---
title: "Fortanix DSM with ForgeRock OAuth 2.0"
slug: "using-fortanix-data-security-manager-with-forgerock-oauth-20"
updated: 2026-05-27T10:00:50Z
published: 2026-05-27T10:00:50Z
canonical: "support.fortanix.com/using-fortanix-data-security-manager-with-forgerock-oauth-20"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Fortanix DSM with ForgeRock OAuth 2.0

## 1.0 Introduction

This article describes the steps to integrate **Fortanix-Data-Security-Manager (DSM)**with**ForgeRock OAuth 2.0** using **OAuth**configuration.

## 2.0 Prerequisites

Ensure the following:

- An account on Fortanix DSM.*For more information on how to create an account, refer to the*[*User's Guide: Getting Started with Fortanix Data Security Manager - UI*](https://support.fortanix.com/hc/en-us/articles/360015809372-User-s-Guide-Getting-Started-with-Fortanix-Data-Security-Manager-UI)*.*
- Access to ForgeRock Access Management Console.

## 3.0 Configure ForgeRock SSO

Perform the following steps to configure ForgeRock as an OAuth provider in Fortanix DSM:

1. Log in to ForgeRock Access Management Console.
2. Click the **Services** → **Add a Service** → **OAuth2 Provider** tab. Click **Create**.
3. On the **OAuth2 Provider** page, select the **Advanced** tab and in the **User Profile Attribute(s) the Resource Owner is Authenticated On**field, enter the attribute `email`.
4. Click **Save**.

![ForgeRock1.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7873789789076.png)

**Figure 1: Add OAuth2 provider service**
5. Click the **Applications** → **Oauth 2.0** → **Clients** menu → **Add client**.
6. On the **OAUTH 2.0 CLIENT** page, select the **Core** tab and enter the **Client ID**, **Client secret**, **Redirection URIs**, and **Scope(s)**.
  - **Client ID**: Enter a unique ID, or it can just be a name.
  - **Client secret**: Enter the secret.
  - **Redirection URIs**: `https://&lt;dsmurl&gt;/oauth`

For example, `https://&lt;fortanix_dsm_url&gt;/oauth`
  - **Scope(s)**: Enter the values **openid**, **token**, and **email**.
7. Click **Save Changes**.

![ForgeRock2.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7897366069780.png)

**Figure 2: Configure OAuth 2.0 client**

## 4.0 Configure ForgeRock OAuth in Fortanix DSM

Perform the following steps to integrate Fortanix DSM with ForgeRock OAuth:

1. Log in to the Fortanix DSM using URL: `https://&lt;FORTANIX_DSM_URL&gt;/`.
2. In the Fortanix DSM user interface (UI), navigate to **Settings**→ **AUTHENTICATION** tab and select **SINGLE SIGN-ON** as the authentication method.
3. Click **ADD OAUTH INTEGRATION**to add a new SAML integration.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/SSO-Screen(1).png)

**Figure 3: Configure ForgeRock OAuth integration**
4. On the **Add OAuth Integration** page:
  1. **OAuth Provider**: Select the OAuth provider from the drop down. To configure a custom provider, select **Custom**.
  2. **Provider Name**: Enter a unique name to identify the OAuth provider.
  3. **Logo URL (Optional)**: Provide a URL to the provider’s logo.
  4. **Authorization Endpoint**: Enter the full URL of the OAuth provider's authorization endpoint. For example, `https://ec2-54-82-49-37.compute-1.amazonaws.com:8443/idp/oauth2/authorize`*.*
  5. **Token Endpoint**: Enter the full URL of the token endpoint used to obtain access tokens. For example, `https://ec2-54-82-49-37.compute-1.amazonaws.com:8443/idp/oauth2/access_token`*.*
  6. **Authorization Method**: Select either of the following methods to send the client secret:
    - `client_secret_basic`
    - `client_secret_post`
  7. **User Info Endpoint (Optional)**: Enter the URL for retrieving user information. This field is optional for most providers, but mandatory when using ForgeRock OAuth. If you do not configure this field for ForgeRock, Fortanix DSM returns a 401 Unauthorized Access error during login. For example, `https://ec2-54-82-49-37.compute-1.amazonaws.com:8443/idp/oauth2/userinfo`*.*
  8. **Host Validation**: Select the**Validate host**check box to ensure that the ForgeRock server hostname mentioned above matches the hostname specified in the server certificate.
  9. **TLS Certificate**: Select the TLS certificate authority type:
    - If you are using a certificate signed by a well-known public CA, select **Global Root CAs**.
    - If your organization uses a self-signed certificate issued by an internal Certificate Authority (CA), select **Custom CA Certificate**. Click **UPLOAD A FILE** to upload your CA certificate. When Fortanix DSM, acting as a client, connects to the ForgeRock SSL server and receives the server’s certificate, it validates the certificate using the uploaded custom CA certificate.
  10. **Prompt (Optional)**: Specify the prompt behavior for user consent. For example, login, consent.
  11. **Consent Display (Optional)**: Choose a display method from the **Select Display** drop down (if applicable).
  12. **Max Age (Optional)**: Set the maximum time (in seconds) since the last user authentication before re-authentication is required.
  13. **Client ID**: Enter the OAuth client ID provided by the OAuth provider as created in*Step 6* of [*Section 3.0: Configure ForgeRock SSO*](/v1/docs/using-fortanix-data-security-manager-with-forgerock-oauth-20#30-configure-forgerock-sso).
  14. **Client Secre**t: Enter the client secret associated with the client ID as created in *Step 6* of [*Section 3.0: Configure ForgeRock SSO*](/v1/docs/using-fortanix-data-security-manager-with-forgerock-oauth-20#30-configure-forgerock-sso).
  15. Click **ADD INTEGRATION**.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/ForgeRock_SSO_Form(2)(1).png)

**Figure 4: OAuth configuration**
5. After successfully integrating ForgeRock, Fortanix DSM displays the configured SSO below:

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/ForgeRock_SSO_Configured(1).png)

**Figure 5: OAuth IdP integrated**

## 5.0 Test the Integration

Perform the following steps to verify the SSO integration:

1. Log out of Fortanix DSM to sign in using SSO.
2. On the Fortanix DSM **Login**screen, click the **LOG IN WITH FORGEROCK**to log in using the newly added SSO configuration.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/ForgeRock_Login_DSM.png)

**Figure 6: Sign in using SSO**
3. You will now be automatically logged in to Fortanix DSM and reach the Fortanix DSM accounts page.

Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.

## Related

- [Fortanix DSM for Google Workspace Client-Side Encryption](/fortanix-dsm-for-google-workspace-client-side-encryption.md)
- [Fortanix DSM with Ping Identity](/using-fortanix-data-security-manager-with-ping-identity.md)
- [Single Sign-On](/dsm-single-sign-on.md)
- [Authorization](/dsm-authorization.md)