ForgeRock Access Management

ForgeRock AM (PingAM) is a policy and token-issuing server for app and API access. It operates as an OAuth 2.0/OIDC provider, SAML 2.0 IdP/SP, and supports fine-grained authorization patterns such as UMA 2.0. Authentication is orchestrated with drag-and-drop authentication trees (Intelligent Access) and can include WebAuthn passkeys.

Key Capabilities

  • OAuth 2.0 / OpenID Connect provider: Token, authorization, discovery, dynamic client registration, and claims customization for first-party and third-party apps.

  • SAML 2.0 federation: Acts as IdP or SP for enterprise SSO (HTTP-Redirect/POST bindings; SSO/SLO flows).

  • Intelligent Access (authentication trees): Node-based journeys to build adaptive and step-up flows.

  • Passwordless / Passkeys: Built-in WebAuthn (FIDO2), including usernameless experiences (“ForgeRock Go”).

Limitations

  • Not an IGA/provisioning suite: AM handles authN/authZ and federation. Provisioning/governance are separate (ForgeRock/Ping IDM or third-party IGA).

  • Feature variance by release: Specific OIDC/SAML/UMA options and admin UI paths can differ across versions.

Customer Identity, Simplified.

No Complexity. No Limits.
Thousands of businesses trust LoginRadius for reliable customer identity. Easy to integrate, effortless to scale.

See how simple identity management can be. Start today!
Free Trial
Contact Sales