Tools / ForgeRock IAM interview questions

What is ForgeRock Identity Cloud and how does it relate to ForgeRock Server?

ForgeRock Identity Cloud, now branded as PingOne Advanced Identity Cloud, is ForgeRock's fully managed SaaS IAM platform. It provides the same core ForgeRock capabilities — Access Management (AM), Identity Management (IDM), and Directory Services (DS) — delivered as a cloud-native, multi-tenant service hosted by ForgeRock/Ping Identity on AWS. Customers access the platform without managing the underlying infrastructure, patching, scaling, or upgrades.

Key differences between Identity Cloud and self-managed ForgeRock Server:

ForgeRock Identity Cloud vs. Self-Managed Server
Aspect	Identity Cloud (SaaS)	ForgeRock Server (Self-Managed)
Infrastructure	Managed by ForgeRock/Ping on AWS	Customer-managed (on-prem, AWS, Azure, GCP)
Upgrades	Automatic, rolling upgrades by ForgeRock	Customer-controlled, manual upgrade process
Customisation	Limited by SaaS governance; scripts and journeys only	Full access to all configuration files, custom OSGi bundles
Identity Gateway	Not included in cloud; self-hosted IG connects to cloud AM	IG deployed alongside AM/IDM
Tenant environments	Development, UAT, and Production environments per tenant	Separate deployments per environment
Service SLA	99.99% SLA managed by ForgeRock	Customer-defined based on their infrastructure

Identity Cloud uses an environment model — each customer gets Dev, UAT, and Prod tenants. Configuration changes (journeys, scripts, OAuth2 clients) are promoted between environments using a CICD pipeline-friendly configuration export/import mechanism. IG, if used, is deployed by the customer and configured to point its OAuth2 validation at the cloud AM endpoints.

What is the main operational difference between ForgeRock Identity Cloud and self-managed ForgeRock Server?Identity Cloud infrastructure and upgrades are fully managed by ForgeRock/Ping; self-managed requires customers to handle their own infrastructure and patching

✓ Well done — the cloud vs self-managed distinction is primarily about operational responsibility for infrastructure, upgrades, and SLAs.

Identity Cloud only supports OAuth2; self-managed Server supports SAML and OIDC

✗ Try again — Identity Cloud supports all the same protocols (OAuth2, OIDC, SAML2) as self-managed Server.

Identity Cloud does not support custom authentication journeys; those are only available in self-managed

✗ Try again — Identity Cloud supports authentication journeys (trees); customisation is through journeys and scripts rather than deep server-level configuration.

Where is ForgeRock Identity Gateway deployed in an Identity Cloud architecture?Inside the Identity Cloud SaaS platform alongside AM

✗ Try again — IG is not included in the cloud SaaS offering; customers deploy IG themselves and configure it to integrate with cloud AM endpoints.

In the customer's own infrastructure, configured to point to the cloud AM token validation endpoints

✓ Well done — IG is self-hosted by the customer and integrates with Identity Cloud AM for token introspection and policy evaluation.

IG is replaced by a WAF (Web Application Firewall) in cloud deployments

✗ Try again — IG provides identity-aware proxy capabilities that a generic WAF does not; it is still used in cloud architectures but customer-hosted.

Invest now in Acorns!!! 🚀 Join Acorns and get your $5 bonus!

Invest now in Acorns!!! 🚀
Join Acorns and get your $5 bonus!

Earn passively and while sleeping

Acorns is a micro-investing app that automatically invests your "spare change" from daily purchases into diversified, expert-built portfolios of ETFs. It is designed for beginners, allowing you to start investing with as little as $5. The service automates saving and investing. Disclosure: I may receive a referral bonus.

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.

Webull! Receive free stock by signing up using the link: Webull signup.

More Related questions...

What is ForgeRock IAM and what are its core platform components? What is ForgeRock Access Management (AM) and what protocols does it support? What are Authentication Trees (Journeys) in ForgeRock AM and how do they differ from the older module-based authentication? What is a ForgeRock AM Realm and what is it used for? How does ForgeRock AM implement OAuth 2.0 and what grant types does it support? What is the Core Token Service (CTS) in ForgeRock AM and what does it store? What is ForgeRock Identity Management (IDM) and what is its role in the platform? What is ForgeRock Directory Services (DS) and how does it differ from a standard LDAP server? What is ForgeRock Identity Gateway (IG) and how does it protect legacy applications? What are Authentication Nodes in ForgeRock AM and can you name commonly used ones? What is OpenID Connect (OIDC) in ForgeRock AM and how does it differ from OAuth 2.0? What is SAML 2.0 federation in ForgeRock AM and how do you configure a Service Provider? What are ForgeRock AM Policies and Policy Sets? What are Java Agents and Web Agents in ForgeRock AM? How does ForgeRock AM handle Multi-Factor Authentication (MFA)? What is Social Authentication in ForgeRock AM and how does it work? What is ForgeRock AM scripting and what languages are supported? What is ForgeRock DS replication and how does it work? What is ForgeRock IDM reconciliation and how do you configure it? What are Managed Objects in ForgeRock IDM? What is ForgeRock AM's Session Management and what types of sessions exist? What is PKCE in ForgeRock AM and why is it important for public clients? What is ForgeRock Identity Cloud and how does it relate to ForgeRock Server? What is User Managed Access (UMA) in ForgeRock AM? How does ForgeRock AM support Adaptive Authentication? What is the ForgeRock Autonomous Identity product? What is the difference between Authentication Level and Authentication Context in ForgeRock AM? How does ForgeRock AM Token Exchange (RFC 8693) work? What is the ForgeRock Identity Gateway Route configuration and how does it work? What are ForgeRock IDM's password policy capabilities? What is the ForgeRock CDK (Cloud Deployment Kit) and what does it provide? What is the difference between AM 6.x authentication chains/modules and AM 7.x authentication trees?

Show more question and Answers...

	Interviews Questions Java Spring Hibernate Maven Testing API BigData Web DataStructures AI Database MuleESB Cloud Scala Tools	About Javapedia.net Javapedia.net is for Java and J2EE developers, technologist and college students who prepare of interview. Also this site includes many practical examples. This site is developed using J2EE technologies by Steve Antony, a senior Developer/lead at one of the logistics based company.
	contact: javatutorials2016[at]gmail[dot]com
Kindly consider donating for maintaining this website. Thanks.
	Copyright © 2026, javapedia.net, all rights reserved. privacy policy.

Tools / ForgeRock IAM interview questions

What is ForgeRock Identity Cloud and how does it relate to ForgeRock Server?

Comments & Discussions

Recently added...