getting started


Your Environment

ForgeRock will set you up with an environment called a tenant. The tenant name will be unique to your organization. Your tenant will contain your applications and users.

The tenant will have an FQDN. For example, if the name of your tenant is tenantName, your FQDN will be You’ll use this FQDN as part of the endpoint for all API requests.

During the early part of the beta process you’ll have one environment. As beta proceeds, we plan to make additional environments available for development and staging.

Team Members

Team Members manage your environment.

The first user to sign in to the tenant becomes the first Team Member of the environment. The first Team Member can invite more team members. After signing in to the administrative console, select your sign-in name > Tenant Settings. You can then invite more Team Members.

Applications and Authentication

ForgeRock implements the OAuth 2.0 and OIDC protocols to allow applications to access resources on behalf of a user. You or your development team can create the applications to be used in Express. The applications you create are first-party applications.

Learn more about application types.

Choose one of the following methods to integrate registration and authentication into your apps:

Use ForgeRock Hosted Pages
We host these pages to authenticate your users. We provide a limited set of options to customize these pages for your apps. Once you configure redirect URLs, users authenticate on ForgeRock Hosted Pages, and are then returned to your application. You can configure your other apps with the same authentication flow.

Create Your Own Server Side App
With our APIs, you can customize authentication pages and host them on your own servers.

Embed Into Your Native/SPA Application
You can embed authentication into your application. In this model, users stay within the application for a seamless sign-in experience. This option is frequently used in mobile apps and SPAs.

Management APIs

ForgeRock provides APIs to let you to manage users and other objects in the system. To access the management API, you’ll use the authentication API to get an access token. You can then include that access token in your calls to the management API.

If you have questions email [email protected].