ForgeRock Identity Governance Workshop

  • Tuition USD $2,050
  • Reviews star_rate star_rate star_rate star_rate star_half 839 Ratings
  • Course Code IDM-520
  • Duration 2 days
  • Available Formats Classroom, Virtual

This expert-led workshop leads students through how to configure and use Access Request to enable end users to request access to various entitlements, configure and use Access Review to create certification campaigns that certify user and role access, and configure and use Identity Reporting to create reports for auditing purposes.

  • The final chapter covers installing the new ForgeRock Identity Governance software available for existing ForgeRock® Identity Management (IDM) deployments. Students install the software within a given IDM deployment, and then learn how to seed governance data for development purposes.

Skills Gained

Upon completion of this course, you should be able to:

  • Provide an overview of ForgeRock Identity Governance and related software in context with the ForgeRock Identity Platform™.
  • Perform the administrative and end user tasks necessary to create and use the request access features of Access Request.
  • Perform the Access Review administrative governance tasks necessary to create and run user and role certification campaigns.
  • Use the Identity Reporting feature to upload the necessary SQL queries to generate reports, configure the connections to the target database sources, and create report schedules.
  • Install the Access Review, Access Request, and Identity Reporting software modules on top of an existing IDM deployment to enable the services of ForgeRock Identity Governance.

Who Can Benefit

This workshop is aimed at technical audiences who are responsible for deploying and utilizing the ForgeRock Identity Governance software within a IDM deployment.


The following are the prerequisites for successfully completing this course:

  • Completion of the ForgeRock® Identity Management (IDM) Core Concepts course.
  • Basic knowledge of IDM managed objects, the related schemas, connectors to external resources, and synchronization mappings help in understanding the identity governance-related administrator tasks.
  • Knowledge of LDAP and LDAP groups would also be helpful.

Course Details

Chapter 1: ForgeRock Identity Governance Overview

Lesson 1: Getting Started with Identity Governance

  • Describe the role of ForgeRock Identity Governance in the ForgeRock Identity Platform
  • Describe the features and benefits provided by Access Request
  • Describe the features and benefits provided by Access Review
  • Describe the features and benefits provided by Identity Reporting
  • List the resources available for implementing ForgeRock Identity Governance

Lesson 2: Assessing the Identity Governance Environment

  • Describe the identity management and identity governance roles
  • View the seeding data and IDM deployment configuration
  • Identify identity governance data

Chapter 2: Access Request

Lesson 1: Getting Started With Access Request

  • Describe the main use cases for Access Request
  • Describe the roles and responsibilities in managing and using Access Request
  • Describe a typical access request process flow

Lesson 2: Configuring Access Request

  • Configure the default approvers, display, and search properties
  • Update the email notification templates

Lesson 3: Managing Access Requests

  • Request access with auto-approval
  • Create a requestable bundle
  • Create additional access requests (optional challenge)

Lesson 4: Managing the Glossary

  • Define the purpose of the Glossary
  • Describe how to define a glossary item
  • Update the glossary for a new role

Chapter 3: Access Review

Lesson 1: Getting Started With Access Review

  • Describe the main use cases for Access Review
  • Describe the roles and responsibilities for managing and using Access Request
  • Describe a typical access review process flow

Lesson 2: Configuring Access Review

  • Describe the global system settings
  • Configure the glossary for Access Review
  • Modify the notification templates

Lesson 3: Managing User Certifications

  • Validate that an end user should have access to an entitlement
  • Verify a user certification campaign
  • Use the scheduler to launch a user certification process on a periodic basis
  • Trigger a user certification based on a user property change
  • Define a multi-stage user certification
  • Test workflow remediation to revoke a role

Lesson 4: Managing Policy Violations

  • Describe the policy violation features
  • Describe a typical policy violation process flow
  • Create a policy violation rule that detects a toxic combination and remediate as the policy owner

Lesson 5: Managing Role Certifications

  • Describe a typical role management process flow
  • Create a role certification

Chapter 4: Identity Reporting

Lesson 1: Getting Started With Identity Reporting

  • Describe the role and main use case for using Identity Reporting
  • Upload the SQL queries for Identity Reporting
  • Configure the data sources for accessing report data
  • Generate an on-demand report

Chapter 5: Installing ForgeRock Identity Governance

Note that the installation of the ForgeRock Identity Governance software requires more knowledge of IDM than the previous chapters. This chapter can be optional for those not responsible for the installation.

Lesson 1: Installing Access Request

  • List the prerequisites for adding Access Request
  • Install Access Request
  • Perform post-installation tasks

Lesson 2: Installing Access Review

  • List the prerequisites for adding Access Review
  • Install Access Review
  • Perform post-installation tasks
  • Explore the changes made to IDM after installing Access Review

Lesson 3: Installing Identity Reporting

  • List the prerequisites for using and installing Identity Reporting
  • Install Identity Reporting
  • Verify Identity Reporting is installed and operational

Lesson 4: Seeding IDM with Identity Governance Data

This lesson is optional, as the method for seeding IDM with identity governance data will vary from developer to developer. Also important is that this seeding script and data might not be available to those outside of ForgeRock.

  • Describe the given seeding script package
  • Prepare the IDM deployment
  • Seed the IDM deployment with identity governance data
  • Validate the seeding data and configuration

How do I enroll?

A comprehensive listing of ExitCertified courses can be found here. You can register directly for the required course/location when you select "register". If you have any questions or prefer to speak with an ExitCertified education consultant directly, please submit your query here. A representative will contact you shortly.

How do I pay for a class?

You can pay at the time of registration using credit card (Mastercard/Visa/American Express) cheque or PO.

What if I have training credits?

ExitCertified honors all savings programs from the partners we work with. ExitCertified also offers training credits across multiple partners through our FLEX Account.

When does class start/end?

Classes begin promptly at 9:00 am, and typically end at 5:00 pm.

Does the course schedule include a Lunchbreak?

Lunch is normally an hour long and begins at noon. Coffee, tea, hot chocolate and juice are available all day in the kitchen. Fruit, muffins and bagels are served each morning. There are numerous restaurants near each of our centers, and some popular ones are indicated on the Area Map in the Student Welcome Handbooks - these can be picked up in the lobby or requested from one of our ExitCertified staff.

How can someone reach me during class?

If someone should need to contact you while you are in class, please have them call the center telephone number and leave a message with the receptionist.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

What does GTR stand for?

GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.

Great course, the labs were the best part of the course because it helped the material and information really sink in. We did have issues with one of the labs not being correct though

I really enjoy the subject matter presented in this course. The instructor was very well verse and presented the material in a easy to understand and professional way... Great job!

Registration process was smooth. Follow-up reminders and content was timely. Great execution!

Tommy was a great instructor. We relied on this class to develop our understanding, and we were very happy with the result.

A reliable partner with AWS. Provides excellent reading and lab material. A really helpful subject matter companion as you move forward towards certification. Reliable and thorough. Professional instructors and customer service.

3 options available

  • GTR Sep 23, 2020 Sep 24, 2020 (2 days)
    9:00AM 5:00PM EDT
  • Nov 4, 2020 Nov 5, 2020 (2 days)
    9:00AM 5:00PM EST
  • Dec 16, 2020 Dec 17, 2020 (2 days)
    9:00AM 5:00PM EST
Contact Us 1-800-803-3948
Contact Us Live Chat
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward