--- title: idm image description: Prior to the ForgeOps 2026.1 release, the idm Docker image contained the IDM configuration. In ForgeOps 2026.1 and later releases, IDM configuration has been separated from the IDM image into a BusyBox container that contains the configuration profiles. This lets you customize configuration changes and build only the BusyBox images. component: forgeops version: 2026.1 page_id: forgeops:customize:idm canonical_url: https://docs.pingidentity.com/forgeops/2026.1/customize/idm.html keywords: ["CDK", "Docker", "forgeops Command"] section_ids: customization_overview: Customization overview detailed_steps: Detailed steps redeploy-idm-forgeops-command: "Redeploy IDM: Kustomize deployments" redeploy-idm-helm: "Redeploy IDM: Helm deployments" next_step: Next step --- # `idm` image Prior to the ForgeOps 2026.1 release, the `idm` Docker image contained the IDM configuration. In ForgeOps 2026.1 and later releases, IDM configuration has been separated from the IDM image into a [BusyBox](# "A BusyBox container is a minimal, lightweight containerized environment that includes a compact implementation of common UNIX utilities.") container that contains the configuration profiles. This lets you customize configuration changes and build only the [BusyBox](# "A BusyBox container is a minimal, lightweight containerized environment that includes a compact implementation of common UNIX utilities.") images. ## Customization overview * Customize IDM's configuration data by using the IDM admin UI and REST APIs. * Capture changes to the IDM configuration by exporting them from the IDM service running on Kubernetes to the staging area. * Save the modified IDM configuration to a configuration profile in your `forgeops` repository clone. * Build a [BusyBox](# "A BusyBox container is a minimal, lightweight containerized environment that includes a compact implementation of common UNIX utilities.") container image using the exported configuration profile. * Redeploy IDM. * Verify that changes you've made to the IDM configuration are in the new Docker image. ## Detailed steps 1. Verify that: * You have access to a [single-instance ForgeOps deployment](../deploy/architecture.html#cluster-and-deployment-sizes). * The namespace where the platform is deployed is set in your Kubernetes context. * All required third-party software is installed in your local environment ([minikube](../setup/minikube.html#minikube-third-party-software)|[GKE](../setup/google-cloud.html#gcp-third-party-software)|[EKS](../setup/aws.html#aws-third-party-software)|[AKS](../setup/azure.html#azure-third-party-software)). * You've [set up your environment to push to your Docker registry](setup.html#docker-push). 2. Perform version control activities on your `forgeops` repository clone: 1. Run the git status command. 2. Review the state of the docker/idm/config-profiles/my-profile directory. 3. (Optional) Run the git commit command to commit changes to files that have been modified. 3. Modify the IDM configuration using the IDM admin UI or the REST APIs. For information about how to access the IDM admin UI or REST APIs, refer to [IDM Services](../deploy/access.html#idm-services-cdm). Refer to [About property value substitution](value-substitution.html) for important information about configuring values that vary at run-time, such as passwords and host names. 4. Export the changes you made to the IDM configuration in the running ForgeOps deployment to a configuration profile: ``` $ cd /path/to/forgeops/bin $ ./forgeops config export idm my-profile --sort ... ``` If the configuration profile doesn't exist yet, the forgeops config export command creates it. The forgeops config export idm my-profile command copies IDM static configuration from the ForgeOps deployment to the configuration profile: ![Exporting the configuration from the single-instance deployment to a configuration profile.](_images/config-export-idm.svg) 5. Perform version control activities on your `forgeops` repository clone: 1. Review the differences in the files you exported to the configuration profile. For example: ``` $ git diff diff --git a/docker/idm/config-profiles/my-profile/conf/audit.json b/docker/idm/config-profiles/my-profile/conf/audit.json index 0b3dbeed6..1e5419eeb 100644 --- a/docker/idm/config-profiles/my-profile/conf/audit.json + b/docker/idm/config-profiles/my-profile/conf/audit.json @@ -135,7 +135,9 @@ }, "exceptionFormatter": { "file": "bin/defaults/script/audit/stacktraceFormatter.js", - "globals": {}, + "globals": { + "Test": "Test value" + }, "type": "text/javascript" } } ``` The first time you export IDM configuration changes to a configuration profile, the git diff command doesn't show any changes. 2. Run the git status command. 3. If you have new untracked files in your clone, run the git add command. 4. Review the state of the docker/idm/config-profiles/my-profile directory. 5. (Optional) Run the git commit command to commit changes to files that have been modified. 6. [Identify the repository](setup.html#push-to) to which you'll push the Docker image. You'll use this location to specify the --push-to argument value in the [build idm image](#build-idm) step. 7. Decide on the image tag name so you can tag each build of the image. You'll use this tag name to specify the --tag argument value in the [build idm image](#build-idm) step. 8. []()Build a new [BusyBox](# "A BusyBox container is a minimal, lightweight containerized environment that includes a compact implementation of common UNIX utilities.") image that includes IDM static configuration changes: | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | While the forgeops build command uses the Docker engine by default for ForgeOps deployments, it supports Podman as well. If you are using Podman engine instead of Docker in your environment, then set the `CONTAINER_ENGINE` environment variable to `podman` before running the forgeops build command, for example:``` $ export CONTAINER_ENGINE="podman" ``` | ``` $ ./forgeops config build --env-name my-env idm \ --config-profile my-profile --push-to my-repo --tag my-idm-tag ... ``` 9. Redeploy IDM using your new IDM [BusyBox](# "A BusyBox container is a minimal, lightweight containerized environment that includes a compact implementation of common UNIX utilities.") image: * If you installed the platform using the forgeops command, follow the steps in [Redeploy IDM: Kustomize deployments](#redeploy-idm-forgeops-command). * If you installed the platform using Helm, follow the steps in [Redeploy IDM: Helm deployments](#redeploy-idm-helm). ### Redeploy IDM: Kustomize deployments The forgeops build command calls Docker to build a new `idm` Docker image and to push the image to your Docker repository. The new image includes your configuration profile. It also updates the [image defaulter](https://github.com/ForgeRock/forgeops/blob/2026.1.0/kustomize/overlay/default/image-defaulter/kustomization.yaml) file so that the next time you install IDM, the forgeops apply command gets IDM static configuration from your new custom Docker image. ![Building the new custom Docker image.](_images/cdk-build.svg) 1. Perform version control activities on your `forgeops` repository clone: 1. Run the git status command. 2. Review the state of the kustomize/overlay/my-env/image-defaulter/kustomization.yaml file. 3. (Optional) Run the git commit command to commit changes to the image defaulter file. 2. Remove IDM from your ForgeOps deployment: ``` $ ./forgeops delete idm --env-name my-env "cdk" platform detected in namespace: "my-namespace". Uninstalling component(s): ['idm'] from namespace: "my-namespace". OK to delete components? [Y/N] Y service "idm" deleted deployment.apps "idm" deleted ``` 3. Redeploy IDM: ``` $ ./forgeops apply idm --env-name my-env ... ``` 4. Validate that IDM has the expected configuration: * Run the kubectl get pods command to monitor the status of the IDM pod. Wait until the pod is ready before proceeding to the next step. * Describe the IDM pod. Locate the tag of the Docker image that Kubernetes loaded, and verify that it's your new custom Docker image's tag. * Start the IDM admin UI and verify that your configuration changes are present. ### Redeploy IDM: Helm deployments 1. Locate the `Successfully tagged` message in the forgeops build output, which contains the new IDM Docker image's repository and tag. 2. Redeploy IDM using the new IDM Docker image: ``` $ helm upgrade identity-platform ./ \ --version 2026.1 --namespace my-namespace \ --values /path/to/forgeops/helm/my-env/values.yaml ``` 3. Validate that IDM has the expected configuration: * Run the kubectl get pods command to monitor the status of the AM pod. Wait until the pod is ready before proceeding to the next step. * Describe the IDM pod. Locate the tag of the Docker image that Kubernetes loaded, and verify that it's your new custom Docker image's tag. * Start the IDM admin UI and verify that your configuration changes are present. ## Next step * [icon: check-square-o, set=fa][Perform additional setup](setup.html) * [icon: check-square-o, set=fa][Understand custom images](custom-images.html) * [icon: check-square-o, set=fa][Customize the DS image](ds.html) * [icon: check-square-o, set=fa][Understand AM and IDM configuration](fr-data.html) * [icon: check-square-o, set=fa][Understand property value substitution](value-substitution.html) * [icon: check-square-o, set=fa][Customize the AM image](am.html) * [icon: check-square-o, set=fa][Customize the IDM image](idm.html)