--- title: Tenant environments description: Ping Identity provides you with three or more PingOne Advanced Identity Cloud tenant environments to let you create an IAM structure that suits your organization: component: pingoneaic page_id: pingoneaic:tenants:environments canonical_url: https://docs.pingidentity.com/pingoneaic/tenants/environments.html section_ids: security-architecture: Security architecture comparison-of-environment-characteristics: Comparison of environment characteristics general-characteristics: General characteristics rto-and-rpo-characteristics: Recovery time objective (RTO) and recovery point objective (RPO) all_deployment_options: All deployment options single_region_deployment: Single-region deployment multi_region_deployment5: Multi-region deployment[5] tenant-environment-fqdns: Tenant environment FQDNs tenant-environment-fqdn-format: FQDN format confirm-the-tenant-environment-fqdn-in-tenant-settings: Confirm the FQDN in tenant settings tenant-environment-fqdn-placeholder-in-api-examples: FQDN placeholder in API examples --- # Tenant environments Ping Identity provides you with three or more PingOne Advanced Identity Cloud tenant environments to let you create an IAM structure that suits your organization: * [Development, staging, and production tenant environments](environments-development-staging-production.html) let you build, test, and deploy your IAM configuration and applications. These environments share the same configuration. * A [user acceptance testing (UAT) tenant environment](environments-uat.html)\[[2](#_footnotedef_2 "View footnote.")] lets you test new features in a production-like environment using the same configuration as your development, staging, and production environments. * A [sandbox tenant environment](environments-sandbox.html)\[[1](#_footnotedef_1 "View footnote.")] lets you build and experiment with new features in a development-like environment using a standalone configuration. It tracks the [rapid release channel](../release-notes/release-process.html#rapid-channel), which lets you test the newest features and fixes from Ping Identity before they are deployed to your other environments. For a full comparison, learn more in [Comparison of environment characteristics](#comparison-of-environment-characteristics). ## Security architecture Advanced Identity Cloud provides full-tenant isolation in a multi-tenant cloud service by using individual trust zones. Each tenant environment is a dedicated trust zone that shares no code, data, or identities with other customers' environments. This prevents any accidental or malicious commingling. All data is encrypted at rest and in transmission to prevent unauthorized access and data breaches. Each tenant environment is built from a standard template, hosted using a common technology base, maintained according to a consistent set of processes, and continually upgraded to the latest code base. The infrastructure uses consistency, standardization, and automation to deliver a highly available service. ## Comparison of environment characteristics ### General characteristics | Characteristic | Sandbox\[[1](#_footnotedef_1 "View footnote.")] | Development | UAT\[[2](#_footnotedef_2 "View footnote.")] | Staging | Production | | ---------------------------------------------------------------------- | --------------------------------------------------------------- | --------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | | [Release channel](../release-notes/release-process.html#rapid-channel) | Rapid | Regular | Regular | Regular | Regular | | Mutable static configuration | [icon: check, set=fa]Yes | [icon: check, set=fa]Yes | [icon: times, set=fa]No | [icon: times, set=fa]No | [icon: times, set=fa]No | | Part of a promotion pipeline | [icon: times, set=fa]No | [icon: check, set=fa]Yes | [icon: check, set=fa]Yes | [icon: check, set=fa]Yes | [icon: check, set=fa]Yes | | Highly available | [icon: times, set=fa]No | [icon: times, set=fa]No | [icon: check, set=fa]Yes | [icon: check, set=fa]Yes | [icon: check, set=fa]Yes | | Max identities supported | 10k | 10k | Based on your subscription | Based on your subscription | Based on your subscription | | Penetration and load testing allowed | [icon: times, set=fa]No\[[3](#_footnotedef_3 "View footnote.")] | [icon: times, set=fa]No\[[3](#_footnotedef_3 "View footnote.")] | [icon: check, set=fa]Yes\[[3](#_footnotedef_3 "View footnote.")] | [icon: check, set=fa]Yes\[[3](#_footnotedef_3 "View footnote.")] | [icon: times, set=fa]No\[[3](#_footnotedef_3 "View footnote.")] | | Uptime monitored with Pingdom | [icon: times, set=fa]No | [icon: check, set=fa]Yes | [icon: check, set=fa]Yes | [icon: check, set=fa]Yes | [icon: check, set=fa]Yes | | Monitored with statuspage.io | [icon: times, set=fa]No | [icon: times, set=fa]No | [icon: times, set=fa]No | [icon: times, set=fa]No | [icon: check, set=fa]Yes | | End-user traffic permitted \[[4](#_footnotedef_4 "View footnote.")] | [icon: times, set=fa]No | [icon: times, set=fa]No | [icon: times, set=fa]No | [icon: times, set=fa]No | [icon: check, set=fa]Yes | | Service level agreement | [icon: times, set=fa]No | [icon: times, set=fa]No | [icon: times, set=fa]No | [icon: times, set=fa]No | [icon: check, set=fa]Yes | | Log retention (days) | 30 | 30 | 30 | 30 | 30 | | Backup interval (hours) | 1 | 1 | 1 | 1 | 1 | | Backup retention (days) | 3 | 7 | 30 | 30 | 30 | ### Recovery time objective (RTO) and recovery point objective (RPO) #### All deployment options | Characteristic | Sandbox\[[1](#_footnotedef_1 "View footnote.")] | Development | UAT\[[2](#_footnotedef_2 "View footnote.")] | Staging | Production | | --------------------------------------- | ----------------------------------------------- | ----------- | ------------------------------------------- | --------- | ---------- | | Availability zone disaster recovery RTO | Near zero | Near zero | Near zero | Near zero | Near zero | | Availability zone disaster recovery RPO | Near zero | Near zero | Near zero | Near zero | Near zero | #### Single-region deployment | Characteristic | Sandbox\[[1](#_footnotedef_1 "View footnote.")] | Development | UAT\[[2](#_footnotedef_2 "View footnote.")] | Staging | Production | | ------------------------------------------------------- | ----------------------------------------------- | ----------- | ------------------------------------------- | ----------- | ------------- | | Backup and restore RTO | Best effort | Best effort | Best effort | Best effort | Under 1 hour | | In-region disaster recovery RTO | N/A | Best effort | Best effort | Best effort | Under 1 hour | | In-region RPO | N/A | N/A | N/A | N/A | Under 1 hour | | Backup region disaster recovery RTO | N/A | Best effort | Best effort | Best effort | Under 4 hours | | Backup region with Secure Connect disaster recovery RTO | N/A | Best effort | Best effort | Best effort | Under 4 hours | | Backup region RPO | N/A | N/A | N/A | N/A | Under 1 hour | #### Multi-region deployment\[[5](#_footnotedef_5 "View footnote.")] | Characteristic | Sandbox\[[1](#_footnotedef_1 "View footnote.")] | Development | UAT\[[2](#_footnotedef_2 "View footnote.")] | Staging | Production | | -------------------------------- | ----------------------------------------------- | ----------- | ------------------------------------------- | -------------------------------------------------------- | -------------------------------------------------------- | | Failover to secondary region RTO | N/A | N/A | N/A | Under 10 minutes\[[6](#_footnotedef_6 "View footnote.")] | Under 10 minutes\[[6](#_footnotedef_6 "View footnote.")] | | Failover to secondary region RPO | N/A | N/A | N/A | Near zero\[[6](#_footnotedef_6 "View footnote.")] | Near zero\[[6](#_footnotedef_6 "View footnote.")] | Learn more in [Architecture, availability, and disaster recovery](environments-architecture-availability-disaster-recovery.html). ## Tenant environment FQDNs Ping Identity creates a separate FQDN (fully qualified domain name) for each of your tenant environments. ### FQDN format The FQDN of each tenant environment uses a naming convention based on a combination of these values: | Name | Description | Example | | ------------------------ | ---------------------------------------------------------------------------------------------------- | ---------------- | | Sandbox base name | A tenant sandbox base name you provide to your Ping Identity representative. | mycompanysandbox | | Base name | A tenant base name you provide to your Ping Identity representative. | mycompany | | Data region abbreviation | The [data region](environments-data-residency.html#regions) your tenant environments are located in. | usw1 | | Tenant environment type | The type of tenant environment. | staging | * For your sandbox\[[1](#_footnotedef_1 "View footnote.")] environments, the FQDN naming convention is: \ = openam-\\-\.forgeblocks.com So, for a company with a sandbox base name "mycompanysandbox" using the London data location ("ew2") and with two sandbox environments, the tenant environment FQDNs would be: * openam-**mycompanysandbox1**-**ew2**.forgeblocks.com * openam-**mycompanysandbox2**-**ew2**.forgeblocks.com * For your development, UAT\[[2](#_footnotedef_2 "View footnote.")], and staging environments, the FQDN naming convention is: \ = openam-\-\-\.id.forgerock.io So, for a company with a base name "mycompany" using the London data location ("ew2") and with two UAT environments, the tenant environment FQDNs would be: * openam-**mycompany**-**ew2**-**dev**.id.forgerock.io * openam-**mycompany**-**ew2**-**uat**.id.forgerock.io * openam-**mycompany**-**ew2**-**uat2**.id.forgerock.io * openam-**mycompany**-**ew2**-**staging**.id.forgerock.io * For your production environment, the FQDN naming convention is: \ = openam-\-\.id.forgerock.io So, for a company with a base name "mycompany" using the London data location ("ew2") the tenant environment FQDN would be: * openam-**mycompany**-**ew2**.id.forgerock.io ### Confirm the FQDN in tenant settings You can confirm a tenant environment's FQDN by checking its tenant settings: 1. In the Advanced Identity Cloud admin console, open the TENANT menu (upper right), then go to [icon: settings, set=material, size=inline] Tenant Settings > Details. 2. The tenant environment's FQDN is displayed under the label Tenant Name. ### FQDN placeholder in API examples In the API examples throughout Advanced Identity Cloud documentation, the tenant environment FQDN is represented using the placeholder \. The following is an API example that uses the placeholder: ```none $ curl \ --request GET 'https:///openidm/config/external.email' \ --header 'Content-Type: application/json' \ --header 'Accept-API-Version: resource=1.0' \ --header 'Authorization: Bearer ' ``` *** [1](#_footnoteref_1). A [sandbox environment](environments-sandbox.html) is an [add-on capability](../product-information/add-on-capabilities.html).[2](#_footnoteref_2). A [user acceptance testing (UAT) environment](environments-uat.html) is an [add-on capability](../product-information/add-on-capabilities.html).[3](#_footnoteref_3). Learn more in [Advanced Identity Cloud penetration testing and load testing policy](../product-information/penetration-and-load-testing-policy.html).[4](#_footnoteref_4). Sandbox, development, UAT, and staging environments don't receive the same level of operational support as production, even when they contain personally identifiable information (PII) or end-user data. Sending end-user traffic to non-production environments is prohibited and not supported under any circumstances.[5](#_footnoteref_5). Multi-region deployment is an [add-on capability](../product-information/add-on-capabilities.html).[6](#_footnoteref_6). Multi-region deployment RTO and RPO values refer to the GA product that will be available in H2 2026. Learn more in [What are the RTO and RPO during the limited availability phase?](environments-architecture-multi-region-faq.html#what-are-the-rto-and-rpo-during-the-limited-availability-phase)