support, you need a subscription for ForgeRock. Many of its functionalities need to be built up with the help of a consultant.

There are some limitations and some issues. It requires you to create a code ticket and then work on it with ForgeRock. In a future release, we would like to add additional security to our environment. We would also like to have identity and access management technology for passwordless logins. 

I have been using this solution for five years.

This is a stable solution. When you do experience any issues, you will see it in your DB logs or audit logs so you can easily reach a conclusion of might be causing it.

This is a scalable solution. To add multiple users to the environment, you can enable a self-service access for user registration, a ForgeRock password and ForgeRock username. A user can do this by themselves. This solution also has a high data capacity. You can use the directive service as a replication server as well to replicate your user data between different directive services environment. 

I would rate the support for this solution a three out of five because you can't depend entirely on them. You have to try troubleshooting by yourself as well. 

Neutral

I have been working on other IAM products since the start of my career eight years ago. I have been using ForgeRock for the past five years.

The initial setup is out of the box and simple, especially if you are creating a basic user journey with a registration and login. If you are going with an identity gateway, it may require some basic understanding about the technology.

To deploy it from start to finish, took six to seven months.

You can get an environment once you register on their site with your ID, and you will get a whole lot of downloads. If you enable ForgeRock on a consumer level, then you have to pay for it.

Go to forgerock.com and create your ID. After that, you can complete multiple self-led trainings. There are documents which are very thorough. I would certainly recommend this solution to others. Onboarding on ForgeRock is quite easy. 

I have been working on all the products of ForgeRock and I have worked on other products of the same category.

I would rate this solution an eight out of ten.

ForgeRock is basically an IAM tool and we use it for access to multiple resources or applications. It's basically an identity and access management tool. We are business partners with ForgeRock and I'm a security delivery analyst.

It's had a good impact and we've seen an increase in revenue. 

I like the ease of navigating, handling and managing the applications and end-user profiles. It's easy, convenient and affordable. 

ForgeRock can be a complex product that requires a lot of time to learn and  understand its real value. The issue is that when we're working in real-time scenarios for real-time projects, we might face challenges that we're not able to figure out ourselves. By the time we have real-time interaction with the customer, it can be awkward to go back to the documentation and try to figure it out. I'd like the solution to include ways of customizing or achieving our scenarios more simply. That could include simplified documentation within the tool rather than having to use a separate portal. If something were available within the tool, I would be happy.

I've been using this solution for close to three years. 

This is a neutral product in terms of stability. It's generally fine but sometimes there are issues which could be connected to the application rather than the product.

The solution scales up and down according to your needs.

We receive adequate support. Every time we reach out to them, they're there for us. Whether it's relevant documentation, guidance, or jumping on a call to troubleshoot issues. They're on top when it comes to customer support. 

The initial setup is easy but I would recommend having some knowledge on the container, where you deploy the applications, and how it's done.

ForgeRock is an open-source tool. You can download it directly via the browser. It's only when you want to use their extensive features, you might have to think about the pricing. ForgeRock is booming because it's an open-source tool and it provides good value. It's comparable to a licensed solution. We pay a maintenance fee. 

We initially used ForgeRock as a trial tool to test whether we could achieve all of our requirements. It was a good strategy for us. 

I rate the solution eight out of 10. 

We mainly use the solution for profile management authorization, and authentication as well as data migration. 

We have found the identity and access management tools in the solution to be particularly useful for our organization.

We would like this solution to be developed for use with mobile applications.

We would also like to be able to customize the default modules that are available, to include some of our specific requirements.

We have been using this solution for over two years.

We have found this solution to be extremely stable.

This product has proved to be very easily scalable.

The technical support team is very good; as soon as I email them, they contact me straight away. 

Positive

We were previously using a different solution, and switched as this product provided much better, and more efficient security for our customers.

The initial setup of the solution wasn't complex, but there was very little guidance available.

We implemented the product using a combination of a vendor team, and our own in-house team. The vendor team were knowledgeable, but not very collaborative with our in-house team, which has meant a steep learning curve for them.

I would rate the ROI from using this solution a ten out of ten, as it has helped our business grow through increased customer trust.

The licences for this solution are available for a period of either one, or two years.

I would rate this product a nine out of ten.

We use it for our enterprise workforce as well as for customer identity and access management. Our enterprise workforce is around 60,000 users and our customer base is approximately 100 million users.

We used it to implement multi-factor authentication and to improve our security to reduce the potential for attacks. It has enabled us to implement access control policies through authentication and authorization layers. 

The main feature that I like about ForgeRock is the workflow engine. It allows us to define some of the custom users depending upon the user's contextual access.  Other than that, the deployment and management of the tool is extremely difficult.

The user interface could be improved as it is cumbersome and outdated. It doesn't have a responsive UI. Secondly, the customization could be improved. You cannot develop customizations quickly. For example, if you want to add a custom attribute, you need to use other tools. You have to write the code and deploy it as a JAR in the server. 30 minutes of work takes five to six hours and you need specialized skills to write the JAR file. 

We have been using this solution for five to six years.

This is a stable solution from a performance perspective.

You cannot scale this solution vertically or horizontally. 

The support for this solution is good.

Positive

The initial setup is straightforward to some extent when it comes to integrating with Active Directory and LDAP. These are the only two straightforward components. 

If you want to configure it in the distributed architecture, for example, you need to deploy ForgeRock in five data centers and you need to have that session replicated across all the different data centers. You need to set up a code token service and schema when using Forgerock and this cannot be automated. The setup takes a few weeks. 

If you try to deploy a patch, that patch has to be backwardly compatible with the custom development. We cannot use patches as they are released by ForgeRock. The reason is that that patch might inhibit the custom code that is developed. What we have to do is re-engineer the custom node to work with the most up-to-date patch. 

We implemented this solution in-house. They offer detailed documentation. However, the documentation doesn't reflect the actual product.

We have not yet experienced a return on investment. 

The solution costs $2 per user. Any custom development involves additional fees. If the use case is only for the workforce and only to implement a single sign-on solution using standard out-of-the-box features, then this is the right tool to go for.

This solution is extensively used, but we are not happy with the performance of the product or the customizations. Within the next six months we are evaluating other products because it is extremely difficult for us to scale it horizontally or vertically. 

We are also not able to adopt the new standards as it is not a standard based code solution. We have to update the code every time for each customer whenever they request any division, improvement or feature. 

I would rate this solution a five out of ten. The product is good but the underlying stack is not modern. They are not building out more adaptive features that other service providers offer.

In future, we are looking for a cloud-hosted solution like PingOne, Okta, or Azure Active Directory.

We use ForgeRock to implement SSO MSA for different customers with large databases. We also use the solution to unify their system and dashboards.

The most valuable features of ForgeRock are social login and data protection. From an organization's point of view, data privacy is the most valuable feature of ForgeRock. Data should be protected in the right way in an organization. User data is everything in an organization, and if data hacking harms an organization's reputation.

ForgeRock is a very good product for security and meeting your compliance and automation requirements. Our IT team's workload has definitely reduced after implementing ForgeRock.

The solution's deployment should be made easier.

I have been using ForgeRock for nine or ten months.

The solution's stability has to be better, but it depends mainly on how the solution is deployed. Everything is linked to the deployment style. If the deployment is done properly, everything can be fixed automatically.

I rate the solution a seven out of ten for stability.

Around four to five users are using the solution in our organization.

I rate the solution ten out of ten for scalability.

The solution’s technical support is good.

Positive

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a five out of ten.

The solution’s deployment takes more than two to three months. We need to install the identity gateway servers first, and based on the gateway servers, they have to initiate the proxy servers. Once the proxy servers are properly configured, I can start with my different application integration. The whole process itself stretches to two months. That's why it's a very lengthy procedure.

ForgeRock is an expensive solution.

We are using ForgeRock mostly for banks and universities. We are letting them use the self-registration page via social logins, having the consent to provide the data, and implementing the ease of logging into the system. So, this is how we are using the solution's CIAM.

Overall, I rate the solution an eight out of ten.

We are using ForgeRock for our CRM system.

In our company, we had some SQL legacy databases but with ForgeRock there is much more integration, including outside the system.

The solution could improve by adding more advertising and marketing.

I have been using ForgeRock for approximately one and a half years.

The solution is stable.

I rate the stability of ForgeRock an eight out of ten.

You are able to build on ForgeRock, it is scalable.

I rate ForgeRock an eight out of ten.

The support is good and prompt.

The initial setup of ForgeRock can be complex based on what kind of integration nodes we are connecting.

We did the deployment of ForgeRock in-house.

I rate ForgeRock a nine out of ten.

We use the solution for the authorization and authentication of various applications.

The solution has the ability to handle a lot of users.

In an upcoming release, the solution could improve by limiting the need to do customizations.

I have been using the solution for more than three years. 

I find the solution to be stable, it has been working well. However, we have encountered some stability issues when we tried to upgrade. Normally we would have to reboot the server and occasionally have performance and tunning issues. The solution's stability during the upgrade should be improved.

The solution is very scalable. We have a lot of users that have been increasing over the years that we have been using it. We have approximately 20,000 users.

Whenever we experience an incident, we call everyone in the breach and the system owner expert will call the support of the solution. The support could improve because we sometimes have to repeat ourselves since the support is across different time zones.

The initial setup of the solution was quite complex because we tried to use it as a Single Sign-On with multiple applications or customers. 

The solution requires a vendor consultant for the implementation to make the right choices. 

The pricing of the solution is fair but I do not have the full details.

My advice to other users is to be careful about customizing the solution. If you customize the solution you will need good documentation and information that will have to be retained otherwise, there will be a knowledge gap. Especially if you use it for Single Sign-On or federated authentication and authorization. The more you customize it the more it will cause some issues when you are trying to upgrade. We have found in this particular instance if you do the customization you should have certain consistent standards. If you have this solution across multiple teams, there is no single party that has an overview of the code, and what ends up happening is there is too much customization making the upgrades difficult. However, this all depends on the business.

If we are using the solution in a certain way, especially the authorization with customization can cause problems. Every application might have a different way to authorize its functions in the area. However, the authentication is very straightforward. You have to be careful about customizing the solution, and how to sustain it across your teams. Every three to five years you will need to do an upgrade. Otherwise, you will not be supported. Most of us just treat it as a project, then we move on, and we do not use it until a few years later and then we run into large issues.

I rate ForgeRock a six out of ten. 

We primarily use the solution for multiple clients and multiple implementations.

Fundamentally, we're not using ForgeRock as a single application Identity Management Solution. We need it for multiple clients, multiple implementations. Not all of them are necessarily a multi-tenant solution. We need a very versatile solution that can do a lot of work, but from a single instance that we can centralize authentications and we don't duplicate the efforts and that's where ForgeRock seems to do better.

We need some more time with the solution to really note if there are specific features that are missing. Currently, it's doing a good job of covering what we need.

We're worried about the scaling. We're told it will be okay and there won't be issues, however, I'm not 100% convinced.

We've signed the contract and yet we're still not going through the typical process, which is worrying.

We started using the solution a few months ago.

It's been only two, three months. So far, we haven't seen any issues and I'm not sure if we will have any issues in the next year or so. 

However, as we move, my biggest concern in the past and right now is when we start adding multiple clients to the same base setup. That's where I'm more worried about how it will take individual authentication versus claims level authentication. I wonder about how it's going to handle all of that. That's where I'm more worried. I'm patiently waiting for a few clients to be on the platform. 

I'm worried about the scalability of it. I'm not worried about the scalability itself. I'm sure it will scale. However, I'm concerned about what sorts of problems we'll run into when we start scaling the solution higher. Right now it's very low volume.

They have assured me it will be fine. We just got a new Account Manager assigned to my company and she's assured me that any such problems and they will be able will align with their standard scalability structures. She has assured me that if there are any issues, their team would jump in and make sure that our clients are not going to be impacted by any issues we might end up having.

We're still in the honeymoon phase with ForgeRock. Even though we have very small business interests with them today, they see that we plan on growing drastically over the next two years. Therefore, we have excellent support and we are now at a point where we are not calling tech support. We pick up a phone and call the Account Manager and they'll get everything resolved for us. We don't have to queue along with everybody else and go through a long process. Maybe it will be different once we are around for a while. However, since we are a growing account, we are an enterprise account, and the Account Manager is really new, we are being treated a little bit differently than regular customers. Obviously, I don't expect it to be this red carpet a year down the lane. That said, right now, it's very nice.

We did previously use a different solution. Scalability and consolidated implementation was one of the reasons we had the previous product. However, I can't even remember the name of it. With the previous product, the problem was we had to put a base set up for every client differently when it is not a multi-tenant solution. That was one of the reasons we switched to ForgeRock. Even though the implementations are not multi-tenant, we can re-route all the IT management through ForgeRock at this point in time.

The initial setup wasn't too complex. I didn't think it was any difficult. I sometimes believe I don't give enough credit to my team. Some of my team members have upwards of about 20 years experience in doing this. They're doing these types of implementations all of the time and they make it seem very easy. I haven't heard a single problem from them. They seem to have handled the entire process very well.

In terms of usage, it's not our standard cost. We're not doing it for our purpose. We have multiple clients we are looking at right now. We are at a very small number, however, the idea and the goal is to grow. We are looking at about $100,000 and $50,000 a minimum a month cost. That'd be minimum maybe in a couple of years. We expect that to double, at least based on how many solutions we scale to. The amount of money we spend on ForgeRock will depend on the number of clients we get. Right now it is on one product, so it is not that much currently. If we scale it to other products, that number will change drastically.

We are just customers. We don't have a business relationship with the solution.

I don't have the details in regards to which version of the solution we're using.

My advice to other potential users would be to not look at the cost savings when you scale. Instead, look at the issues you will run into when you scale. If you plan for scaling two years down the line, the mistake we made a couple of times in other solutions was that it was actually more expensive when you scale without the architecture properly done. Therefore, take the time to plan ahead.

Currently, I'd rate the solution at a seven. I'm a little worried that, even though we've signed the contract, we are being channeled through a couple of leaders rather than going through the regular process. I'm worried about how that new process is going to be for us.