ForgeRock Identity Cloud Security

ForgeRock Identity Cloud raises the bar with an unmatched security architecture that is purpose-built for enterprise.

Bring Stronger Security to the Identity Perimeter


Identity is the front door to your organization. What that means is, depending on users, you could have thousands, hundreds of thousands, or even millions of front doors. No wonder identity breaches remain a persistent and costly threat. In 2022, unauthorized access accounted for 49% of all breaches. The ForgeRock Identity Cloud provides a multi-layered, defense-in-depth approach to identity and access management that delivers breach prevention at every stage of the identity lifecycle.

Learn How to Prevent Breaches

The ForgeRock cloud provides security and privacy by design

Eliminate Accidental or Malicious Data Access

Get the Identity-as-a-Service (IDaaS) solution delivered with enterprise-grade security. ForgeRock Identity Cloud architecture leverages application containerization and Kubernetes cluster orchestration to run a dedicated copy of the service code. Along with other cloud-native features, you benefit from next-generation high availability without compromising performance. With no central database of tenant data that can be compromised, you can keep your customers’ information safe and secure.

Prevent Unintended Loss of Data

ForgeRock Identity Cloud automatically backs up all your critical data on a regular basis. The backup process signs and encrypts backup files and verifies the integrity of backups. This ensures integrity, confidentiality and data availability; including full data restore capabilities.

Support Regulatory Compliance Mandates

With ForgeRock, all your identity data and configurations, including backups, are always under your control and in the region of your choice. Each customer environment is separate and self-sufficient, so users cannot access data or resources in any other environment. This helps you satisfy regulatory and compliance requirements quickly and efficiently.

Give Your Security Teams Peace of Mind

Many SaaS vendors combine multiple customers (tenants) into a single instance. This aging approach to multi-tenancy results in elevated risk because one customer's activities could impact others. ForgeRock does cloud differently. ForgeRock's cloud-native architecture with application containerization and Kubernetes cluster orchestration delivers next-generation high-availability SaaS without impacting performance.

ForgeRock Identity Cloud provides:

  • Geographic redundancy of components for maximum availability
  • Dedicated customer backups for quick recovery
  • Limited incident impact with all data-at-rest encrypted with distinct keys
  • Regional isolation of customer data to comply with sovereignty mandates

Share Security, Not Data

Security starts with the fundamentals: secure coding practices, dependency management, least privilege access, and continuous vulnerability and penetration testing. ForgeRock Identity Cloud is built and continuously iterated, not only with the fundamentals, but also with the evolving threat landscape and your demands in mind.

With ForgeRock Identity Cloud, you get:

  • Physical and network security to prevent common threats like distributed denial-of-service (DDoS) attacks
  • Dedicated trust zones to prevent any accidental or malicious co-mingling of data
  • Continuous monitoring by highly trained ForgeRock experts using NIST 800-137 as a guide
  • Continuous vulnerability and penetration testing to stay ahead of bad actors
  • A layered security approach to mitigate a single point of failure

Read More About Security and Compliance

Security Overview

Identity Cloud Security

Your data in the cloud is protected with the industry's best practices

Data Sheet

Identity Cloud Privacy

Get a summary of ForgeRock Identity Cloud's data protection and privacy

White Paper

ForgeRock Security

ForgeRock enterprise-grade security controls and principles protect your critical assets and your customers' data