ForgeRock (Open IDM) - Basic Understanding

Five main pillars of ForgeRock

  1. ForgeRock Identity Management
  2. ForgeRock Identity Management
  3. ForgeRock Directory Services
  4. ForgeRock Identity Gateway
  5. ForgeRock Open ICF (Connector Framework)
IAM (Identity & Access Management)

Identity Management mainly deals with:
  • Creating or onboarding identities into organization
  • Managing users digital identities and its life cycle
  • Here main goal is to provide right access to the right person
  • In Identity Management attributes are loaded to a identity and those are managed throughout the life cycle of user
Access Management mainly deals with:
  • Attributes which are loaded while identity management, now based on the value of these attribute's, here we takes decision in yes/no to allow or block that user from accessing that resource.

Basics of Access Management

  • Authentication - Its process of verifying Who you are? e.g. When you log on to Laptop with username and password, You are authenticating.
  • Authorization - It refers What you do? Verifying that you have specific access to do something

For hands-on you can download "Oracle VM Virtual box Manager" and install ForgeRock IDM
Also you can get download required binaries from below site and follow the steps: 
https://ktport.thinkific.com/courses/openam


Security Realm

In ForgeRock Identity Management (IDM), a Security Realm is a key concept that defines the security boundaries and authentication mechanisms used to protect resources and manage users within the system. A security realm is essentially a security domain within IDM where you can define how users are authenticated, authorized, and managed. Here's a breakdown of what it typically involves:

1. Authentication

  • The security realm determines how users authenticate to the system, including which identity stores (like LDAP, databases, or external identity providers) are used to verify user credentials.

2. Authorization

  • It also controls what resources users have access to once authenticated. This involves defining roles, permissions, and access control policies within the realm.

3. Identity Store

  • The realm is associated with an identity store, where user identities and their associated attributes are stored. This could be an internal database, an LDAP directory, or another type of identity store.

4. Configuration

  • You can configure realms to enforce specific security policies, such as password policies, session timeouts, and multi-factor authentication requirements.

5. Separation of Concerns

  • Security realms allow you to separate different groups of users or services within the same IDM instance. For example, you might have separate realms for different departments, regions, or types of users (e.g., internal employees vs. external partners).

6. Customization

  • Realms can be customized to support various authentication methods, such as username/password, OAuth2, SAML, or custom authentication modules.

In summary, a security realm in ForgeRock IDM is a configuration domain that governs how users are authenticated and authorized, and how their identities are managed within a specific security context.























Comments

Post a Comment

Popular posts from this blog

SailPoint IIQ - Installation Steps

Image
How to Install and Deploy SailPoint IdentityIQ in Local Windows Machine 1]  Prerequisite tools checklist: Use below credential during MySQL database installation setup (At step 2): MySQL super user access needed for running schema scripts  UID          root Password root123 This is same password which you have set during installation of MySQL Download and install below softwares Oracle or Open JDK - Version 1.8  ( https://www.java.com/en/download    or    https://openjdk.org/projects/jdk8/ ) MySQL database - Version 8x  ( https://dev.mysql.com/downloads/installer/ ) Apache Tomcat Server - Version 9x  ( https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.56/bin/apache-tomcat-9.0.56.zip ) Set JAVA_HOME ,  JRE_HOME  and  MY_SQL  path in environment variable 2]  Deploy Sailpoint war/jars & launch SailPoint IQ application: Steps to follow for deploying SailPoint jars/wars and Launch Sai...
Read more

NIST (National Institute of Standards and Technology) Controls

NIST (National Institute of Standards and Technology) provides comprehensive guidance for improving Identity and Access Management (IAM) systems. These guidelines are part of broader cybersecurity frameworks and publications that help organizations secure their digital identities and access controls. Here's an overview of the key NIST controls and guidelines relevant to IAM: 1. NIST SP 800-53: Security and Privacy Controls for Information Systems and Organizations This document provides a catalog of security and privacy controls for federal information systems and organizations. It covers a wide range of topics, including IAM. Relevant control families include: AC (Access Control) : This family of controls deals directly with access to information systems and includes: AC-1: Access Control Policy and Procedures AC-2: Account Management AC-3: Access Enforcement AC-4: Information Flow Enforcement AC-5: Separation of Duties AC-6: Least Privilege AC-7: Unsuccessful Login Attempts AC-1...
Read more

SailPoint IIQ - Database Tables

#User master table, consist of firstname, lastname, email etc. select  * from spt_identity #Entitlement select * from spt_identity_entitlement #Role select * from spt_bundle #Application table details like HR, Finance, PAM application etc. select * from  spt_application # Managed attributes details like type entitlement, group etc. select * from  spt_managed_attribute # Profiles related table select * from  spt_profile select * from  spt_profile_constraints select * from spt_bundle #Request manage access table select * from spt_identity_request_item #Access request table - with completion status, requester, approver etc. select * from  spt_identity_request #WorkItems select * from spt_work_item #Plugin listing table select * from  spt_plugin # Password policies select * from  spt_password_policy #Capabilities select * from  spt_capability select * from  spt_capability_rights select * from  spt_capability_children #Request Detai...
Read more