ForgeRock: Driving the Connected Automotive Era

Michael (Mike) Ellis, Chairman & CEO "The auto manufacturer that can create a real engaging relationship between the car, the people in the car, the digital services, cloud, and the onboard infotainment system–a truly unified experience–that will be the successful connected car manufacturer of the future.” So says Michael Ellis, Chairman, and CEO of ForgeRock, the digital identity company that recently announced a Series D funding round where it raised $88 million. Why would the CEO of a startup software company have such strong opinions on connected cars? Increasingly, digital automotive players such as Toyota, SiriusXM, TomTom and other manufacturers are relying on ForgeRock’s digital identity technology to secure and personalize the in-car experience.

Make no mistake: experience is king today. Take Apple, one of the most valued brands in the world. It leverages its hardware platforms (Mac, iPhone, AppleTV, etc.) as a launch pad to deliver engaging and successful digital experiences. At the epicenter of this winning model lies the Apple ID—a single sign-on service that identifies and authenticates users in a platform-agnostic manner. The world today is rallying around this concept of digital identity as the cornerstone of mobility. A new entrant to this ecosystem is the automotive industry. Equipped with digital interfaces and internet access, the ‘connected car’ is fast becoming a launch pad for auto manufacturers to deliver innovative services.

“Every connected vehicle is a rolling IoT ecosystem today, and there is a tremendous value proposition that car manufacturers can bring to this mobility paradigm,” explains Ellis. “They need to monetize services through their vehicle platforms, just as Apple did with apps and music." The ForgeRock Identity Platform is getting adopted by digital car players precisely because it makes it possible to create engaging personalized experiences and services in the mobile environment. The ForgeRock platform is a unique combination of access management, identity management, user-managed access, directory services, and an identity gateway, designed and built as a single, unified platform. Where conventional identity vendors designed their products for securing identities within an organization–usually for employees within large corporations–ForgeRock sees identity as key for companies that need to secure and personalize experiences for customers.

“The challenge with customer identity and access management (CIAM) is scale,” relates Ellis. “We have customers that have hundreds of millions of identities using ForgeRock solutions. Irrespective of whether a customer owns, rents, or subscribes to the car through Uber-like service, the digital identity of these entities in this rolling IoT ecosystem should suffice to launch new services, and provide secure access to entertainment and safety services—while on the move."

Based on the digital identity of the people inside the car, their mobile devices, and the car itself, ForgeRock enables auto OEMs and tier 1 suppliers to develop meaningful relationships that can drive personalized user experiences as well as revenue. With ForgeRock securing the relationships between the entities in the IoT environment, a broad range of monetization opportunities become a reality for their clients.

A Unique Digital Identity Platform

Today, ForgeRock is securing millions of identities of the individuals, cars, and digital devices globally. The massive scalability of the ForgeRock platform is enabled through four key principles: high scale digital identity management, information processing, authentication, and authorization. For digital identity management, the platform connects with multiple data sources to learn about the true attributes of a person, vehicle, software, service, or a subcomponent— such as infotainment system—that is connected to the vehicle.

It also keeps an updated version of the digital identities and provides that information to other services. The platform then issues, manages and processes those credentials for authentication. A user can use the biometric fingerprint, voice or facial recognition and even password on their smartphone—in the case of multifactor authentication—to authenticate themselves on the ForgeRock platform, and then to the vehicle. Once authenticated, the platform initiates a validated session and issues a token for the user. In the final step, authorization, the platform decides what actions the user can perform in the car environment.

We secure the communication transpiring across devices and platforms including chipset, edge, gateways, cars, and cloud

With ForgeRock, users inside the vehicle can authenticate themselves to their car and load personalized settings in a moment. They can download their preferred language, music playlist, and other settings through the car manufacturer’s cloud. With credentials cached in the vehicle, users can also authenticate the vehicle in the offline mode. As an IoT ecosystem, the vehicle itself or on behalf of the driver can authenticate the cloud service to publish data, secure updates, and facilitate vehicle-to-vehicle communication. In some locations, users can also authenticate the vehicle to city infrastructure, such as for paying tolls and parking. As “smart city” infrastructure comes online, ForgeRock will facilitate users sending payment tokens without depending on transponder and payment cards. Additionally, the edge controller built into the platform provides the passport level of security, trust, and the identity of the vehicle.

With billions of relationships between connected devices and users, IAM platforms will need to provide administrators a simple way to manage connections and data. To this end, ForgeRock enables multiple user authorization levels, for instance: owner, authorized driver, dealer, maintainer, renter, and so on. These capabilities are important for vehicle owners or managers who need to manage, enable or circumscribe certain rights to a vehicle. For instance, a parent might want to enable a teen driver to operate a vehicle only within a certain geographic area, or certain hours during the day. A fleet manager for a delivery service might want to grant full vehicle access to service mechanics, but limit drivers to operational rights only. Digital identity is also applicable to different sensors used in the vehicle. With the ability to create a graph of relationships between various types of identities managed by ForgeRock, users are in an advantageous position to leverage geolocation capabilities; for instance, finding the nearest dealership for service.

Effective User Managed Access

ForgeRock was an early adopter of the User Managed Access (UMA) standard, and has built UMA capabilities into the platform. In this way, ForgeRock allows users to express their consent to share or unshare specific personal information, and provides for fine-grained control over multiple systems in the car environment. A simple business case can be an app in the infotainment system that can advise the user on getting better rates from an insurance company if the information on the driving pattern is shared with that company. With the UMA capability, a driver could do a one-time share of their driving history, and revoke access to that data once a transaction has occurred. While allowing users to be very specific about what they want to share, UMA gives them a central place to manage data and avoid scenarios such as social engineering through unauthorized data access.

In addition to UMA, ForgeRock's API allows manufacturers and Tier 1 suppliers to quickly integrate new digital services into the platform. “Today, we have 12 separate app modules in the platform, tightly integrated, common architecture, a common platform of utilization of API and audit platform and interfaces platform,” says Ellis.
“Every connected vehicle is a rolling IoT ecosystem today, and there is a tremendous value proposition that car manufacturers can bring to this mobility paradigm”

A common programmatic interface smooths interaction between services, accelerates integration time and reduces cost. “We secure the communication transpiring across devices and platforms including chipset, edge, gateways, cars, and cloud.” ForgeRock also secures the holistic data through encryption for the data at rest and in transit.

Looking at the capabilities of a connected fleet, several automotive OEMs are doing pilots around fleet services, and are increasingly showing their interest in the marketplace. "However, they need to ensure that they create a secured environment around fleet management by authenticating the identity of the vehicles and the customer base," says Lasse Andresen, CTO, and co-founder, ForgeRock. “The OEMs can correlate to the identity of the car in customer's preferences, entertainment choices, payment terms, and even seat positions.” Bringing together the identity of the fleet, car, and the particular subscriber helps enable multiple types of value added opportunities—insurance, preferences, digital entertainment, payment, and connected payment streams—that can facilitate a smooth digital journey.

The Advantage of Digital Identity Management

ForgeRock has helped many leading auto manufacturers seamlessly deliver secure digital services. In one instance, Toyota required a reliable and agile access management system for its telematics solution, the “My Toyota” Customer Portal, a personalized portal that drivers can use to activate and manage their preferred applications and services. Toyota wanted the access management solution to be intelligent about which car and which driver is accessing the platform, to deliver customized services to each driver through their in-car Toyota Touch 2 with Go device. They also required an access management solution that supports next-generation standards and services such as OpenID Connect and OAuth 2.0, which can be used to facilitate social login. ForgeRock provided Toyota with identity management services for the web, cloud, mobile devices, and cars. With a standard programming interface (REST) and extensive standards support, it became easy for the Toyota development team to install and scale out the ForgeRock IAM solution. In another instance, SiriusXM, an internet radio company chose the ForgeRock platform to modernize its infotainment and telematics. “SiriusXM has a strong vision on how to create great new digital services within the connected car environment,” said Ellis. “They use ForgeRock digital identity as the common element for not only providing connection to the subscriber, but understanding the security aspect of that journey.”

Open Source – The Future of Automotive

As a proponent of open source technology in the automotive industry, ForgeRock has joined Automotive Grade Linux (AGL), a sub-organization under the Linux Foundation, whose objective is to create an open source, secure baseline to build engaging experiences to automotive customers. The group also focuses on Linux-based infotainment for automotive OEMs to cost effectively re-engineer their systems. "ForgeRock is the identity layer of the AGL,” highlights Ashley Stevenson, Identity Technology Director in ForgeRock’s office of the CTO. The company has contributed the code that allows core AGL operating system to be identity aware. "If an app or an infotainment system needs authentication, we can call that lower level API to know who the user is and can take that call," says Stevenson. ForgeRock has also done demonstrations in standardizing the infotainment system that is developed in the industry.

With the automotive industry facing dramatic transformation in their business—driven by new players like Tesla and Uber—there is massive pressure on OEMs to adjust and adapt quickly to the market trends. ForgeRock provides a robust platform to help companies accomplish just that. “We are thrilled to be in the connected car space and look forward to lending a helping hand in fast pacing automotive innovation,” concludes Ellis.

ForgeRock News

Leading Indonesian Telco Selects ForgeRock to Modernize Its Identity Infrastructure

SAN FRANCISCO and JAKARTA, Indonesia -- ForgeRock®, the leading provider in digital identity, announced that XL Axiata, a leading mobile telecommunications company in Indonesia has selected the ForgeRock Identity Platform to launch a cloud-based initiative to unify its many customer-facing systems.

XL Axiata is a major mobile telecommunications provider across Indonesia and surrounding regions, with more than 55 million subscribers. The company sought a secure and reliable identity management platform to unify the way its customers access its services. XL Axiata also needed a partner that could provide consent management capabilities to give their customers control over their own data. The company’s goal is to deepen customer relationships and build greater trust by providing a way for users to decide what personal information the company can hold, and why.

The mobile industry is a competitive marketplace where the quality of customer service is often the differentiator; the XL Axiata team realized providing a secure, unified, engaging digital experience would enable them to stay competitive. After a rapid but thorough evaluation process, the company chose ForgeRock.

Yessie D Yosetya, Chief Information and Digital Officer of XL Axiata – “We are always committed to providing a better experience to our customers in order to keep and deepen engagement and loyalty. And along with our efforts to accelerate digital transformation initiatives, we needed a partner able to support us long term and help us give our customers control of their own data. We decided to select ForgeRock as we believe they have the capabilities that matched our requirements.”

David Hope, ForgeRock’s SVP of APJ, “ForgeRock is thrilled to help XL Axiata accelerate its digital transformation initiatives to enhance its customer relationships. Customers around the world, and increasingly in this region, are using the cloud and ForgeRock’s unmatched scale to successfully launch new digital services faster than ever before.”

The ForgeRock Identity Platform offers robust capabilities for all identities - workforce, consumer, and things - fueled by intelligent identity orchestration with extensive adaptive and contextual authentication, comprehensive integration accelerators, rich security, privacy, and consent features. The latest release radically simplifies IAM, giving organizations the tools needed to provide friction-free digital experiences securely. The platform is cloud- and DevOps-ready, allowing customers to automate cloud deployments and to deploy millions of identities within minutes on AWS, Google Cloud, OpenShift, and Microsoft Azure. ForgeRock further protects workloads also on bring-your-own-cloud, hybrid-cloud, and multi-cloud models, eliminating cloud vendor lock-in.

ForgeRock Joins Microsoft Intelligent Security Association

SAN FRANCISCO — ForgeRock®, a digital identity leader, today announced it joined the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors that have integrated their solutions to better defend against a world of increasing threats. To be considered for MISA, organizations must demonstrate integrations that support the goal of improving enterprise security.

ForgeRocks integrations with Microsoft include an authentication node that checks a device's posture against Microsoft Endpoint Manager, an authentication node that checks a user's threat risk against Microsoft Azure Active Directory and a Common Audit handler (CAUD) that acts as a bridge to push data from any ForgeRock product to Azure Sentinel, their cloud-native Security Information and Event Manager (SIEM).

Joining MISA aligns with ForgeRocks purpose of helping people safely and simply access the connected world, said Ben Goodman, senior vice president, global business and corporate development, ForgeRock. By combining the power of Microsoft Security Intelligence with ForgeRocks identity expertise, our shared customers will be able to deliver more secure, seamless digital experiences.

The integration capabilities include:

— Microsoft Endpoint Manager: ForgeRocks Intelligent Access can now query Microsoft Intune mobile device management system via the Microsoft Graph to see whether or not the end-user's device satisfies a compliance policy before it is allowed to access a protected resource. This includes checking the device posture from Microsoft to see if the phone has been jail-broken or if a machine is running the latest operating system. Microsoft Endpoint Manager is the new unified management platform including both Microsoft Intune and Configuration Manager.

— Microsoft Azure Active Directory (Azure AD): ForgeRocks Intelligent Access now can query the riskyUser resource type in Azure AD via the Microsoft Graph. This allows customers to take advantage of their current investments and use Azure AD Identity Protection, which processes 6.5 trillion signals per day, to identify, protect and respond to and from identity-based threats. This allows ForgeRocks platform to see whether someone has potentially been compromised before they are allowed to access a protected resource. Depending on the risk status, the tree can branch off and do an additional authentication step or deny access.

— Azure Sentinel: The ForgeRock CAUD is a framework for audit event handlers that are plugged in to ForgeRocks solutions. The handlers record a ForgeRock event, logging them, for example, into files, relational databases or syslog. Since Microsoft has a number of pre-built visualizations, dashboards, and alerts that work out-of-the-box on Common Event Format (CEF) data, ForgeRock provides a CEF-based event handler in order to seamlessly leverage the CEF artifacts Microsoft has already configured.

I am pleased to welcome ForgeRock to the Microsoft Intelligent Security Association (MISA). Through MISA, we hope to further enable collaboration between leading security technology companies, so together we can better secure and protect our joint customers, said Ryan McGee, Director Microsoft Security Marketing. MISA members are the cybersecurity industry leaders, unified by the common goal of helping secure our customers by offering their own valuable expertise and making the association more effective as it expands.


San Francisco, CA

Michael (Mike) Ellis, Chairman & CEO and Lasse Andresen, CTO & Co-Founder

Provides digital identity management platform to secure the connected car IoT ecosystem