The future of IBM Maximo: Work Centers and Inspections Can Transform Your Business

closeClose

ForgeRock Access Management Core Concepts

  • Tuition USD $3,950
  • Reviews star_rate star_rate star_rate star_rate star_half 508 Ratings
  • Course Code AM-400
  • Duration 5 days
  • Available Formats Classroom, Virtual

This structured course comprises a mix of instructor-led lessons and demonstrations with plenty of lab exercises to ensure an opportunity to fully understand each of the topics covered. It provides students with a strong foundation for the design, installation, configuration, and administration of a ForgeRock® Access Management (AM) solution. The objective of the course is to present the core concepts of access management, demonstrate the many features of AM, and provide hands-on experience that allows students to implement a full solution based on real-life use cases, including many ready-to-use features.

  • Note: Revision B.1 of this course is built on version 6.5 of ForgeRock AM.

Skills Gained

Upon completion of this course, you should be able to:

  • Implement default authentication with AM
  • Configure web agents to control access
  • Enable user self-service self-registration basic flow
  • Configure intelligent authentication with trees
  • Configure an identity store
  • Retrieve user information with REST
  • Configure policies to control access
  • Extend entitlements using step-up authentication and transactional authorization
  • Configure AM as an OIDC provider and an UMA authorization server
  • Demonstrate OAuth2, OIDC, and UMA2 flows
  • Configure social authentication with Google
  • Customize AM themes for end-user pages
  • Investigate the need to harden AM security
  • Install, upgrade, and maintain an AM solution
  • Discuss AM clustering
  • Configure AM as a SAML2 entity

Who Can Benefit

This course is aimed at those responsible for overseeing various aspects of a successful deployment of ForgeRock AM. This includes, but is not limited to, those with the following responsibilities:

  • System Integrators
  • System Consultants
  • System Architects
  • System Developers
  • System Administrators

Prerequisites

The following are the prerequisites to successfully completing this course:

  • Knowledge of Unix/Linux commands and text editing
  • An appreciation of HTTP and web applications
  • A basic appreciation of how directory servers function
  • A basic understanding of REST
  • A basic knowledge of Java based environments would be beneficial. Programming experience is not required.

Course Details

Chapter 1: Performing Basic Configuration

Lesson 1: Implementing Default Authentication

  • Describe how to use AM to manage default authentication using cookies
  • Implement default authentication with AM
  • Understand the need for and the use of realms
  • Implement separation of admins and users using realms
  • Observe the function of cookies

Lesson 2: Protecting a Website

  • List and describe AM authentication clients
  • Describe web agent main functionality
  • Implement policy enforcement using web agents
  • Analyze the am-auth-jwt cookie

Lesson 3: Empowering Users Through Self-Service

  • Describe the main capabilities of user self-service
  • Configure user self-service self-registration basic flow

Chapter 2: Implementing Intelligent Authentication

Lesson 1: Extending Authentication Functionality

  • Describe the authentication mechanisms of AM
  • List the available nodes
  • Compare tree and chain mechanisms
  • Identify realm-level authentication settings
  • Use the authentication tree designer and ForgeRock’s Marketplace
  • Create and test an authentication tree containing an LDAP Decision node
  • Use the recording tool for troubleshooting

Lesson 2: Retrieving User Information

  • Understand the use of an identity store
  • Explain the distinction between identity store and credentials store
  • Implement user-specific features on the website
  • Retrieve user profile information using REST

Lesson 3: Increasing Authentication Security

  • Discuss the need to increase authentication security
  • Implement account lockout
  • Configure risk-based authentication
  • Configure second-factor authentication
  • Demonstrate push notification authentication

Chapter 3: Controlling Access Using Authorization

Lesson 1: Controlling Access

  • Describe how AM manages entitlements through authorization
  • Define policy components
  • Explain how AM evaluates policies
  • Implement access control policies on a website

Lesson 2: Extending Entitlements

  • Define session upgrade
  • Describe and implement step-up authentication
  • Describe and implement transactional authorization
  • Tighten access for the rest of the website

Chapter 4: Extending Services Using OAuth 2.0-Based protocols

Lesson 1: Integrating Low-Level Devices with OAuth 2.0 (OAuth2)

  • Explain why OAuth2 protocol can be used to integrate various devices
  • Discuss OAuth2 players and their roles
  • Describe OAuth 2 access tokens, refresh tokens, and authorization codes
  • List OAuth2 grants
  • Configure AM as an OAuth2 authorization server
  • Demonstrate OAuth2 device flow

Lesson 2: Integrating Mobile Applications with OpenID Connect 1.0 (OIDC)

  • Explain how OIDC leverages an OAuth2 handshake to provide authentication and data sharing
  • List OIDC grants
  • Configure AM as an OIDC provider
  • Observe the OIDC authorization grant profile

Lesson 3: Sharing Resources with UMA 2.0 (UMA2)

  • Describe how UMA2 enriches OAuth2 to allow resource sharing
  • Implement AM as an UMA2 authorization server and demonstrate resource sharing

Lesson 4: Implementing Social Authentication

  • Explain how AM can delegate authentication to social media
  • Configure social authentication using Google

Chapter 5: Preparing for Production

Lesson 1: Customizing AM End User Pages

  • Describe the user interface areas that can be customized
  • Theme the end user interface for a realm

Lesson 2: Hardening AM Security

  • Highlight the areas where security needs hardening
  • Adjust default settings
  • Set up administration privileges
  • Manage secrets
  • Use a Hardware Security Management (HSM) secret store to sign OIDC ID token

Lesson 3: Administering an AM Solution

  • Introduce the administration tools available
  • Install Amster
  • Export and explore configuration with Amster
  • Identify tools to troubleshoot issues
  • Record debugging information
  • Outline the main features of audit logging
  • List the available monitoring tools
  • Discuss the areas that need tuning

Lesson 4: Installing and Upgrading AM

  • Plan an AM installation
  • Install a single instance of AM using the wizard
  • Describe the bootstrap process
  • Upgrade an AM instance using the wizard

Lesson 5: Clustering AM

  • Discuss approaches to providing high availability
  • Explain how to scale a deployment
  • Add a server to a cluster using CTS-based sessions
  • Modify the cluster to use client-based sessions
  • Discuss deployment approaches

Chapter 6: Federating Across Entities Using SAML v.2 (SAML2)

Lesson 1: Implementing Single Sign-On Using SAML2

  • Discuss federation entities and flows
  • Explain the SSO flow from the Identity Provider (IdP) point of view
  • Examine SSO between Service Provider (SP) and IdP and across SPs

Lesson 2: Delegating Authentication Using SAML2

  • Explain the SSO flow from the SP point of view
  • Describe the metadata content and use
  • Configure AM as a SAML2 SP

How do I enroll?

A comprehensive listing of ExitCertified courses can be found here. You can register directly for the required course/location when you select "register". If you have any questions or prefer to speak with an ExitCertified education consultant directly, please submit your query here. A representative will contact you shortly.

How do I pay for a class?

You can pay at the time of registration using credit card (Mastercard/Visa/American Express) cheque or PO.

What if I have training credits?

ExitCertified honors all savings programs from the partners we work with. ExitCertified also offers training credits across multiple partners through our FLEX Account.

When does class start/end?

Classes begin promptly at 9:00 am, and typically end at 5:00 pm.

Lunchtime?

Lunch is normally an hour long and begins at noon. Coffee, tea, hot chocolate and juice are available all day in the kitchen. Fruit, muffins and bagels are served each morning. There are numerous restaurants near each of our centers, and some popular ones are indicated on the Area Map in the Student Welcome Handbooks - these can be picked up in the lobby or requested from one of our ExitCertified staff.

How can someone reach me during class?

If someone should need to contact you while you are in class, please have them call the center telephone number and leave a message with the receptionist.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

Lab infraestructure is very suitable and works pretty good help to understand better the concepts exposed during the training.

TX3181/3191 Courses. Really good course, highly recommended for TWS/D users.

Good training. The instructor was very knowledgeable and was able to answer questions with a professional demeanor. Course material was comprehensive and I felt I had a solid understanding of the topic after the training concluded.

The course material and instructor were very good. easy to follow, lab was setup nicely and was able to complete most of the lab material.
The Koretex App is absolute garbage and very cumbersome to use on a tablet/ipad. A PDF file would be 100 times better than that atrocious app.
As a recommendation this class should be 5 days instead of 4 as some chapters had to be rushed.

Very good platform iMVP. I did Architecting on AWS from home and the quality of the material and the labs. Very committed and experienced instructor too.

Didin't give 5 stars because I found the material was too much for 3 days. Too many new concepts, products and strategies to learn in such a little time. I'll have to check all the material and test everything again to be sure all this knowledge is not lost!

10 options available

undo
  • GTR Aug 24, 2020 Aug 28, 2020 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EDT
    Enroll
    Enroll
  • Sep 14, 2020 Sep 18, 2020 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EDT
    Enroll
    Enroll
  • Oct 5, 2020 Oct 9, 2020 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM PDT
    Enroll
    Enroll
  • Oct 19, 2020 Oct 23, 2020 (5 days)
    Location
    Tampa, FL
    Language
    English
    Time
    10:00 AM 6:00 PM EDT
    Enroll
    Enroll
  • Oct 19, 2020 Oct 23, 2020 (5 days)
    Location
    Virtual
    Language
    English
    Time
    10:00 AM 6:00 PM EDT
    Enroll
    Enroll
  • Oct 26, 2020 Oct 30, 2020 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EDT
    Enroll
    Enroll
  • Nov 16, 2020 Nov 20, 2020 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM EST
    Enroll
    Enroll
  • Dec 7, 2020 Dec 11, 2020 (5 days)
    Location
    iMVP
    Language
    English
    Time
    9:00AM 5:00PM PST
    Enroll
    Enroll
  • Dec 14, 2020 Dec 18, 2020 (5 days)
    Location
    Virtual
    Language
    English
    Time
    10:00 AM 6:00 PM EDT
    Enroll
    Enroll
  • Dec 14, 2020 Dec 18, 2020 (5 days)
    Location
    Tampa, FL
    Language
    English
    Time
    10:00 AM 6:00 PM EDT
    Enroll
    Enroll
Contact Us 1-800-803-3948
Contact Us Live Chat
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward