OpenAM Consortium Tokyo Japan Feb 2014
Allan Foster CTO Office IRM
2013
Future
2 IRM Origin Story …
3 Evolution of Identity
Relationships
Things Attributes Context Stateless Consumers
Employees & Perimeter-less Partners Federation Cloud Employees SaaS Perimeter-less Mobility Federation Cloud / SaaS Perimeter Perimeter Federation
4 Identity Relationship Management Business Values …
■ CONSUMERS & THINGS over employees only
■ ADAPTABLE over predictable
■ TOP LINE REVENUE over operating expense
■ VELOCITY over process and tools
5 CONSUMERS & THINGS over employees only
6 ADAPTABLE over predictable
7 TOP LINE REVENUE over operating expense
8 VELOCITY over process and tools
9 IRM Technical Emphasis …
■ INTERNET SCALE over enterprise scale
■ DYNAMIC INTELLIGENCE over static intelligence
■ BORDERLESS over perimeter
■ MODULAR over monolithic
10 INTERNET SCALE over enterprise scale
11 DYNAMIC INTELLIGENCE over static intelligence
12 BORDERLESS over perimeter
13 MODULAR over monolithic
14 ForgeRock Technical Vision … Next Generation Identity & Access Management for the Modern Web
15 Our Open Identity Stack
. Platform agnostic for Enterprise, Social, Mobile, & Cloud Environments
. Modular & Embeddable for Cloud Providers
. Massively Scalable for External Enterprise Customers and private /public clouds
. One common API to access ALL services
FORGEROCK.COM | CONFIDENTIAL 16 Open Identity Stack
OpenAM OpenDJ
OpenIDM Bridge SPE Commercial Open Source Identity Services
Directory Authentication Federation Entitlements Provisioning Synchronization Authentication Services
Web Services Password Authorization Risk Engine Workflow Directory Proxy Security Management
Role Policy Engine Session Failover Strong AuthN Password Reset Replication Provisioning
FORGEROCK.COM | CONFIDENTIAL 17 OpenAM
. “All-in-One” solution delivered as a single application
. Access to any application – Enterprise, SaaS, Social, Mobile
. Flexible and extensible architecture
. Social sign-on and one-time mobile password
. Architected for consumer scale -- +100M users
FORGEROCK.COM | CONFIDENTIAL 18 OpenAM
Key Features Benefits
■ Session Fail-Over architecture ■ Provides the highest level of HA to using embedded OpenDJ ensure users are always online
■ Full Oauth 2.0 and OpenID ■ Latest protocols for simplified Connect 1.0 support Federation and Mobile SSO
■ Device Fingerprinting adaptive ■ Adds advanced authentication module authentication support for fraud prevention
■ Complete Mobile development ■ Create device agnostic applications support through REST APIs for a Web or a native O/S apps
■ OATH device and One Time ■ Use mobile phone as a second factor Password support using either SMS or Soft-Token generator
FORGEROCK.COM | CONFIDENTIAL OpenIDM
. Lightweight provisioning built on REST principles
. Flexible architecture with pluggable workflow engine
. Standards based APIs and scripting
. Architected for consumer scale with +100’s of creates/second
FORGEROCK.COM | CONFIDENTIAL 20 OpenIDM
Key Features Benefits
■ Modern architectural design ■ Lightweight approach reduces built on the OSGi framework deployment and development costs
■ Purpose built for high scale ■ Provides easy to implement consumer applications and provisioning, syncing for online services services such as banking, insurance…
■ Flexible data model and data ■ Reduces time and cost by leveraging store existing model for managing data
■ Program business logic using ■ Standards based languages enable Java or Groovy faster development and zero lock in ■ Customizable UI using JSON ■ Decoupled UI enables easy and REST development of custom-tailored solutions
FORGEROCK.COM | CONFIDENTIAL OpenDJ
. Lightweight / embeddable directory
. LDAP / REST APIs
. High availability & replication
. Architected for massive scale -- +100M Users
FORGEROCK.COM | CONFIDENTIAL 22 OpenDJ
Key Features Benefits
■ Java based architecture ■ Architecture supports the most designed for scale and demanding environments with performance high throughput
■ Supports HA deployments ■ Enables global data center with N-way multi-master deployment for managing failover replication and disaster recovery
■ Developer friendly LDAP to ■ Exposes directory data as JSON REST Gateway developer resource enabling access for non- tool LDAP apps
■ RESTful API developer ■ Simplifies by using standard REST access for managing all core functions
FORGEROCK.COM | CONFIDENTIAL ForgeRock Identity Bridge SPE Secure connection between On-Premise & Cloud infrastrcture
Ease adoption Business Impact Technical Approach of cloud • Cloud Service Providers: • Turnkey software appliance for Increase service adoption by provisioning, federating and synching services and eliminating IDs and identities between enterprise customers reduce passwords. and the services they offer enterprise / • Enterprise: Eliminate • Designed to be easily modified to match copious amounts of time service provider's brand and application cloud friction onboarding new cloud look and feel, and to seamlessly integrate services. with existing service offerings
FORGEROCK.COM | CONFIDENTIAL 24 Identity Bridge SPE
Key Features Benefits
. Simple wizard based ■ Enables 15 minute setup and administration configuration . User provisioning engine . Instantly add and remove users with account reconciliation and sync in changes in real-time . Federated SSO using . Single Sign-on using SAML-based SAML for secure connections . Designed as a software . Deploys with any IAM appliance Infrastructure in the DMZ . Windows support for SSO . Leverages standard Integrated to SaaS service Windows AuthN and Kerboros . Flexible configuration . Can be customized for many different SaaS and data stores
FORGEROCK.COM | CONFIDENTIAL Our IRM Platform …
ForgeRock Open Identity Stack
26 ForgeRock Today Building Relationships Across the Web
PEOPLE SYSTEMS CONTEXT THINGS DEVELOPMENT
Create users / IP Risk-based Authentication Enterprise Apps Modular Services things Authentication
Delete users / Coarse-grained Device Mobile Apps Common REST things Authorization Fingerprinting
Fine-grained One-Time Mobile Synchronization Social Apps Session Failover Authorization Password
Password Strong IP-Connected Federated SSO Data Replication Management Authentication Devices
Web Services Bridge for Cloud Workflow Security Providers
FORGEROCK.COM | CONFIDENTIAL 27 ForgeRock Tomorrow Building Relationships Across the Web
PEOPLE SYSTEMS CONTEXT THINGS DEVELOPMENT
Create users / IP Risk-based Authentication Enterprise Apps Modular Services things Authentication
Delete users / Coarse-grained Device Mobile Apps Common REST things Authorization Fingerprinting
One-Time Mobile Synchronization Entitlements Social Apps Performance Password
Strong IP-Connected Password Federated SSO Management Authentication Devices Multi-Tenant
REST Token Mobile Security Workflow Risk Analytics Bridge for SFDC Service Gateway
Role-based Risk-Based Simplified Social Bridge for Monitoring Provisioning Authentication Sign-On Enterprises
Bridge for Enterprises 28 ForgeRock Roadmap
2015 STACK ROADMAP OpenDJ: Virtual Directory OpenAM: Knowledge-based Authentication Risk Analytics (NEW) Mobile Identity Management Phase 2 (NEW)
2015 2014 STACK ROADMAP 1H2014 OpenIDM: Role-based Provisioning OpenDJ: Identity Proxy OpenAM: Simplified Social Sign-on 2 2014 2H2014 Bridge Enterprise Edition (NEW) Mobile Identity Management Phase 1 (NEW)
FORGEROCK.COM | CONFIDENTIAL 29 ForgeRock Momentum • 800% sales growth from Q4FY12 to Q4FY13 • 207% sequential sales growth from Q3FY13 to Q4FY13 • Average deal size is up 166% Year over Year. • Revenue continues to be distributed evenly between North America and European markets.
Business is Skyrocketing
30 Marquee Customers
FORGEROCK.COM | MARQUEE CUSTOMERS 31 Government of Norway Providing 4M citizens access to 300+ Government services
Tax Office “OpenAM’s simple, secure access to government services played a large part in the
Water & Health success of the eGovernment Energy Economics Directorate Agency initiative”
TOR ALVIK, COO Agency for Public Management & eGoverment
Labor & Welfare Agency
5 million citizens access • Over 1 million concurrent users • 500k businesses access
FORGEROCK.COM | CONFIDENTIAL 32 Government Success …
Canada Belgium Norway (35M Citizens) (11M Citizens) (5M Citizens)
The Vatican New Zealand New Caledonia (~1000 Citizens) (650K citizens) (256K Citizens Enabling Government Services Globally!
FORGEROCK.COM | CONFIDENTIAL 33 Toyota User Portal Authenticating more than people—cars & devices included
1 2
Automobile Application & Data Authentication Synchronization Powered by ForgeRock
FORGEROCK.COM | CONFIDENTIAL 34 Thank You!