Skip to main content

Identity Platform Determination

Follow these steps to identify if your app uses ForgeRock OpenAM or Microsoft Entra:

Step 1

> Initiate login and observe the URL where the login page appears

When you click or start authentication in your app, watch where your browser navigates for login.


Step 2

> Use browser developer tools to check redirect URLs

Open Developer Tools (usually F12), switch to the Network tab.

  • Start login flow again and watch the first few URLs your browser requests.
  • Look for redirects:
    • URLs containing login.pwc.com ➡️ ForgeRock/OpenAM
    • URLs containing login.microsoftonline.com or b2clogin.com ➡️ Entra (Azure AD)

Step 3

> Check cookies set on the login page

In Developer Tools (F12), go to the Application → Cookies section when on the login page.

  • Look for cookie names:
    • iPlanetDirectoryPro or amlbcookie ➡️ ForgeRock/OpenAM
    • Cookies starting with x-ms- or fpc ➡️ Microsoft Entra

Step 4 (optional)

> If you have received an ID Token (JWT) after login

Decode the token locally (e.g., use jwt.ms or jwt.io but do not paste tokens anywhere public).

  • Check the iss (issuer) claim in the token:
    • If issuer URL contains login.pwc.com ➡️ ForgeRock/OpenAM
    • If issuer URL contains login.microsoftonline.com ➡️ Microsoft Entra

Step 5:

> Ask your PwC IT/Security Helpdesk

If you are unsure or cannot access developer tools, reach out to PwC IAM or IT helpdesk.

They can confirm the authentication platform based on your app's name or URL.


Summary Table

ObservationIndicates PwC ForgeRock (OpenAM)Indicates Microsoft Entra (Azure AD)
Login URLlogin.pwc.com or login-stg.pwc.comlogin.microsoftonline.com, b2clogin.com
Redirect URLs in browserContains login.pwc.comContains login.microsoftonline.com
Login page cookiesiPlanetDirectoryPro, amlbcookieCookies starting with x-ms-, fpc
ID Token issuer (iss claim)URL contains login.pwc.comURL contains login.microsoftonline.com