Call : (+91) 968636 4243
Mail : info@EncartaLabs.com

ForgeRock Access Management

( Duration: 4 Days )

This ForgeRock Access Management training course provides the key features and capabilities of the versatile and powerful ForgeRock Access Management (AM). It provides you, with the knowledge and confidence to manage your own environment.

By attending ForgeRock Access Management workshop, delegates will learn to:

Start with an unprotected website and end up with a fully functional access management solution where every user trying to access the website is redirected to AM for authentication
Improve access management security in AM with multi-factor authentication (MFA), context-based risk analysis, and continuous risk checking
Implement OAuth 2.0 (OAuth2) based protocols; namely, OAuth2 and OpenID Connect 1.0 (OIDC), to enable low-level devices and mobile applications to make requests that access resources belonging to a subscriber
Demonstrate federation across entities using SAML2 with AM
Install a new AM instance configured with external directory server data stores as the foundation for an AM cluster

Knowledge of ForgeRock Access Management Essentials
Knowledge of UNIX/Linux commands
An understanding of HTTP and web applications
A basic understanding of how directory servers function
A basic understanding of REST
A basic knowledge of Java based environments would be beneficial, but no programming experience is required

The ForgeRock Access Management class is ideal for:

ForgeRock Access Management Administrators
System Integrators
System Consultants
System Architects
System Developers

COURSE AGENDA

Exploring Authentication Mechanisms

Introduce AM authentication
Understand realms
Describe authentication life cycle
Explain sessions
Examine session cookies
Prepare the lab environment
Examine an initial AM installation
Configure a realm and examine AM default authentication
Experiment with session cookies
Describe the authentication mechanisms of AM
Create and manage trees
Explore tree nodes
Create a login tree
Test the login tree

Protecting a Website With IG

Present AM edge clients
Describe IG functionality as an edge client
Review the ForgeRock Entertainment Company (FEC) website protected by IG
Integrate the FEC website with AM
Observe the IG token cookie
(Optional) Review IG configuration
Authenticate identities with AM
Integrate identities in AM with an identity store
Create an authentication tree with an LDAP Decision node
Integrate an identity store with AM

Controlling Access

Describe entitlements with AM authorization
Define AM policy components
Define policy environment conditions and response attributes
Describe the process of policy evaluation
Implement access control on a website

Increasing Authentication Security

Describe MFA
Register a device
Include recovery codes
Examine OATH authentication
Implement Time-based One-time Password (TOTP) authentication
(Optional) Implement HMAC-based One-time Password (HOTP) authentication
Examine Push notification authentication
(Optional) Implement Push notification authentication
Implement passwordless WebAuthn
(Optional) Implement passwordless WebAuthn
Examine HOTP authentication using email or SMS
(Optional) Implement HOTP authentication using email or SMS

Modifying a User’s Authentication Experience Based on Context

Introduce context-based risk analysis
Describe device profile nodes
Determine the risk based on the context
Implement a browser context change script
Lock and unlock accounts
Implement account lockout

Checking Risk Continuously

Introduce continuous contextual authorization
Describe step-up authentication
Implement step-up authentication flow
Describe transactional authorization
Implement transactional authorization
Prevent users from bypassing the default tree

Integrating Applications With OAuth2

Discuss OAuth2 concepts
Describe OAuth2 tokens and codes
Describe refresh tokens, macaroons, and token modification
Request OAuth2 access tokens with OAuth2 grant types
Explain OAuth2 scopes and consent
Configure OAuth2 in AM
Configure AM as an OAuth2 provider
Configure AM with an OAuth2 client
Test the OAuth2 Device Code grant type flow

Integrating Applications With OIDC

Introduce OIDC
Describe OIDC tokens
Explain OIDC scopes and claims
List OIDC grant types
Create and use an OIDC script
Create an OIDC claims script
Register an OIDC client and configure the OAuth2 Provider settings
Test the OIDC Authorization Code grant type flow

Authenticating OAuth2 Clients and using mTLS in OAuth2 for PoP

Examine OAuth2 client authentication
Examine OAuth2 client authentication using JSON Web Token (JWT) profiles
Examine OAuth2 client authentication using mTLS
Authenticate an OAuth2 client using mTLS
Examine certificate-bound proof-of-possession (PoP) when mTLS is configured
Obtain a certificate-bound access token

Transforming OAuth2 Tokens

Describe OAuth2 token exchange
Explain token exchange types and purpose for exchange
Describe token scopes and claims
Implement a token exchange impersonation pattern
Implement a token exchange delegation pattern
Configure token exchange in AM
Configure AM for token exchange
Test token exchange flows

Implementing Social Authentication

Delegate registration and authentication to social media providers
Implement social registration and authentication with Google

Implementing SSO Using SAML2

Discuss SAML2 entities and profiles
Explain the SAML2 flow from the identity provider (IdP) point of view
Examine SSO across service providers (SPs)
Configure AM as an IdP and integrate with third-party SPs
Examine SSO between SP and IdP and across SPs

Delegating Authentication Using SAML2

Explain the SSO flow from the SP point of view
Describe the metadata content and purpose
Configure AM as a SAML2 SP and integrate with a third-party IdP

Installing and Upgrading AM

Plan deployment configurations
Prepare before installing AM
Deploy AM
Outline tasks and methods to install AM
Install AM with the web wizard
Install AM and manage configuration with Amster
Describe the AM bootstrap process
Install an AM instance with the web wizard
Install Amster
Upgrade an AM instance
Upgrade AM with the web wizard
(Optional) Upgrade AM with the configuration tool

Hardening AM Security

Harden AM security
Adjust Default Settings
Harden AM security
Describe secrets, certificates, and keys
Describe keystores and secret stores
Manage the AM keystore
Configure and manage secret stores
Configure an HSM secret store to sign OIDC ID token
Audit logging
Debug and monitoring tools

Clustering AM

Explore high availability solutions
Scale AM deployments
Describe AM cluster concepts
Create an AM cluster
Identify tuning tips for AM clusters
Prepare the initial AM cluster
Install another AM server in the cluster
Test AM cluster failover scenarios
(Optional) Modify the cluster to use client-based sessions

Deploying the Identity Platform to the Cloud

Describe the Identity Platform
Prepare Your Deployment Environment
Deploy and access the Identity Platform
Access an authenticate your GCP account
Prepare to deploy the Identity Platform
Deploy the Identity Platform with the Cloud Development Kit (CDK)
Remove the Identity Platform deployment

Encarta Labs Advantage

One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
All courses are delivered by Industry Veterans
Get jumpstarted from newbie to production ready in a matter of few days

Trained more than 50,000 Corporate executives across the Globe
All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top

Notice