ForgeRock introduces identity management platform for IoT

ForgeRock, an open platform provider of identity management solutions, has introduced its enhanced ForgeRock Identity Platform – offering an identity management platform that continuously and contextually assesses the authenticity of users, devices and things.

Built on privacy-by-consent principles, the ForgeRock Identity Platform is also now the first identity management platform to fully implement the User-Managed Access (UMA) standard, making it possible for organisations to address expanding privacy regulations and establish trusted digital relationships.

 In the past, identity management was used primarily for employee security and viewed as a necessary enterprise cost. Yet innovations in identity management technology now enable enterprises and government organisations to securely provision digital services to millions – and up to billions – of customers and citizens.

Through ForgeRock’s contextual authorisation features and adaptive risk engine, organisations can verify the authenticity of users, devices, things and services throughout a session, and mitigate risk whenever an anomaly is detected. If a suspicious action is detected – for example, a user moves from a protected network at his office to an unprotected network at the nearby coffee shop – the ForgeRock Identity Platform can apply step-up authentication and require further authorisation for the session to proceed.

Additionally, the enhanced platform enables identity professionals to simplify security and lower the total cost of deploying multi-factor authentication with ForgeRock’s out-of-the-box mobile iOS or Android mobile authentication app. The new mobile app provides strong multi-factor authentication, generates one-time passwords, and delivers easy and secure provisioning with quick response (QR) codes.

Security for the Internet of Things (IoT)

Traditional identity management platforms have been designed to only support authorisation policies for URLs and lack the ability to address the unique needs of the IoT.  The ForgeRock Identity Platform’s new universal authorisation capability now makes it possible to secure IoT devices and things. For example, universal authorisation can be used to enable a hotel room to be unlocked with the guest’s phone.  With universal authorisation, it’s now possible to define specific resource types or “things” with custom actions to build solution-specific policies.

Enhanced Data Privacy Controls

The upcoming General Data Protection Regulation presents global implications for the way in which organizations deal with data privacy – not just for customers but for employees as well. However, there has not previously been a standardised way for organisations to provide capabilities to control, share, and revoke access to data, whether that be for internal employees, partners, other organisations or consumers.

User-Managed Access (UMA) is a new standard featuring a group of capabilities designed to enable individuals to selectively share, control, authorise and revoke access to data. ForgeRock is the first identity management platform vendor to include a full implementation of the UMA standard.