Product Q&As
ForgeRock Identity Cloud

FAQ: Identity Cloud CIAM

Last updated Jan 24, 2023

This article provides answers to frequently asked questions when evaluating ForgeRock Identity Cloud for Customer Identity and Access Management (CIAM).


Does Identity Cloud offer full tenant isolation within a multi-tenant architecture?

Yes. The Identity Cloud architecture leverages application containerization and Kubernetes cluster orchestration to run a dedicated copy of the service code. Along with other cloud-native features, customers benefit from next-generation high availability without compromising performance. With no central database of tenant data that can be compromised, customers can keep their user information safe and secure.

See the ForgeRock Identity Cloud Security and Compliance whitepaper for further information.

How does Identity Cloud deliver granular data sovereignty?

Identity Cloud is delivered across 17 regions on five continents, making it the largest IAM cloud offering among dedicated IAM service providers. Its size and distribution provide key performance advantages, allowing users to access their apps and services more quickly via local connections. And its regional presence enables you to easily comply with data sovereignty and data residency regulations. 

How does the Identity Cloud administrator configure data residency for different geographies (storing data in the correct regions, honoring data privacy globally)?

Data residency and data sovereignty are key design considerations for Identity Cloud. It is designed with full tenant isolation built in at a cloud-native Kubernetes level. This means that the identity store that resides in Identity Cloud is isolated both at an application and data layer and therefore can be isolated to one of the 17 global regions. We support countries in North America, Europe, Asia Pacific, Australia and Latin America. See here for a location map. Upon deploying an Identity Cloud environment, you can choose where the tenant and tenant data will reside.

How does ForgeRock ensure data residency of identity, application and backup data?

Identity Cloud provides redundancy within regions. Regional clusters provide protection by distributing Kubernetes resources across multiple zones within a region. Identity Cloud uses regional clusters to increase the availability of both a cluster control master and its nodes. Replicating both the master and its nodes across zones within a region optimizes service high availability.

We do not back up to different regions, so data stored by Identity Cloud does not leave the deployed region. 

How many data centers does ForgeRock have and where are they located?

ForgeRock boasts the largest cloud IAM footprint. See here for a location map.

The following regions are available:


  • US OREGON (us-west1)
  • LOS ANGELES (us-west2)
  • IOWA (us-central1)
  • S. CAROLINA (us-east1)
  • N. VIRGINIA (us-east4)


  • A MONTRÉAL (northamerica-northeast1)


  • EU LONDON (europe-west2)
  • BELGIUM (europe-west1)
  • NETHERLANDS (europe-west4)
  • ZURICH (europe-west6)
  • FRANKFURT (europe-west3)
  • FINLAND (europe-north1)


  • AU SYDNEY (australia-southeast1)


  • SINGAPORE (asia-southeast1)
  • JAKARTA (asia-southeast2)
  • HONG-KONG (asia-east3)

South America

  • BRAZIL SÃO PAULO (southamerica-east1)

What is the availability service level agreement (SLA) for Identity Cloud?

Our current uptime SLA is 99.99%.

Overall production uptime performance and availability has been consistently above 99.99%.

How does Identity Cloud use industry standards to design the data security architecture for the solution?

Identity Cloud uses best practices from various security architecture frameworks that provide concrete requirements for security capabilities from a business perspective, as well as from a service and operations perspective.

Our security model implements all the must-have tenants of a secure as-a-service platform such as those documented under the Cloud Security Alliance (CSA) Trusted Cloud Infrastructure (TCI) Reference Architecture. 

Specifically, the Identity Cloud service protects customer data in two ways. At the service level, customer data is stored within the customer environment. It is never commingled with other customers' data and can be accessed only by the customer. At the physical level, the Google Cloud Platform (GCP) provides encryption of data at rest. All data is encrypted when written to storage, and decrypted when read.

See the ForgeRock Identity Cloud Security and Compliance whitepaper for further information.

What third-party assessments, audits, reviews or certifications have been obtained for Identity Cloud?

ForgeRock assures our products and services are aligned with industry standards.

  • ISO 27001: ForgeRock's entire organization is ISO 27001 certified, including the development and deployment of Identity Cloud and other cloud services. To view the certificate, go to the Shellman certificate directory, and search for ForgeRock.
  • SOC 2 Type 2: ForgeRock successfully completed the AICPA certified Service Organization Control (SOC) 2 Type 2 audit. The audit report confirms the Trust Services criteria relevant to the security, availability and confidentiality of Identity Cloud. You can request access to the audit report here .
  • CSA Star Level 2 external audit and self-attestation: ForgeRock has completed an external audit to validate that we meet the criteria required for the Cloud Security Alliance (CSA) Star Level 2 attestation for Identity Cloud. In addition, we have completed a Consensus Assessment Initiative Questionnaire (CAIQ), which is an industry-accepted way to document what security controls exist in cloud services, providing security control transparency. Both the CSA Star Level 2 attestation and the CSA CAIQ Questionnaire v3.1 can be viewed in the CSA STAR Registry.
  • HIPAA and HITECH: ForgeRock has an independent attestation compliance report for Health Insurance Portability and Accountability Act (HIPAA) security and Health Information Technology for Economic and Clinical Health (HITECH) breach notification rule for ForgeRock Identity Cloud.

See the ForgeRock Identity Cloud Security and Compliance whitepaper for further information.

See Also

Identity Cloud Docs

What certifications has ForgeRock achieved?

ForgeRock Identity Cloud Security and Compliance whitepaper

CIAM Solution Overview

Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.