ForgeRock Access Management Core Concepts

  • Tuition USD $3,950
  • Reviews star_rate star_rate star_rate star_rate star_half 212 Ratings
  • Course Code AM-400
  • Duration 5 days
  • Available Formats Classroom, Virtual

This structured course comprises a mix of instructor-led lessons and demonstrations with plenty of lab exercises to ensure an opportunity to fully understand each of the topics covered. It provides students with a strong foundation for the design, installation, configuration, and administration of a ForgeRock® Access Management (AM) solution. The objective of the course is to present the core concepts of access management, demonstrate the many features of AM, and provide hands-on experience that allows students to implement a full solution based on real-life use cases, including many ready-to-use features.

  • Note: Revision B.1 of this course is built on version 6.5 of ForgeRock AM.

Skills Gained

Upon completion of this course, you should be able to:

  • Implement default authentication with AM
  • Configure web agents to control access
  • Enable user self-service self-registration basic flow
  • Configure intelligent authentication with trees
  • Configure an identity store
  • Retrieve user information with REST
  • Configure policies to control access
  • Extend entitlements using step-up authentication and transactional authorization
  • Configure AM as an OIDC provider and an UMA authorization server
  • Demonstrate OAuth2, OIDC, and UMA2 flows
  • Configure social authentication with Google
  • Customize AM themes for end-user pages
  • Investigate the need to harden AM security
  • Install, upgrade, and maintain an AM solution
  • Discuss AM clustering
  • Configure AM as a SAML2 entity

Who Can Benefit

This course is aimed at those responsible for overseeing various aspects of a successful deployment of ForgeRock AM. This includes, but is not limited to, those with the following responsibilities:

  • System Integrators
  • System Consultants
  • System Architects
  • System Developers
  • System Administrators

Prerequisites

The following are the prerequisites to successfully completing this course:

  • Knowledge of Unix/Linux commands and text editing
  • An appreciation of HTTP and web applications
  • A basic appreciation of how directory servers function
  • A basic understanding of REST
  • A basic knowledge of Java based environments would be beneficial. Programming experience is not required.

Course Details

Chapter 1: Performing Basic Configuration

Lesson 1: Implementing Default Authentication

  • Describe how to use AM to manage default authentication using cookies
  • Implement default authentication with AM
  • Understand the need for and the use of realms
  • Implement separation of admins and users using realms
  • Observe the function of cookies

Lesson 2: Protecting a Website

  • List and describe AM authentication clients
  • Describe web agent main functionality
  • Implement policy enforcement using web agents
  • Analyze the am-auth-jwt cookie

Lesson 3: Empowering Users Through Self-Service

  • Describe the main capabilities of user self-service
  • Configure user self-service self-registration basic flow

Chapter 2: Implementing Intelligent Authentication

Lesson 1: Extending Authentication Functionality

  • Describe the authentication mechanisms of AM
  • List the available nodes
  • Compare tree and chain mechanisms
  • Identify realm-level authentication settings
  • Use the authentication tree designer and ForgeRock’s Marketplace
  • Create and test an authentication tree containing an LDAP Decision node
  • Use the recording tool for troubleshooting

Lesson 2: Retrieving User Information

  • Understand the use of an identity store
  • Explain the distinction between identity store and credentials store
  • Implement user-specific features on the website
  • Retrieve user profile information using REST

Lesson 3: Increasing Authentication Security

  • Discuss the need to increase authentication security
  • Implement account lockout
  • Configure risk-based authentication
  • Configure second-factor authentication
  • Demonstrate push notification authentication

Chapter 3: Controlling Access Using Authorization

Lesson 1: Controlling Access

  • Describe how AM manages entitlements through authorization
  • Define policy components
  • Explain how AM evaluates policies
  • Implement access control policies on a website

Lesson 2: Extending Entitlements

  • Define session upgrade
  • Describe and implement step-up authentication
  • Describe and implement transactional authorization
  • Tighten access for the rest of the website

Chapter 4: Extending Services Using OAuth 2.0-Based protocols

Lesson 1: Integrating Low-Level Devices with OAuth 2.0 (OAuth2)

  • Explain why OAuth2 protocol can be used to integrate various devices
  • Discuss OAuth2 players and their roles
  • Describe OAuth 2 access tokens, refresh tokens, and authorization codes
  • List OAuth2 grants
  • Configure AM as an OAuth2 authorization server
  • Demonstrate OAuth2 device flow

Lesson 2: Integrating Mobile Applications with OpenID Connect 1.0 (OIDC)

  • Explain how OIDC leverages an OAuth2 handshake to provide authentication and data sharing
  • List OIDC grants
  • Configure AM as an OIDC provider
  • Observe the OIDC authorization grant profile

Lesson 3: Sharing Resources with UMA 2.0 (UMA2)

  • Describe how UMA2 enriches OAuth2 to allow resource sharing
  • Implement AM as an UMA2 authorization server and demonstrate resource sharing

Lesson 4: Implementing Social Authentication

  • Explain how AM can delegate authentication to social media
  • Configure social authentication using Google

Chapter 5: Preparing for Production

Lesson 1: Customizing AM End User Pages

  • Describe the user interface areas that can be customized
  • Theme the end user interface for a realm

Lesson 2: Hardening AM Security

  • Highlight the areas where security needs hardening
  • Adjust default settings
  • Set up administration privileges
  • Manage secrets
  • Use a Hardware Security Management (HSM) secret store to sign OIDC ID token

Lesson 3: Administering an AM Solution

  • Introduce the administration tools available
  • Install Amster
  • Export and explore configuration with Amster
  • Identify tools to troubleshoot issues
  • Record debugging information
  • Outline the main features of audit logging
  • List the available monitoring tools
  • Discuss the areas that need tuning

Lesson 4: Installing and Upgrading AM

  • Plan an AM installation
  • Install a single instance of AM using the wizard
  • Describe the bootstrap process
  • Upgrade an AM instance using the wizard

Lesson 5: Clustering AM

  • Discuss approaches to providing high availability
  • Explain how to scale a deployment
  • Add a server to a cluster using CTS-based sessions
  • Modify the cluster to use client-based sessions
  • Discuss deployment approaches

Chapter 6: Federating Across Entities Using SAML v.2 (SAML2)

Lesson 1: Implementing Single Sign-On Using SAML2

  • Discuss federation entities and flows
  • Explain the SSO flow from the Identity Provider (IdP) point of view
  • Examine SSO between Service Provider (SP) and IdP and across SPs

Lesson 2: Delegating Authentication Using SAML2

  • Explain the SSO flow from the SP point of view
  • Describe the metadata content and use
  • Configure AM as a SAML2 SP

When does class start/end?

Classes begin promptly at 9:00 am, and typically end at 5:00 pm.

Does the course schedule include a Lunchbreak?

Lunch is normally an hour long and begins at noon. Coffee, tea, hot chocolate and juice are available all day in the kitchen. Fruit, muffins and bagels are served each morning. There are numerous restaurants near each of our centers, and some popular ones are indicated on the Area Map in the Student Welcome Handbooks - these can be picked up in the lobby or requested from one of our ExitCertified staff.

How can someone reach me during class?

If someone should need to contact you while you are in class, please have them call the center telephone number and leave a message with the receptionist.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

What does GTR stand for?

GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.

Does ExitCertified deliver group training?

Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.

Does ExitCertified deliver group training?

Yes, we provide training for groups, individuals, and private on sites. View our group training page for more information.

The training guides were well thought out; not just slideware. Mike had deep understanding of the technology and did not just read the slides; he transferred knowledge. The labs and the lab environment have been well maintained and kept relevant. My experience with many courses in the past is that the consultants have just "thrown" the courseware together and tried to keep a talk track going for 5 days; after about 2 days of this it becomes boring. I never got bored of listening to Mike's presentation. Even on day 5, his content and delivery was a fresh as it was on day 1, 8am. Thanks for the great effort. It was much appreciated.

Mike was an incredible resource. His breadth and depth of knowledge of the subject was fantastic. He is engaging and easy to listen to and learn from. I would feel fortunate to take another class taught by Mike.

The indepth explanation of the ideas behind how AM works really helps me better understand the areas of the system which would be difficult to document. Understanding how to do tasks via the UI will really help me automate configuration via Amster CLI. This was an amazingly great class by a stellar instructor.

I think every topic covered provided a good introduction to many of the important features of Forge Rock AM.

I am very new to ForgeRock products, so this class was great for AM and expanding my knowledge of it.

23 options available

undo
  • GTR Oct 26, 2020 Oct 30, 2020 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EDT
    Enroll
    Enroll
  • GTR Nov 16, 2020 Nov 20, 2020 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EST
    Enroll
    Enroll
  • GTR Dec 7, 2020 Dec 11, 2020 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM PST
    Enroll
    Enroll
  • Dec 14, 2020 Dec 18, 2020 (5 days)
    Location
    Virtual
    Language
    English
    Time
    10:00 AM 6:00 PM EDT
    Enroll
    Enroll
  • Dec 14, 2020 Dec 18, 2020 (5 days)
    Location
    Tampa, FL
    Language
    English
    Time
    10:00 AM 6:00 PM EDT
    Enroll
    Enroll
  • Jan 4, 2021 Jan 8, 2021 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EST
    Enroll
    Enroll
  • Jan 25, 2021 Jan 29, 2021 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EST
    Enroll
    Enroll
  • Feb 8, 2021 Feb 12, 2021 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM PST
    Enroll
    Enroll
  • Mar 1, 2021 Mar 5, 2021 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EST
    Enroll
    Enroll
  • Mar 22, 2021 Mar 26, 2021 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EDT
    Enroll
    Enroll
  • Apr 12, 2021 Apr 16, 2021 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM PDT
    Enroll
    Enroll
  • May 3, 2021 May 7, 2021 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EDT
    Enroll
    Enroll
  • May 17, 2021 May 21, 2021 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EDT
    Enroll
    Enroll
  • Jun 7, 2021 Jun 11, 2021 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM PDT
    Enroll
    Enroll
  • Jun 28, 2021 Jul 2, 2021 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EDT
    Enroll
    Enroll
Contact Us 1-800-803-3948
Contact Us Live Chat
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward