About Oracle Identity Cloud Service Pricing Models

There are two pricing models for Oracle Identity Cloud Service:

  • User Per Month: Beginning with version 18.4.2, Oracle Identity Cloud Service has a new pricing model for its customers. This pricing model bills users on the activity that they perform with Oracle Identity Cloud Service on a monthly basis. This not only streamlines projected billing calculations, but also helps customers to more-accurately predict how much money they will spend for any given month.

  • Active User Per Hour: This pricing model is for existing Oracle Identity Cloud Service customers (as of version 18.3.6). However, because of the benefits associated with the User per Month pricing model, these customers can opt to switch to this model.

Understand the User Per Month Pricing Model

Learn about the pricing tiers for Oracle Identity Cloud Service for the User per Month pricing model and the features associated with each pricing tier.

For this pricing model, Oracle Identity Cloud Service has two pricing tiers:

  • Oracle Identity Cloud Service Foundation: Oracle provisions this free version of Oracle Identity Cloud Service for customers that subscribe to Oracle Software-as-a-Service (SaaS), Oracle Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) applications. A customer can use this version to provide basic identity management functionalities, including user management, group management, password management, and basic reporting. For additional features, as indicated in the table below, a subscription to Oracle Identity Cloud Service Standard is required.

  • Oracle Identity Cloud Service Standard: This licensed edition provides customers with an additional set of Oracle Identity Cloud Service features to integrate with other Oracle Cloud services, including Oracle Cloud SaaS and PaaS, custom applications hosted on-premises, on Oracle Cloud, or on a third-party cloud, as well as third-party SaaS applications. Features listed in this pricing tier are applicable for both Enterprise users and Consumer users.

    An incentive of the Standard tier for the User per Month pricing model is the Bring Your Own License (BYOL) program. If you're an Oracle customer who's using certain Oracle identity management on-premises technologies and is paying support for these technologies, then you can subscribe to the BYOL Standard tier and use the features of this tier at the BYOL rate.

See Buying an Oracle Cloud Subscription for more information about the payment plans available with Oracle Identity Cloud Service.

The following table illustrates the features associated with each Oracle Identity Cloud Service pricing tier:

Feature Description Foundation Standard
User and Group Management Manage the lifecycle of users and groups in Oracle Identity Cloud Service. Users and groups can be onboarded manually or can be imported in bulk from a CSV file. You can grant user access to various applications by assigning users to the applications directly, or by assigning users to groups and groups to applications. Check mark Check mark
Self-Service Profile Management Perform self-service capabilities to update user profile attributes, change passwords, manage linked social login accounts, view and manage devices registered for second-factor verification, and generate second-factor bypass codes. Check mark Check mark
Self-Service Password Reset Perform self-service reset of users’ forgotten passwords.

Check mark

(using password challenge questions and answers)

Check mark

(using other factors, including SMS and push notifications)

SSO for Oracle Cloud Services Authenticate to Oracle Identity Cloud Service and gain single-click access to Oracle Cloud services. Check mark Check mark
External Identity Provider Federation Configure a SAML 2.0 external identity provider such as Active Directory Federation Services (AD FS) for federated SSO to Oracle Identity Cloud Service.

Check mark

(for one SAML identity provider)

Check mark

(for more than one SAML identity provider)

Basic User Provisioning and Synchronization for Oracle Cloud Apps Provision user accounts to multiple Oracle SaaS and Oracle PaaS applications from a list of pre-configured provisioning templates in the App Catalog. You can also enable account synchronization to detect and synchronize any changes made directly on these target applications. Although you can use the provisioning templates, you can't change the default attribute mappings for provisioning and synchronization, or make any configuration changes to them. Check mark Check mark
Sign-on Policies

Use these policies to define criteria that Oracle Identity Cloud Service uses to determine whether to allow a user to sign in to Oracle Identity Cloud Service or prevent a user from accessing Oracle Identity Cloud Service. By defining this criteria, you control access that users have to your applications based on conditions such as the identity providers that will be used to authenticate the users, the groups to which the users belong, whether the users are assigned to administrator roles in Oracle Identity Cloud Service, or whether the users are accessing Oracle Identity Cloud Service using an IP address that's contained in a network perimeter.

Oracle Identity Cloud Service provides you with a default sign-on policy. In addition to the default sign-on policy, you can add sign-on policies and associate them with specific apps. When a user uses one of these apps to attempt to sign in to Oracle Identity Cloud Service, Oracle Identity Cloud Service checks to see if the app has any sign-on policies associated with it. If so, then Oracle Identity Cloud Service evaluates the criteria of the sign-on rules assigned to the policy. If there are no sign-on policies for the app, then the default sign-on policy is evaluated by Oracle Identity Cloud Service.

Check mark

(for the default sign-on policy)

Check mark

(for any sign-on policies that you add)

Application Development SDKs Enable your mobile and web applications to authenticate to Oracle Identity Cloud Service by using software development kits (SDKs). Check mark Check mark
Security and Usage Reports Execute and view operational or historical reports that capture usage data about Oracle Identity Cloud Service users, and applications, and diagnostic level logs. Check mark Check mark
Oracle Identity Manager Connector for Oracle Identity Cloud Service Use this connector in Oracle Identity Manager to manage the complete lifecycle of users and groups in Oracle Identity Cloud Service from Oracle Identity Manager. This connector also enables access certification of SaaS resources, Segregation of Duties (SoD) violation checks during the request and approval process, and reports on SaaS app usage in Oracle Identity Manager. Check mark Check mark
App Catalog The App Catalog is a collection of partially configured application templates for thousands of SaaS applications, such as Amazon Web Services and Google Suite. Using the templates, you can define an application, configure SSO, and configure provisioning. Oracle creates and maintains the App Catalog for you, and provides step-by-step instructions that will help you to configure your applications.   Check mark
Identity Synchronization Configure one or more Microsoft Active Directory bridges to synchronize user identities and groups with Oracle Identity Cloud Service.   Check mark
User Self-Registration Enable Business-to-Business (B2B) and Business-to-Consumer (B2C) users to register themselves to Oracle Identity Cloud Service. You can also create multiple self-registration profiles to manage different sets of users and access to applications.   Check mark
Self-Service Access Request Enable users to request access to groups and applications from the App Catalog.   Check mark
SSO for Third-Party Cloud Services Authenticate to Oracle Identity Cloud Service and gain single-click access to third-party SaaS services configured using the App Catalog. The App Catalog is a collection of pre-seeded applications for popular SaaS applications, such as Amazon Web Services, Google Suite, Office 365, and so on, that support federation standards such as SAML 2.0 and OAuth 2.0. It also allows you to configure Secure Form Fill for applications that don't support these standards. Using the App Catalog, you can define the application, configure SSO, and configure provisioning. Oracle creates and maintains the App Catalog for you.   Check mark
SSO for Custom Applications For custom applications developed using Oracle Cloud services and deployed on Oracle Cloud (PaaS and IaaS), authenticate to Oracle Identity Cloud Service and gain single-click access to these applications.   Check mark
Delegated Authentication with Password Writeback Remove the need to synchronize user passwords between an on-premises Microsoft Active Directory enterprise directory structure and Oracle Identity Cloud Service. Users can use their Microsoft Active Directory passwords to sign in to Oracle Identity Cloud Service to access resources and applications protected by Oracle Identity Cloud Service.   Check mark
Multi-Factor Authentication (MFA) Enable strong authentication by configuring Multi-Factor Authentication (MFA) during user authentication. Configure device compliance policies and a wide variety of second factors, such as SMS, OTP, push notifications, and knowledge-based questions and answers.   Check mark
Adaptive Security Analyze contextual, risk, and threat information about the user, device, and network, and provide an intelligent, secure, and user-friendly way of providing access to corporate applications and resources. This also reduces the likelihood of online identity theft and fraud, which secures business applications even if the user’s device or the user’s account password is compromised.   Check mark
Social Authentication Configure one or more social identity providers so that users can log in to Oracle Identity Cloud Service with their social credentials.   Check mark
Advanced User Provisioning and Synchronization for Oracle Cloud Apps Support interactive provisioning to allow administrators to grant entitlements and specify values for application account attributes. Administrators can also synchronize entitlements and other application data from the application into Oracle Identity Cloud Service. In addition to interactive provisioning and synchronization, you can customize the pre-configured provisioning templates in the App Catalog by changing the default attribute mappings for provisioning and synchronization and making configuration changes to them.   Check mark
User Provisioning and Synchronization for Third-Party Cloud Apps Configure provisioning of user accounts to multiple third-party cloud apps, such as Google Suite, Office 365, and so on, from a list of pre-configured provisioning templates in the App Catalog. Enable account synchronization to detect and synchronize any changes made directly on these target applications.   Check mark
EBS Asserter Integrate your Oracle E-Business Suite environment with Oracle Identity Cloud Service for authentication and password management purposes by using a lightweight Java application known as the Oracle E-Business Suite (EBS) Asserter.   Check mark
Terms of Use Present disclaimers and acceptable use policies, also known as Terms of Use, to your users. Terms of Use helps you set the terms and conditions for your users to access your applications, based on user consent. This feature allows identity domain administrators to set relevant disclaimers for legal or compliance requirements and enforce the terms by refusing the service. You can configure Terms of Use on an application basis and collect consent from users before allowing them access to the application.   Check mark
App Gate

The Oracle Identity Cloud Service App Gate is a software appliance that you can use to provide Single Sign-On (SSO) and authorization for your on-premises applications. This enables you to use one appliance to provide SSO for multiple applications by allowing external users to access internal applications securely without the need for a VPN client.

From the App Gateway for Identity Cloud Service application, you can access the documentation for the App Gate. You can find this application on the Downloads page of the Identity Cloud Service console. To access this page, in the Identity Cloud Service console, expand the Navigation Drawer, click Settings, and then click Downloads.

  Check mark
WebGate

WebGate is a web-server plug-in that Oracle Access Management uses to protect on-premises web applications. It can be deployed on different web applications and web servers including, but not limited to, the Apache HTTP Server and Microsoft's Internet Information Services (IIS) web server.

Instead of relying on Oracle Access Manager as an authentication service, WebGate can now interact with Oracle Identity Cloud Service to protect these applications by authenticating users to access the applications. When an unauthenticated user tries to access any applications that are protected by Oracle Identity Cloud Service, the user is redirected to the Sign In page of Oracle Identity Cloud Service for authentication.

  Check mark
Schema Extension If you're creating your own UI, and can't find a schema attribute that you need from the base Oracle Identity Cloud Service schema attributes, then you can add your own custom attributes using the Identity Cloud Service console.   Check mark
Generic SCIM App Template With this template, you can provision or synchronize users between your custom applications and Oracle Identity Cloud Service. You can use this template to configure your custom applications so that the SCIM APIs are exposed, and you don't have to develop a single line of code. All that's required is to go to the App Catalog and search for a SCIM-managed app template. To use this template, you only have to provide your endpoint URL and the details that Oracle Identity Cloud Service requires to connect to your application, and then map the attributes between your application and Oracle Identity Cloud Service.   Check mark
SMS Messaging

The total SMS message count is a pool based on the total number of users who have enabled MFA with SMS multiplied by the number of messages per user per month.

Enterprise users are limited to 10 messages per user per month.

Consumer users are limited to three messages per user per month.

Any additional SMS messaging used beyond the limit is billed as additional Monthly users.

    Check mark

Understand the Active User Per Hour Pricing Model

Learn about the pricing tiers for Oracle Identity Cloud Service for the Active User per Hour pricing model and the features associated with each pricing tier.

For this pricing model, Oracle Identity Cloud Service has three pricing tiers:

  • Oracle Identity Cloud Service Foundation: Oracle provisions this free version of Oracle Identity Cloud Service for customers that subscribe to Oracle Software-as-a-Service (SaaS), Oracle Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) applications. A customer can use this version to provide basic identity management functionalities, including user management, group management, password management, and basic reporting. For additional features, as indicated in the table below, a subscription to Oracle Identity Cloud Service Basic or Oracle Identity Cloud Service Standard is required.
  • Oracle Identity Cloud Service Basic: This licensed edition provides all of the features of Oracle Identity Cloud Service Foundation plus the ability to synchronize Microsoft Active Directory user identities and groups into Oracle Identity Cloud Service.
  • Oracle Identity Cloud Service Standard: This licensed edition provides customers with an additional set of Oracle Identity Cloud Service features to integrate with other Oracle Cloud services, including Oracle Cloud SaaS and PaaS, custom applications hosted on-premises, on Oracle Cloud, or on a third-party cloud, as well as third-party SaaS applications. Features listed in this pricing tier are applicable for both Enterprise users and Consumer users.

See Buying an Oracle Cloud Subscription for more information about the payment plans available with Oracle Identity Cloud Service.

The following table illustrates the features associated with each Oracle Identity Cloud Service pricing tier:

Feature Description Foundation Basic Standard
User and Group Management Manage the life cycle of users and groups in Oracle Identity Cloud Service. Users and groups can be onboarded manually or can be imported in bulk from a CSV file. You can grant user access to various applications by assigning users to the applications directly, or by assigning users to groups and groups to applications. Check mark Check mark Check mark
Self-Service Profile Management Perform self-service capabilities to update user profile attributes, change passwords, manage linked social login accounts, view and manage devices registered for second-factor verification, and generate second-factor bypass codes. Check mark Check mark Check mark
Self-Service Password Reset Perform self-service reset of users’ forgotten passwords.

Check mark

(using password challenge questions and answers)

Check mark

Check mark

(using other factors, including SMS and push notifications)

SSO for Oracle Cloud Services Authenticate to Oracle Identity Cloud Service and gain single-click access to Oracle Cloud services. Check mark Check mark Check mark
Basic User Provisioning and Synchronization for Oracle Cloud Apps Provision user accounts to multiple Oracle SaaS and Oracle PaaS applications from a list of pre-configured provisioning templates in the App Catalog. You can also enable account synchronization to detect and synchronize any changes made directly on these target applications. Although you can use the provisioning templates, you can't change the default attribute mappings for provisioning and synchronization, or make any configuration changes to them. Check mark Check mark Check mark
Oracle Identity Manager Connector for Oracle Identity Cloud Service Use this connector in Oracle Identity Manager to manage the complete life cycle of users and groups in Oracle Identity Cloud Service from Oracle Identity Manager. This connector also enables access certification of SaaS resources, Segregation of Duties (SoD) violation checks during the request and approval process, and reports on SaaS app usage in Oracle Identity Manager. Check mark Check mark Check mark
Application Development SDKs Enable your mobile and web applications to authenticate to Oracle Identity Cloud Service by using software development kits (SDKs). Check mark Check mark Check mark
Security and Usage Reports Execute and view operational or historical reports that capture usage data about Oracle Identity Cloud Service users, and applications, and diagnostic level logs. Check mark Check mark Check mark
External Identity Provider Federation Configure a SAML 2.0 external identity provider such as Active Directory Federation Services (AD FS) for federated SSO to Oracle Identity Cloud Service.

Check mark

(for one SAML identity provider)

 

Check mark

(for more than one SAML identity provider)

Sign-on Policies

Use these policies to define criteria that Oracle Identity Cloud Service uses to determine whether to allow a user to sign in to Oracle Identity Cloud Service or prevent a user from accessing Oracle Identity Cloud Service. By defining this criteria, you control access that users have to your applications based on conditions such as the identity providers that will be used to authenticate the users, the groups to which the users belong, whether the users are assigned to administrator roles in Oracle Identity Cloud Service, or whether the users are accessing Oracle Identity Cloud Service using an IP address that's contained in a network perimeter.

Oracle Identity Cloud Service provides you with a default sign-on policy. In addition to the default sign-on policy, you can add sign-on policies and associate them with specific apps. When a user uses one of these apps to attempt to sign in to Oracle Identity Cloud Service, Oracle Identity Cloud Service checks to see if the app has any sign-on policies associated with it. If so, then Oracle Identity Cloud Service evaluates the criteria of the sign-on rules assigned to the policy. If there are no sign-on policies for the app, then the default sign-on policy is evaluated by Oracle Identity Cloud Service.

Check mark

(for the default sign-on policy)

 

Check mark

(for any sign-on policies that you add)

Identity Synchronization Configure one or more Microsoft Active Directory bridges to synchronize user identities and groups with Oracle Identity Cloud Service.   Check mark Check mark
App Catalog The App Catalog is a collection of partially configured application templates for thousands of SaaS applications, such as Amazon Web Services and Google Suite. Using the templates, you can define an application, configure SSO, and configure provisioning. Oracle creates and maintains the App Catalog for you, and provides step-by-step instructions that will help you to configure your applications.     Check mark
User Self-Registration Enable Business-to-Business (B2B) and Business-to-Consumer (B2C) users to register themselves to Oracle Identity Cloud Service. You can also create multiple self-registration profiles to manage different sets of users and access to applications.     Check mark
Self-Service Access Request Enable users to request access to groups and applications from the App Catalog.     Check mark
SSO for Third-Party Cloud Services Authenticate to Oracle Identity Cloud Service and gain single-click access to third-party SaaS services configured using the App Catalog. The App Catalog is a collection of pre-seeded applications for popular SaaS applications, such as Amazon Web Services, Google Suite, Office 365, and so on, that support federation standards such as SAML 2.0 and OAuth 2.0. It also allows you to configure Secure Form Fill for applications that don't support these standards. Using the App Catalog, you can define the application, configure SSO, and configure provisioning. Oracle creates and maintains the App Catalog for you.     Check mark
SSO for Custom Applications For custom applications developed using Oracle Cloud services and deployed on Oracle Cloud (PaaS and IaaS), authenticate to Oracle Identity Cloud Service and gain single-click access to these applications.     Check mark
Delegated Authentication with Password Writeback Remove the need to synchronize user passwords between an on-premises Microsoft Active Directory enterprise directory structure and Oracle Identity Cloud Service. Users can use their Microsoft Active Directory passwords to sign in to Oracle Identity Cloud Service to access resources and applications protected by Oracle Identity Cloud Service.     Check mark
Multi-Factor Authentication (MFA) Enable strong authentication by configuring Multi-Factor Authentication (MFA) during user authentication. Configure device compliance policies and a wide variety of second factors, such as SMS, OTP, push notifications, and knowledge-based questions and answers.     Check mark
Adaptive Security Analyze contextual, risk, and threat information about the user, device, and network, and provide an intelligent, secure, and user-friendly way of providing access to corporate applications and resources. This also reduces the likelihood of online identity theft and fraud, which secures business applications even if the user’s device or the user’s account password is compromised.     Check mark
Social Authentication Configure one or more social identity providers so that users can log in to Oracle Identity Cloud Service with their social credentials.     Check mark
Advanced User Provisioning and Synchronization for Oracle Cloud Apps Support interactive provisioning to allow administrators to grant entitlements and specify values for application account attributes. Administrators can also synchronize entitlements and other application data from the application into Oracle Identity Cloud Service. In addition to interactive provisioning and synchronization, you can customize the pre-configured provisioning templates in the App Catalog by changing the default attribute mappings for provisioning and synchronization and making configuration changes to them.     Check mark
User Provisioning and Synchronization for Third-Party Cloud Apps Configure provisioning of user accounts to multiple third-party cloud apps, such as Google Suite, Office 365, and so on, from a list of pre-configured provisioning templates in the App Catalog. Enable account synchronization to detect and synchronize any changes made directly on these target applications.     Check mark
EBS Asserter Integrate your Oracle E-Business Suite environment with Oracle Identity Cloud Service for authentication and password management purposes by using a lightweight Java application known as the Oracle E-Business Suite (EBS) Asserter.     Check mark
Terms of Use Present disclaimers and acceptable use policies, also known as Terms of Use, to your users. Terms of Use helps you set the terms and conditions for your users to access your applications, based on user consent. This feature allows identity domain administrators to set relevant disclaimers for legal or compliance requirements and enforce the terms by refusing the service. You can configure Terms of Use on an application basis and collect consent from users before allowing them access to the application.     Check mark
App Gate

The Oracle Identity Cloud Service App Gate is a software appliance that you can use to provide Single Sign-On (SSO) and authorization for your on-premises applications. This enables you to use one appliance to provide SSO for multiple applications by allowing external users to access internal applications securely without the need for a VPN client.

From the App Gateway for Identity Cloud Service application, you can access the documentation for the App Gate. You can find this application on the Downloads page of the Identity Cloud Service console. To access this page, in the Identity Cloud Service console, expand the Navigation Drawer, click Settings, and then click Downloads.

    Check mark
WebGate

WebGate is a web-server plug-in that Oracle Access Management uses to protect on-premises web applications. It can be deployed on different web applications and web servers including, but not limited to, the Apache HTTP Server and Microsoft's Internet Information Services (IIS) web server.

Instead of relying on Oracle Access Manager as an authentication service, WebGate can now interact with Oracle Identity Cloud Service to protect these applications by authenticating users to access the applications. When an unauthenticated user tries to access any applications that are protected by Oracle Identity Cloud Service, the user is redirected to the Sign In page of Oracle Identity Cloud Service for authentication.

    Check mark
Schema Extension If you're creating your own UI, and can't find a schema attribute that you need from the base Oracle Identity Cloud Service schema attributes, then you can add your own custom attributes using the Identity Cloud Service console.     Check mark
Generic SCIM App Template With this template, you can provision or synchronize users between your custom applications and Oracle Identity Cloud Service. You can use this template to configure your custom applications so that the SCIM APIs are exposed, and you don't have to develop a single line of code. All that's required is to go to the App Catalog and search for a SCIM-managed app template. To use this template, you only have to provide your endpoint URL and the details that Oracle Identity Cloud Service requires to connect to your application, and then map the attributes between your application and Oracle Identity Cloud Service.     Check mark
SMS Messaging

The total SMS message count is a pool based on the total number of users who have enabled MFA with SMS multiplied by the number of messages per user per month.

Enterprise users are limited to 10 messages per user per month.

Consumer users are limited to three messages per user per month.

Any additional SMS messaging used beyond the limit is billed as additional Active users.

    Check mark