Evaluating a ForgeRock Alternative? What You Need to Know Before You Decide
ForgeRock 7.5 LTS — the most widely deployed version of the platform — reaches end of support in April 2027, after which security patches and vendor support cease entirely. If you're running ForgeRock today, you are facing a forced migration: either to PingOne, Ping's go-forward cloud platform, or to an alternative vendor. This page explains what that decision actually involves, what ForgeRock customers are experiencing right now, and why OpenIAM is the alternative that regulated enterprises are choosing.
What the Ping Identity merger means for ForgeRock customers
In August 2023, Thoma Bravo completed its $2.3 billion acquisition of ForgeRock and immediately merged it into Ping Identity. ForgeRock ceased to exist as an independent company. The combined entity operates under the Ping Identity brand, with ForgeRock's products rebranded — ForgeRock Access Management is now PingAM, ForgeRock Identity Management is now PingIDM, ForgeRock Identity Cloud is now PingOne Advanced Identity Cloud.
The merger created a situation that has since become increasingly clear to ForgeRock customers: the combined Ping Identity organization is managing two overlapping, parallel product stacks that have not yet been fully unified. PingFederate and PingAccess sit alongside PingAM and PingGateway. The roadmap items announced since the merger have been almost entirely focused on integration, unification, and migration — not new capabilities. For customers who chose ForgeRock for its innovation and technical depth, this matters.
|
End of support April 2027 ForgeRock 7.5 LTS -- the last Long-Term Support version -- reaches end of support. Security patches and vendor technical support cease entirely. |
SDK deprecation April 2028 ForgeRock JS, Android, and iOS SDKs deprecated. Only critical security fixes until April 2028 -- then no further updates. Applications built on these SDKs must migrate to Ping's Orchestration SDKs. |
Roadmap direction Migration-focused All announced roadmap items focus on integration, unification, and migration to PingOne -- not new identity capabilities. PingOne is the declared go-forward platform. |
A former Gartner analyst, writing about the merger, put it plainly:
“ForgeRock customers should anticipate the need for migration to Ping solutions; for some this might be a bumpy ride.”
Former Gartner analyst, writing on the Ping Identity / ForgeRock merger
Ping Identity / ForgeRock product lifecycle documentation →
The real questions ForgeRock customers are asking right now
Based on conversations with organizations that have gone through this evaluation, the concerns are consistent:
| What customers are hearing | What it means in practice |
|---|---|
|
“PingOne is the go-forward platform.” |
PingOne is a multi-tenant SaaS platform. If your ForgeRock deployment is on-premises or private cloud for data sovereignty reasons, PingOne may not be an option without significant architectural changes. |
|
“We will support both platforms indefinitely.” |
ForgeRock 7.5 LTS reaches end of support April 2027. “Indefinitely” has a defined end date. |
|
“Migration tools will be available.” |
A migration to PingOne is, in practice, closer to a new implementation than an upgrade. Budget and team capacity should be assessed accordingly. |
|
“All roadmap items are focused on innovation.” |
The announced roadmap is focused on unifying two overlapping stacks. New identity capabilities are not the current engineering priority. |
|
“There is no forced migration.” |
There is a forced decision: accept end of support in April 2027 on your current ForgeRock version, migrate to PingOne, or evaluate alternatives. None of the three options is passive. |
How OpenIAM compares to ForgeRock and PingOne
OpenIAM is not a feature-for-feature ForgeRock replacement — it is a converged platform that covers more ground than ForgeRock did in a single deployment. The comparison below focuses on the dimensions that matter most to regulated enterprise buyers evaluating this decision.
| Dimension | ForgeRock / Ping today | OpenIAM |
|---|---|---|
| Product continuity | ForgeRock 7.5 LTS end of support April 2027. SDK deprecation April 2028. Migration to PingOne required. | Purpose-built platform under continuous active development. No merger-driven product rationalization. Your deployment is not being sunset. |
| Deployment options | PingOne Advanced Identity Cloud is the declared go-forward platform -- multi-tenant SaaS. On-premises customers face architectural change to move to PingOne. | Cloud, private cloud, on-premises, SaaS, and hybrid -- same full feature set across every deployment mode. Regulated industries retain full data sovereignty. |
| Capability scope | Primarily access management and CIAM. IGA capabilities being added post-merger via integration -- not native. | IGA, access management, CIAM, and NHI in a single native platform. Built from the ground up -- not assembled through acquisitions. |
| IGA governance | ForgeRock IDM (now PingIDM) provides provisioning. Full IGA -- access reviews, SoD enforcement, certification campaigns -- not a ForgeRock strength. | Full IGA native: JML lifecycle automation, access reviews, continuous SoD enforcement, pre-built compliance packs for FSI, healthcare, and government. |
| Compliance frameworks | Requires configuration per framework. No pre-built compliance packs. | Pre-built SoD policy packs for SOX, HIPAA, PCI, GDPR, DORA, NIS2, NERC-CIP. Compliance frameworks deployed without building from scratch. |
| Roadmap ownership | Roadmap driven by Thoma Bravo's investment timeline. Current priority is merger integration, not new capabilities. | Self-funded and profitable. Roadmap driven by customer needs and product vision -- not investor cycles or acquisition debt. |
| Migration path | Migration to PingOne requires new implementation investment -- not a configuration change. | Migration from ForgeRock is a defined project with OpenIAM's migration assessment process. OpenIAM has displaced ForgeRock at Dyson, and Conduent. |
Organizations that replaced ForgeRock with OpenIAM
OpenIAM has displaced ForgeRock in regulated enterprise environments across multiple industries. Three examples:
|
Manufacturing · Consumer goods Global manufacturer Replaced ForgeRock with OpenIAM to gain native IGA capabilities -- specifically access reviews, SoD enforcement, and lifecycle automation -- that ForgeRock required additional tooling to deliver. Available as a reference for qualified evaluations. |
Government · Public sector US state government agency Replaced ForgeRock with OpenIAM to meet on-premises data sovereignty requirements while gaining unified governance and access management on a single platform. Available as a reference for qualified evaluations. |
Business services · Outsourcing Business process outsourcer Replaced ForgeRock with OpenIAM to consolidate IGA and access management onto one platform -- reducing licensing complexity, support overhead, and the total cost of running a multi-vendor identity stack. Available as a reference for qualified evaluations. |
The migration assessment — what we evaluate with you
A ForgeRock IAM migration to OpenIAM is not a lift-and-shift. It is a structured project that begins with understanding your current environment — what you have deployed, how it is configured, and what your compliance and operational requirements are. We have done this before. Here is what the assessment covers.
| # | Area | What we assess |
|---|---|---|
|
1 |
Current state | Your ForgeRock version, deployment model (on-premises, cloud, SaaS), connected systems, custom configurations, and where you are relative to the April 2027 end-of-support date. |
|
2 |
Compliance requirements | Which frameworks you are operating under -- SOX, HIPAA, PCI, GDPR, NERC-CIP -- and what governance controls need to be maintained or improved during the migration. |
|
3 |
Connected systems | Inventory of all systems connected to ForgeRock -- Active Directory, Entra ID, HR systems, SaaS applications, ERP, custom apps -- and what the integration strategy is for each. |
|
4 |
IGA gaps | ForgeRock customers often use additional tooling alongside ForgeRock for access reviews and SoD. We assess whether OpenIAM can consolidate those tools into one platform. |
|
5 |
Deployment model | Whether on-premises, private cloud, SaaS, or hybrid deployment is the right fit given your data sovereignty and infrastructure requirements. |
|
6 |
Timeline and phasing | A realistic migration timeline based on your environment complexity and your April 2027 deadline -- phased to keep your current environment operational throughout. |
Start with a migration assessment
The April 2027 deadline gives organizations enough time to evaluate alternatives properly — but not unlimited time. A migration assessment is a no-commitment conversation that gives you a clear picture of what a move to OpenIAM would involve before any commercial discussion begins. Whether you are evaluating a ForgeRock replacement or simply assessing your options before April 2027, the migration assessment starts with your environment, not a sales pitch.
|
Primary Request a migration assessment A structured conversation about your current ForgeRock environment, your April 2027 timeline, and what a migration to OpenIAM would look like. No sales pitch -- just clarity. Request a migration assessment → |
Free download Download the IAM Migration Guide What to evaluate when replacing a legacy IAM platform -- deployment options, compliance continuity, integration complexity, and total cost of ownership. Download free → |
Frequently Asked Questions
Is ForgeRock being shut down?
ForgeRock no longer exists as an independent company — it was acquired by Thoma Bravo and merged into Ping Identity in August 2023. The ForgeRock product line has been rebranded under Ping Identity (ForgeRock Access Management is now PingAM, ForgeRock Identity Cloud is now PingOne Advanced Identity Cloud). The last Long-Term Support version of ForgeRock software, version 7.5 LTS, reaches end of support in April 2027, after which security patches and vendor support cease.
What happens when ForgeRock 7.5 LTS reaches end of support in April 2027?
After April 2027, Ping Identity will no longer provide security patches, bug fixes, or technical support for ForgeRock 7.5 LTS. Organizations running this version will be exposed to unpatched security vulnerabilities with no vendor remediation path. This is a significant compliance risk for regulated enterprises operating under SOX, HIPAA, PCI, or GDPR requirements, as these frameworks typically require vendors to maintain supported, patched software.
Do I have to migrate to PingOne, or can I choose a different vendor?
PingOne is Ping Identity's declared go-forward cloud platform, but it is not your only option. You can migrate to any IAM vendor before the April 2027 deadline. The migration to PingOne is in practice closer to a new implementation than an upgrade — particularly for organizations currently on on-premises ForgeRock deployments who would need to move to PingOne's multi-tenant SaaS environment. Evaluating alternatives now, while you have time, is the right approach.
What does OpenIAM offer that ForgeRock did not?
OpenIAM is a converged platform that combines IGA (identity governance and administration), access management, CIAM, and non-human identity governance in a single native platform. ForgeRock's primary strength was access management and CIAM — full IGA capabilities, including access reviews, continuous SoD enforcement, and compliance-focused certification campaigns, required additional tooling alongside ForgeRock. OpenIAM delivers all of this natively, with pre-built compliance packs for SOX, HIPAA, PCI, GDPR, DORA, and NERC-CIP.
Can OpenIAM be deployed on-premises for regulated industries with data sovereignty requirements?
Yes. OpenIAM supports on-premises, private cloud, public cloud, SaaS, and hybrid deployment with the same full feature set across every deployment mode. This is particularly relevant for ForgeRock customers who chose on-premises deployment for data sovereignty reasons and are concerned that PingOne's multi-tenant SaaS model would require them to change their architecture.
Has OpenIAM replaced ForgeRock in production environments before?
Yes. OpenIAM has displaced ForgeRock in production at regulated enterprises including a global manufacturer, a US state government agency, and a large business process outsourcer. These organizations are available as references for qualified evaluations. Ask about customer references when you request a migration assessment.
Let’s Connect
Managing identity can be complex. Let OpenIAM simplify how you manage all of your identities from a converged modern platform hosted on-premises or in the cloud.
For 15 years, OpenIAM has been helping mid to large enterprises globally improve security and end user satisfaction while lowering operational costs.