ForgeRock Identity Platform: Single Sign-On Overview and Analysis

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

See our complete list of Top SSO Solutions

Bottom Line

Those in financial services, automotive/manufacturing, telco/media, and retail needing SSO and a broader identity/access platform will be attracted to ForgeRock. But those needing only SSO may find its large feature set overkill.

Product Description

ForgeRock offers the ForgeRock Identity Platform as a digital identity system of record to monetize customer relationships, address regulations for privacy and consent (GDPR, HIPAA, FCC privacy, etc.) and leverage the Internet of things (IoT).

The ForgeRock Identity Platform offers access management, identity management, user-managed access, directory services and an identity gateway as a unified platform. Single sign-on is a key feature within access management. Capabilities include the following:

  • Intelligent authentication
  • Mobile authentication
  • Push authentication
  • Adaptive risk authentication
  • Authorization policies and enforcement
  • Transactional authorization
  • Federation
  • Single sign-on
  • User self-service and social sign-on
  • High-availability and scalability
  • Developer friendly and rich standards support
  • Adaptable monitoring and auditing services

The ForgeRock Identity Platform was purposefully designed to be a unified platform that includes SSO. Customers can choose what they want and incrementally extend the platform over time.

Markets and Use Cases

Financial services, automotive/manufacturing, telco/media and retail are specific targets for ForgeRock due to their complex access management requirements. Additionally, because of the scalability of the platform and the extensibility of the access management component, ForgeRock works well for any large-scale, customer-facing deployment. This includes Marriott for hospitality, Phillips and McKesson for healthcare, Pearson for education, Geico for insurance and the Government of Norway.

Security Qualifications

Since ForgeRock is not a software as a service (SaaS) solution but enables customers to deploy the products on IaaS or PaaS platforms, all security controls and accreditation are provided by the customer and their hosting/cloud providers for customer deployments. ForgeRock’s internal information security management system (ISMS) is structured in alignment with ISO 27001, with improvements underway to support future accreditation.


With Intelligent Authentication, businesses can integrate user signals from authentication, fraud prevention, malware and other security services in one interface. For example, you can pre-identify a user’s digital signals such as location, IP address, device type, operating system, browser type and more before a username is even collected. Multiple paths, each evaluating a digital signal, can be connected to intelligently adjust login journeys for both legitimate and suspicious users. This provides a fast, secure login experience and minimizes the risk of data breaches and DDoS attacks. You can also isolate and monitor malicious activity to gain deeper insight on how to improve your security and audit all login events.


The ForgeRock Identity Platform can be deployed on premises or in the cloud. ForgeRock has customers running the ForgeRock platform on-premises, in infrastructure as a service (IaaS) environments such as Amazon and Azure, and in concert with platform as a service (PaaS) offerings such as Cloud Foundry. In addition, ForgeRock has partners like Accenture delivering its platform as an Identity as a service (IDaaS) offering.


The need for agents depends on how integrations are done. ForgeRock Access Management ships with policy agents. These policy agents are for application containers and HTTP servers to intercept user traffic, perform session enforcement, check authorization policies and more. They seamlessly integrate and cover a range of platforms. Policy agents are not essential and provide an integration option for customers who do not wish to alter their existing code base. The agent sits in front with minimal configuration changes. If all apps use standards (SAML, OAuth2/OIDC), then agents are not needed. Agents are also unnecessary if organizations change their apps to use ForgeRock REST endpoints. But if enterprises have legacy apps that need protection, then agents are required.


ForgeRock Access Management scales to many millions of users and can scale horizontally and vertically with relatively little hardware. Some of the largest deployments include: HSBC (100 million identities), Marriott Hotels (125 million identities), BMW (120 million identities), TomTom (44 million identities), Scholastic (50 million identities), State Farm (35 million identities), BBC (25 million identities) and Capital One (30 million identities).


ForgeRock software is typically purchased on a subscription model, with multiple terms offered. Customers can purchase the entire platform or just the modules that they require at the time. Pricing is based on the specific modules purchased and the volumes of identities managed, whether internal or external. Software is licensed on an annual subscription model per identity per year. A ForgeRock subscription is a bundled offering that includes a software license, legal indemnification, support and access to all software releases. Initial agreements are three-year term subscriptions renewed annually following the initial term.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis