ForgeRock® Access Management and ForgeRock® Identity Management Combination Course

Chapter 1: Performing Basic Configuration

Lesson 1: Implementing Default Authentication

• Describe how to use AM to manage default authentication using cookies
• Implement default authentication with AM
• Understand the need for and the use of realms
• Implement separation of admins and users using realms
• Observe the function of cookies

Lesson 2: Protecting a Website

• List and describe AM authentication clients
• Describe web agent main functionality
• Implement policy enforcement using web agents
• Analyze the am-auth-jwt cookie

Lesson 3: Empowering Users Through Self-Service

• Describe the main capabilities of user self-service
• Configure user self-service self-registration basic flow

Chapter 2: Implementing Intelligent Authentication

Lesson 1: Extending Authentication Functionality

• Describe the authentication mechanisms of AM
• List the available nodes
• Compare tree and chain mechanisms
• Identify realm-level authentication settings
• Use the authentication tree designer and ForgeRock’s Marketplace
• Create and test an authentication tree containing an LDAP Decision node
• Use the recording tool for troubleshooting

Lesson 2: Retrieving User Information

• Understand the use of an identity store
• Explain the distinction between identity store and credentials store
• Implement user-specific features on the website
• Retrieve user profile information using REST

Lesson 3: Increasing Authentication Security

• Discuss the need to increase authentication security
• Implement account lockout
• Configure risk-based authentication
• Configure second-factor authentication
• Demonstrate push notification authentication

Chapter 3: Introducing IDM and Getting Started

Lesson 1: Introducing IDM and Exploring the FEC Solution

• Describe how IDM is used in the ForgeRock Identity Platform to deliver a CIAM solution
• Demonstrate each of the core concepts from an end user and administrator perspective

Lesson 2: Installing IDM

• Describe the basic IDM installation requirements for deploying IDM
• Install and start IDM for the first time and explore the default UIs
• Start IDM with the CSV sample configuration and run the sample
• Start IDM with the LDAP sample configuration and run the sample

Lesson 3: Deploying and Managing IDM as a Project

• Set up a new IDM project for development
• Configure IDM to run as a background process

Lesson 4: Performing Basic IDM Troubleshooting

• Examine the different log files in IDM
• Get additional help troubleshooting outside of IDM

Chapter 4: Enabling User Registration and Self-Service

Lesson 1: Configuring the Default User Registration Process

• Configure the outbound email service
• Enable email-based self-registration

Lesson 2: Configuring IDM User Self-Service

• Enable email-based password reset and username retrieval
• Expand the KBA options
• Add a custom field to the Self-Service UI registration page

Lesson 3: Delegating Administration Privileges

• Add a new internal role and set up privileges to delegate administration

Chapter 5: Managing Synchronization and Reconciliation

Lesson 1: Using the REST Interface to Access IDM

• Query and manipulate IDM objects using the API Explorer and cURL

Lesson 2: Connecting to External Resources Using OpenICF

• Describe how to connect to external resources using OpenICF
• Add a connector to an external LDAP resource

Lesson 3: Performing Basic Synchronization

• Describe how to create sync mappings to flow identity objects and properties between IDM and one or more external resources
• Add a sync mapping from the IDM repository to the LDAP server
• Add a sync mapping from the LDAP server to the IDM repository

Lesson 4: Running Selective Synchronization and LiveSync

• Run selective synchronization using filters
• Identify methods of determining change events with LiveSync
• Schedule LiveSync with the LDAP directory

Lesson 5: Configuring Role-Based Provisioning

• Provision attributes to one or more external resources based on static role assignments
• Provision attributes to one or more external resources based on dynamic role assignments
• Add temporal constraints to a role