Start with Identity
IAM Platform

ForgeRock

Founded 2010San Francisco, CA, USASubsidiary of Ping Identity (Thoma Bravo)Score 4.2/5Evaluated 2026-06-19Website ↗

Capability scores

Methodology →
Authentication
4.5
SSO & Federation
4.5
Authorization
4.0
Lifecycle & Provisioning
4.0
MFA & Passwordless
4.0
Governance & Audit
3.5
Developer Experience
3.5
Deployment Flexibility
5.0
Pricing Transparency
2.0
Support & Ecosystem
4.0

Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.

Overview

ForgeRock built its reputation on flexibility for very large customer identity (CIAM) deployments, with deep self-hosted and sovereign-cloud options favored by telecoms, banks, and governments. It is no longer an independent vendor: Thoma Bravo acquired ForgeRock in 2023 and merged it into Ping Identity, so ForgeRock now lives as part of Ping's combined portfolio with a converging roadmap. New buyers are increasingly steered toward the unified Ping platform.

What it is good at

The historical strength is scale and control. ForgeRock's Identity Platform handles tens of millions of identities, bespoke authentication journeys (Intelligent Access trees), and strict data-residency requirements that rule out pure SaaS. Self-hosted and Kubernetes deployment, strong directory services, and broad standards support make it a fit for engineering-led organizations building custom identity at carrier scale.

Where it falls short

The platform is heavy. It demands real identity engineering capacity to deploy and operate, and it is overkill for ordinary workforce or mid-market use. The biggest current question is the merger itself: customers must track how ForgeRock and Ping capabilities consolidate, which products are strategic, and where overlap gets rationalized. Pricing is opaque and enterprise-only.

Pricing

Quote-based enterprise licensing, now sold under Ping Identity. Expect significant professional-services investment alongside license cost. Model the total with our TCO calculator.

Best for, and who should look elsewhere

Choose ForgeRock (via Ping) for large-scale CIAM with self-hosted or sovereign requirements and bespoke identity flows. Look elsewhere if you are a small team without identity engineers, or buying greenfield, where evaluate the combined Ping offering directly and compare against Okta and Microsoft Entra.

Bottom line

A powerful CIAM platform for carrier-scale, sovereignty-bound deployments, now best evaluated as part of Ping Identity rather than as a standalone vendor.

More IAM Platform vendors

All IAM Platform

By SWI Community Team · Last evaluated 2026-06-19

Independent, community-driven analysis. No vendor sponsorship. Compiled from public research and community input and verified on a best-effort basis, so details may be incomplete or out of date. Scores are opinions, not advice. Trademarks belong to their owners; mention does not imply affiliation or endorsement. See the full disclaimer, or send corrections to [email protected].