Tenant environments

ForgeRock provides you with three or more Identity Cloud tenant environments to let you create an IAM structure that suits your organization:

Development, staging, and production tenant environments let you build, test, and deploy your IAM configuration and applications. These environments share the same configuration.
A sandbox tenant environment^[1] lets you build and experiment with new features in a development-like environment using a standalone configuration.
A UAT (user acceptance testing) tenant environment^[2] lets you test new features in a production-like environment using the same configuration as your development, staging, and production environments.

For a full comparison, refer to Comparison of environment characteristics.

Security architecture

Identity Cloud provides full tenant isolation in a multi-tenant cloud service by using individual trust zones. Each tenant environment is a dedicated trust zone that shares no code, data, or identities with other customers’ environments. This prevents any accidental or malicious commingling. All data is encrypted at rest and in transmission to prevent unauthorized access and data breaches.

Each tenant environment is built from a standard template, hosted using a common technology base, maintained according to a consistent set of processes, and continually upgraded to the latest code base. The infrastructure uses consistency, standardization, and automation to deliver a highly available service.

For further information, refer to FAQ: Identity Cloud security architecture.

Comparison of environment characteristics

General characteristics

Characteristic	Sandbox^[1]	Development	UAT^[2]	Staging	Production
Mutable configuration	Yes	Yes	No	No	No
Part of a promotion pipeline	No	Yes	Yes	Yes	Yes
Highly available	No	No	Yes	Yes	Yes
Max identities supported	10k	10k	Based on your subscription	Based on your subscription	Based on your subscription
Penetration and load testing allowed	No^[3]	No^[3]	Yes^[3]	Yes^[3]	No^[3]
Uptime monitored with Pingdom	No	Yes	Yes	Yes	Yes
Monitored with statuspage.io	No	No	Yes	Yes	Yes
Personally identifiable information allowed	No	No	Yes	Yes	Yes
Service level agreement	No	No	No	No	Yes
Log retention (days)	1	30	30	30	30
Backup interval (hours)	1	1	1	1	1
Backup retention (days)	3	7	30	30	30

Characteristic

Sandbox^[1]

Development

UAT^[2]

Staging

Production

Mutable configuration

Yes

Part of a promotion pipeline

Yes

Highly available

Yes

Max identities supported

10k

Based on your subscription

Penetration and load testing allowed

No^[3]

Yes^[3]

No^[3]

Uptime monitored with Pingdom

Yes

Monitored with statuspage.io

Yes

Personally identifiable information allowed

Yes

Service level agreement

Yes

Log retention (days)

Backup interval (hours)

Backup retention (days)

Recovery time objective (RTO) characteristics

Characteristic	Sandbox^[1]	Development	UAT^[2]	Staging	Production
Backup and restore RTO	Best effort	Best effort	Best effort	Best effort	1h
In-region disaster recovery RTO	N/A	Best effort	Best effort	Best effort	1h
Multi-region disaster recovery RTO	N/A	Best effort	Best effort	Best effort	8h
Multi-region with Secure Connect disaster recovery RTO	N/A	Best effort	Best effort	Best effort	12h

Characteristic

Sandbox^[1]

Development

UAT^[2]

Staging

Production

Backup and restore RTO

Best effort

In-region disaster recovery RTO

N/A

Best effort

Multi-region disaster recovery RTO

N/A

Best effort

Multi-region with Secure Connect disaster recovery RTO

N/A

Best effort

12h

1. A sandbox environment is an add-on capability.

2. A UAT environment is an add-on capability.

3. Refer to Identity Cloud penetration testing and load testing policy.