1. Administering Oracle Identity Cloud Service
  2. Get Started
  3. Get Started with Oracle Identity Cloud Service
  4. About Oracle Identity Cloud Service Pricing Models

About Oracle Identity Cloud Service Pricing Models

There are two pricing models for Oracle Identity Cloud Service.

  • User Per Month: Beginning with version 18.4.2, Oracle Identity Cloud Service has a new pricing model for its customers. This pricing model bills users on the activity that they perform with Oracle Identity Cloud Service on a monthly basis. This not only streamlines projected billing calculations, but also helps customers to more-accurately predict how much money they will spend for any given month.

  • Active User Per Hour: This pricing model is no longer available for new customers. The information below on this pricing model is included only for existing customers with active contracts that specify this pricing model.

See Oracle Platform as a Service and Infrastructure as a Service – Public Cloud Service Descriptions-Metered & Non-Metered for a complete list of public cloud service descriptions.

Understand the User Per Month Pricing Model

Learn about the pricing tiers for Oracle Identity Cloud Service for the User per Month pricing model and the features associated with each pricing tier.

For this pricing model, Oracle Identity Cloud Service has two pricing tiers:

  • Oracle Identity Cloud Service Foundation: Oracle provides this free version of Oracle Identity Cloud Service for customers that subscribe to Oracle Software-as-a-Service (SaaS), Oracle Platform-as-a-Service (PaaS), and Oracle Cloud Infrastructure only.

    A customer can use this version to provide basic identity management functions, including user management, group management, password management, and basic reporting. For additional features, as indicated in the table below, a subscription to Oracle Identity Cloud Service Standard is required.

    A customer can’t use this version to integrate with third-party SaaS, PaaS, custom web or mobile applications, programmatic clients or On-Premises applications, even if those applications are hosted on Oracle Cloud Infrastructure. Those use cases require Oracle Identity Cloud Service Standard.

  • Oracle Identity Cloud Service Standard: This licensed edition provides customers with an additional set of Oracle Identity Cloud Service features to integrate with other Oracle Cloud services, including Oracle Cloud SaaS and PaaS, custom applications hosted on-premises, on Oracle Cloud, or on a third-party cloud, as well as third-party SaaS applications. Features listed in this pricing tier are applicable for both Enterprise users and Consumer users.

    An incentive of the Standard tier for the User per Month pricing model is the Bring Your Own License (BYOL) program. If you're an Oracle customer who's using certain Oracle identity management on-premises technologies and is paying support for these technologies, then you can subscribe to the BYOL Standard tier and use the features of this tier at the BYOL rate.

See Buy an Oracle Cloud Subscription for more information about the payment plans available with Oracle Identity Cloud Service.

Note:

Once you have decided on the pricing model, you're reminded of which one you purchased by Licence Type: Foundation or Licence Type: Standard shown in the top right of the Identity Cloud Service console.

The following table illustrates the features associated with each Oracle Identity Cloud Service pricing tier:

Feature Description Foundation Standard
License Types

Available: Oracle Identity Cloud - Enterprise User - User Per Month, Oracle Identity Cloud - Consumer User - User Per Month, Oracle Identity Cloud - Enterprise User - BYOL - User Per Month, Oracle Identity Cloud - Consumer User - BYOL - User Per Month, Oracle Identity Foundation Cloud Service

Default (for primordial instance): Oracle Identity Foundation Cloud Service

Options: Customer intending to use paid IDCS features should update the instance to one of the paid SKUs (based on usage, on-premises license, and other factors).

   
Group-Based Password Policies

You can create multiple password policies in Oracle Identity Cloud Service, set the priority of these policies to determine in which order they apply, and then attach them to groups.

  Check mark
User and Group Management Manage the lifecycle of users and groups in Oracle Identity Cloud Service. Users and groups can be onboarded manually or can be imported in bulk from a CSV file. Check mark Check mark
User and Group Management Grant user access to various applications by assigning users to the applications directly, or by assigning users to groups and groups to applications. Check mark Check mark
Self-Service Profile Management Perform self-service capabilities to update user profile attributes and change passwords. Check mark  
Advanced Self-Service Profile Management Perform self-service capabilities to update user profile attributes, change passwords, manage linked social login accounts, view and manage devices registered for second-factor verification, and generate second-factor bypass codes.   Check mark
Self-Service Password Reset Perform self-service reset of users’ forgotten passwords.

Check mark

(using challenge questions and answers)

Check mark

(using all factors including email, SMS and push notifications)
SSO for Oracle Cloud Services

Authenticate to Oracle Identity Cloud Service and gain single-click access to Oracle Cloud services.

This includes SSO between two Oracle Identity Cloud Service instances.

Check mark Check mark
External Identity Provider Federation Configure a SAML 2.0 external identity provider such as Active Directory Federation Services (AD FS) for federated SSO to Oracle Identity Cloud Service.

Check mark

(for one SAML identity provider)

Check mark

(for more than one SAML identity provider)
Basic User Provisioning and Synchronization for Oracle Cloud Apps Provision user accounts to multiple Oracle SaaS and Oracle PaaS applications. You can also enable account synchronization to detect and synchronize any changes made directly on these target applications. Although you can use the provisioning templates, you can't change the default attribute mappings for provisioning and synchronization, or make any configuration changes to them. Check mark Check mark
Sign-on Policies

Use these policies to define criteria that Oracle Identity Cloud Service uses to determine whether to allow a user to sign in to Oracle Identity Cloud Service or prevent a user from accessing Oracle Identity Cloud Service. By defining this criteria, you control access that users have to your applications based on conditions such as the identity providers that will be used to authenticate the users, the groups to which the users belong, whether the users are assigned to administrator roles in Oracle Identity Cloud Service, or whether the users are accessing Oracle Identity Cloud Service using an IP address that's contained in a network perimeter.

Oracle Identity Cloud Service provides you with a default sign-on policy. In addition to the default sign-on policy, you can add sign-on policies and associate them with specific apps. When a user uses one of these apps to attempt to sign in to Oracle Identity Cloud Service, Oracle Identity Cloud Service checks to see if the app has any sign-on policies associated with it. If so, then Oracle Identity Cloud Service evaluates the criteria of the sign-on rules assigned to the policy. If there are no sign-on policies for the app, then the default sign-on policy is evaluated by Oracle Identity Cloud Service.

Check mark

(for the default sign-on policy)

Check mark

(for any sign-on policies that you add)
Application Development SDKs Enable your mobile and web applications to authenticate to Oracle Identity Cloud Service by using software development kits (SDKs). Check mark Check mark
Security and Usage Reports Execute and view operational or historical reports that capture usage data about Oracle Identity Cloud Service users, and applications, and diagnostic level logs. Check mark Check mark
Oracle Identity Manager Connector for Oracle Identity Cloud Service Use this connector in Oracle Identity Manager to manage the complete lifecycle of users and groups in Oracle Identity Cloud Service from Oracle Identity Manager. This connector also enables access certification of SaaS resources, Segregation of Duties (SoD) violation checks during the request and approval process, and reports on SaaS app usage in Oracle Identity Manager. Check mark Check mark
App Catalog

The App Catalog is a collection of partially configured application templates for thousands of SaaS applications, such as Amazon Web Services and Google Suite. Using the templates, you can define an application, configure SSO, and configure provisioning. Oracle creates and maintains the App Catalog for you, and provides step-by-step instructions that will help you to configure your applications.

Note: For Oracle SaaS application SSO and provisioning, refer to the descriptions in the SSO for Oracle Cloud Services and the Basic User Provisioning and Synchronization for Oracle Cloud Apps rows above.

  Check mark
Active Directory Synchronization Use one or more Microsoft Active Directory bridges to synchronize identities and groups with Oracle Identity Cloud Service.   Check mark
User Self-Registration Enable Business-to-Business (B2B) and Business-to-Consumer (B2C) users to register themselves to Oracle Identity Cloud Service. You can also create multiple self-registration profiles to manage different sets of users and access to applications.   Check mark
Self-Service Access Request Enable users to request access to groups and applications from the App Catalog.   Check mark
SSO for Third-Party Cloud Services Authenticate to Oracle Identity Cloud Service and gain single-click access to third-party SaaS services configured using the App Catalog. The App Catalog is a collection of pre-seeded applications for popular SaaS applications, such as Amazon Web Services, Google Suite, Office 365, and so on, that support federation standards such as SAML 2.0 and OAuth 2.0. It also allows you to configure Secure Form Fill for applications that don't support these standards. Using the App Catalog, you can define the application, configure SSO, and configure provisioning. Oracle creates and maintains the App Catalog for you.   Check mark
SSO for Custom Applications For custom applications developed using Oracle Cloud services and deployed on Oracle Cloud (PaaS and IaaS), authenticate to Oracle Identity Cloud Service and gain single-click access to these applications.   Check mark
RADIUS Proxy Remote Authentication Dial In User Service (RADIUS) is a network protocol—a system that defines rules and conventions for communication between network devices—for remote user authentication and accounting.   Check mark
Delegated Authentication with Password Writeback Remove the need to synchronize user passwords between an on-premises Microsoft Active Directory enterprise directory structure and Oracle Identity Cloud Service. Users can use their Microsoft Active Directory passwords to sign in to Oracle Identity Cloud Service to access resources and applications protected by Oracle Identity Cloud Service.   Check mark
Linux-PAM Module

Use the Oracle Identity Cloud Service Linux Pluggable Authentication Module (PAM) to integrate your Linux environment with Oracle Identity Cloud Service to facilitate authentication to Linux hosts.

  Check mark
Multi-Factor Authentication (MFA) Enable strong authentication by configuring Multi-Factor Authentication (MFA) during user authentication. Configure device compliance policies and a wide variety of second factors, such as SMS, OTP, push notifications, and knowledge-based questions and answers.

Check mark

(Limited Use - Allowed for the Oracle Cloud Console only; Allowed factors: Mobile app passcode, Mobile app notification, Bypass code, FIDO, and Duo. Also, one additional sign-on policy is allowed to protect the Oracle Cloud Console [Application name - OCI-V2-App-<TenancyName>])

Check mark
Adaptive Security Analyze contextual, risk, and threat information about the user, device, and network, and provide an intelligent, secure, and user-friendly way of providing access to corporate applications and resources. This also reduces the likelihood of online identity theft and fraud, which secures business applications even if the user’s device or the user’s account password is compromised.   Check mark
Social Authentication Configure one or more social identity providers so that users can log in to Oracle Identity Cloud Service with their social credentials.   Check mark
Advanced User Provisioning and Synchronization for Oracle Cloud Apps Support interactive provisioning to allow administrators to grant entitlements and specify values for application account attributes. Administrators can also synchronize entitlements and other application data from the application into Oracle Identity Cloud Service. In addition to interactive provisioning and synchronization, you can customize the pre-configured provisioning templates in the App Catalog by changing the default attribute mappings for provisioning and synchronization and making configuration changes to them.   Check mark
User Provisioning and Synchronization for Third-Party Cloud Apps Configure provisioning of user accounts to multiple third-party cloud apps, such as Google Suite, Office 365, and so on, from a list of pre-configured provisioning templates in the App Catalog. Enable account synchronization to detect and synchronize any changes made directly on these target applications.   Check mark
Just In Time Provisioning Just in time (JIT) provisioning automates the process of creating user accounts in connected applications. It uses the SAML protocol to provide necessary information from the identity provider (IDP) to the application.   Check mark
EBS Asserter Integrate your Oracle E-Business Suite environment with Oracle Identity Cloud Service for authentication and password management purposes by using a lightweight Java application known as the Oracle E-Business Suite (EBS) Asserter. The right to use Oracle E-Business Suite Asserter also includes the right to use WebLogic Server Enterprise Edition solely for the purposes of running the asserter application in accordance with all terms and conditions as described in the Oracle Fusion Middleware Licensing Information User Manual.   Check mark
Terms of Use Present disclaimers and acceptable use policies, also known as Terms of Use, to your users. Terms of Use helps you set the terms and conditions for your users to access your applications, based on user consent. This feature allows identity domain administrators to set relevant disclaimers for legal or compliance requirements and enforce the terms by refusing the service. You can configure Terms of Use on an application basis and collect consent from users before allowing them access to the application.   Check mark
App Gateway

The Oracle Identity Cloud Service App Gateway is a software appliance that you can use to provide Single Sign-On (SSO) and authorization for your on-premises applications. This enables you to use one appliance to provide SSO for multiple applications by allowing external users to access internal applications securely without the need for a VPN client.

From the App Gateway for Identity Cloud Service application, you can access the documentation for the App Gateway. You can find this application on the Downloads page of the Identity Cloud Service console. To access this page, in the Identity Cloud Service console, expand the Navigation Drawer, click Settings, and then click Downloads.

  Check mark
WebGate

WebGate is a web-server plug-in that Oracle Access Management uses to protect on-premises web applications. It can be deployed on different web applications and web servers including, but not limited to, the Apache HTTP Server and Microsoft's Internet Information Services (IIS) web server.

Instead of relying on Oracle Access Manager as an authentication service, WebGate can now interact to protect these applications by authenticating users to access the applications. When an unauthenticated user tries to access any applications that are protected by Oracle Identity Cloud Service, the user is redirected to the Sign In page of Oracle Identity Cloud Service for authentication.

  Check mark
Schema Extension If you're creating your own UI, and can't find a schema attribute that you need from the base Oracle Identity Cloud Service schema attributes, then you can add your own custom attributes using the Identity Cloud Service console.   Check mark
Generic SCIM App Template

With this template, you can provision or synchronize users between your applications and Oracle Identity Cloud Service. You can use this template to configure your applications so that the SCIM APIs are exposed, and you don't have to develop a single line of code. All that's required is to go to the App Catalog and search for a SCIM-managed app template. To use this template, you only have to provide your endpoint URL and the details that Oracle Identity Cloud Service requires to connect to your application, and then map the attributes between your application and Oracle Identity Cloud Service.

Using the SCIM template to sync users between Oracle Identity Cloud Service and non-Oracle end points is a paid tier feature.

  Check mark
Generic SCIM App Template

Using the SCIM template to sync users between two Oracle Identity Cloud Service instances.

Check mark  
SMS Messaging

The total SMS message count is a pool based on the total number of users who have enabled MFA with SMS multiplied by the number of messages per user per month.

Enterprise users are limited to 10 messages per user per month.

Consumer users are limited to three messages per user per month.

Any additional SMS messaging used beyond the limit is billed as additional Monthly users.

   Check mark
Advanced OAuth Capabilities Use advanced capabilities such as Custom Claims, Token Issuance Policies and apply Sign-On Policies to custom OAuth applications to control token issuance.   Check mark
Social Login Enable consumers to access applications using out-of-the-box social providers, define custom social providers (using the metadata-driven declarative providers feature), enable explicit and and social data capture using Oracle Identity Cloud Service.   Check mark
Provisioning Bridge Use one or more Provisioning Bridges to provision and synchronize identities, groups, and application user accounts with applications with Oracle Identity Cloud Service.   Check mark
Create custom mobile, desktop, and web applications using OAuth 2.0 and OpenID Connect Develop web, desktop and mobile applications using OAuth 2.0 and OpenID Connect to secure APIs and to integrate with API Gateways. Use Custom Claims to enrich claims and policies to control token issuance.   Check mark

API Rate Limits

Understand API rate limits for Foundation edition, and Enterprise users and Consumer users (Standard edition).

Oracle APIs are subject to rate limiting to protect the API service usage for all of Oracle's customers. If you reach the API limit for Foundation, Enterprise, or Consumer, then a 429 error code is returned.

This table shows the API rate limits for the different editions.

  Foundation Edition Standard Edition - Enterprise Standard Edition - Consumer
AuthN / sec 50 95 90
AuthN / min 1000 4500 3100
Token Mgmt / sec 40 65 60
Token Mgmt / min 1000 3400 2300
Others / sec (excluding bulk, import and export) 50 90 80
Others / min (excluding bulk, import and export) 1500 5000 4000
Bulk / sec 1 2 2
Bulk / min 2 6 6
Import and export / day 2 5 5

Understand the Active User Per Hour Pricing Model

Learn about the pricing tiers for Oracle Identity Cloud Service for the Active User per Hour pricing model and the features associated with each pricing tier. This pricing model is no longer available for new customers. The information below on this pricing model is included only for existing customers with active contracts that specify this pricing model.

For this pricing model, Oracle Identity Cloud Service has three pricing tiers:

  • Oracle Identity Cloud Service Foundation: Oracle provisions the Enterprise version of Oracle Identity Cloud Service for customers that subscribe to Oracle Software-as-a-Service (SaaS), Oracle Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) applications. Customers are then charged based on the features they use.

    A customer can use this version to provide basic identity management functions, including user management, group management, password management, and basic reporting. For additional features, as indicated in the table below, a subscription to Oracle Identity Cloud Service Basic or Oracle Identity Cloud Service Standard is required.

    A customer can’t use this version to integrate with third-party SaaS, PaaS, custom web or mobile applications, programmatic clients or On-Premises applications, even if those applications are hosted on Oracle Cloud Infrastructure. Those use cases require Oracle Identity Cloud Service Standard.

  • Oracle Identity Cloud Service Basic: This licensed edition provides all of the features of Oracle Identity Cloud Service Foundation plus the ability to synchronize Microsoft Active Directory user identities and groups into Oracle Identity Cloud Service.

  • Oracle Identity Cloud Service Standard: This licensed edition provides customers with an additional set of Oracle Identity Cloud Service features to integrate with other Oracle Cloud services, including Oracle Cloud SaaS and PaaS, custom applications hosted on-premises, on Oracle Cloud, or on a third-party cloud, as well as third-party SaaS applications. Features listed in this pricing tier are applicable for both Enterprise users and Consumer users.

See Buy an Oracle Cloud Subscription for more information about the payment plans available with Oracle Identity Cloud Service.

Note:

Once you have decided on the pricing model, you're reminded of which one you purchased by License Type: Foundation or License Type: Standard shown in the top right of the Identity Cloud Service console.

The following table illustrates the features associated with each Oracle Identity Cloud Service pricing tier:

Feature Description Foundation Basic Standard
License Types

Available: Enterprise, B2C

Default: Enterprise

Options: Customer can change to B2C if using the IDCS instance to manage external users. Foundation is just a tier of features.

     
Group-Based Password Policies

You can create multiple password policies in Oracle Identity Cloud Service, set the priority of these policies to determine in which order they apply, and then attach them to groups.

    Check mark
User and Group Management Manage the life cycle of users and groups in Oracle Identity Cloud Service. Users and groups can be onboarded manually or can be imported in bulk from a CSV file. You can grant user access to various applications by assigning users to the applications directly, or by assigning users to groups and groups to applications. Check mark Check mark Check mark
Self-Service Profile Management Perform self-service capabilities to update user profile attributes and change passwords. Check mark    
Advanced Self-Service Profile Management Perform self-service capabilities to update user profile attributes, change passwords, manage linked social login accounts, view and manage devices registered for second-factor verification, and generate second-factor bypass codes.   Check mark Check mark
Self-Service Password Reset Perform self-service reset of users’ forgotten passwords.

Check mark

(using challenge questions and answers)

 Check mark

Check mark

(using all factors including email, SMS and push notifications)

SSO for Oracle Cloud Services

Authenticate to Oracle Identity Cloud Service and gain single-click access to Oracle Cloud services.

This includes SSO between two Oracle Identity Cloud Service instances.

Check mark Check mark Check mark
Basic User Provisioning and Synchronization for Oracle Cloud Apps Provision user accounts to multiple Oracle SaaS and Oracle PaaS applications. You can also enable account synchronization to detect and synchronize any changes made directly on these target applications. Although you can use the provisioning templates, you can't change the default attribute mappings for provisioning and synchronization, or make any configuration changes to them. Check mark Check mark Check mark
Oracle Identity Manager Connector for Oracle Identity Cloud Service Use this connector in Oracle Identity Manager to manage the complete life cycle of users and groups in Oracle Identity Cloud Service from Oracle Identity Manager. This connector also enables access certification of SaaS resources, Segregation of Duties (SoD) violation checks during the request and approval process, and reports on SaaS app usage in Oracle Identity Manager. Check mark Check mark Check mark
Application Development SDKs Enable your mobile and web applications to authenticate to Oracle Identity Cloud Service by using software development kits (SDKs). Check mark Check mark Check mark
Security and Usage Reports Execute and view operational or historical reports that capture usage data about Oracle Identity Cloud Service users, and applications, and diagnostic level logs. Check mark Check mark Check mark
External Identity Provider Federation Configure a SAML 2.0 external identity provider such as Active Directory Federation Services (AD FS) for federated SSO to Oracle Identity Cloud Service.

Check mark

(for one SAML identity provider)

  

Check mark

(for more than one SAML identity provider)
Sign-on Policies

Use these policies to define criteria that Oracle Identity Cloud Service uses to determine whether to allow a user to sign in to Oracle Identity Cloud Service or prevent a user from accessing Oracle Identity Cloud Service. By defining this criteria, you control access that users have to your applications based on conditions such as the identity providers that will be used to authenticate the users, the groups to which the users belong, whether the users are assigned to administrator roles in Oracle Identity Cloud Service, or whether the users are accessing Oracle Identity Cloud Service using an IP address that's contained in a network perimeter.

Oracle Identity Cloud Service provides you with a default sign-on policy. In addition to the default sign-on policy, you can add sign-on policies and associate them with specific apps. When a user uses one of these apps to attempt to sign in to Oracle Identity Cloud Service, Oracle Identity Cloud Service checks to see if the app has any sign-on policies associated with it. If so, then Oracle Identity Cloud Service evaluates the criteria of the sign-on rules assigned to the policy. If there are no sign-on policies for the app, then the default sign-on policy is evaluated by Oracle Identity Cloud Service.

Check mark

(for the default sign-on policy)

  

Check mark

(for any sign-on policies that you add)
Active Directory Synchronization Use one or more Microsoft Active Directory bridges to synchronize identities and groups with Oracle Identity Cloud Service.   Check mark Check mark
App Catalog

The App Catalog is a collection of partially configured application templates for thousands of SaaS applications, such as Amazon Web Services and Google Suite. Using the templates, you can define an application, configure SSO, and configure provisioning. Oracle creates and maintains the App Catalog for you, and provides step-by-step instructions that will help you to configure your applications.

Note: For Oracle SaaS application SSO and provisioning, refer to the descriptions in the SSO for Oracle Cloud Services and the Basic User Provisioning and Synchronization for Oracle Cloud Apps rows above.

    Check mark
User Self-Registration Enable Business-to-Business (B2B) and Business-to-Consumer (B2C) users to register themselves to Oracle Identity Cloud Service. You can also create multiple self-registration profiles to manage different sets of users and access to applications.     Check mark
Self-Service Access Request Enable users to request access to groups and applications from the App Catalog.     Check mark
SSO for Third-Party Cloud Services Authenticate to Oracle Identity Cloud Service and gain single-click access to third-party SaaS services configured using the App Catalog. The App Catalog is a collection of pre-seeded applications for popular SaaS applications, such as Amazon Web Services, Google Suite, Office 365, and so on, that support federation standards such as SAML 2.0 and OAuth 2.0. It also allows you to configure Secure Form Fill for applications that don't support these standards. Using the App Catalog, you can define the application, configure SSO, and configure provisioning. Oracle creates and maintains the App Catalog for you.     Check mark
SSO for Custom Applications For custom applications developed using Oracle Cloud services and deployed on Oracle Cloud (PaaS and IaaS), authenticate to Oracle Identity Cloud Service and gain single-click access to these applications.     Check mark
RADIUS Proxy Remote Authentication Dial In User Service (RADIUS) is a network protocol—a system that defines rules and conventions for communication between network devices—for remote user authentication and accounting.     Check mark
Delegated Authentication with Password Writeback Remove the need to synchronize user passwords between an on-premises Microsoft Active Directory enterprise directory structure and Oracle Identity Cloud Service. Users can use their Microsoft Active Directory passwords to sign in to Oracle Identity Cloud Service to access resources and applications protected by Oracle Identity Cloud Service.     Check mark
Linux-PAM Module

Use the Oracle Identity Cloud Service Linux Pluggable Authentication Module (PAM) to integrate your Linux environment with Oracle Identity Cloud Service to facilitate authentication to Linux hosts.

    Check mark
Multi-Factor Authentication (MFA) Enable strong authentication by configuring Multi-Factor Authentication (MFA) during user authentication. Configure device compliance policies and a wide variety of second factors, such as SMS, OTP, push notifications, and knowledge-based questions and answers.

Check mark

(Limited Use - Allowed for the Oracle Cloud Console only; Allowed factors: Mobile app passcode, Mobile app notification, Bypass code, FIDO, and Duo. Also, one additional sign-on policy is allowed to protect the Oracle Cloud Console [Application name - OCI-V2-App-<TenancyName>])

  Check mark
Adaptive Security Analyze contextual, risk, and threat information about the user, device, and network, and provide an intelligent, secure, and user-friendly way of providing access to corporate applications and resources. This also reduces the likelihood of online identity theft and fraud, which secures business applications even if the user’s device or the user’s account password is compromised.     Check mark
Social Authentication Configure one or more social identity providers so that users can log in to Oracle Identity Cloud Service with their social credentials.     Check mark
Advanced User Provisioning and Synchronization for Oracle Cloud Apps Support interactive provisioning to allow administrators to grant entitlements and specify values for application account attributes. Administrators can also synchronize entitlements and other application data from the application into Oracle Identity Cloud Service. In addition to interactive provisioning and synchronization, you can customize the pre-configured provisioning templates in the App Catalog by changing the default attribute mappings for provisioning and synchronization and making configuration changes to them.     Check mark
User Provisioning and Synchronization for Third-Party Cloud Apps Configure provisioning of user accounts to multiple third-party cloud apps, such as Google Suite, Office 365, and so on, from a list of pre-configured provisioning templates in the App Catalog. Enable account synchronization to detect and synchronize any changes made directly on these target applications.     Check mark
Just In Time Provisioning Just in time (JIT) provisioning automates the process of creating user accounts in connected applications. It uses the SAML protocol to provide necessary information from the identity provider (IDP) to the application.     Check mark
EBS Asserter Integrate your Oracle E-Business Suite environment with Oracle Identity Cloud Service for authentication and password management purposes by using a lightweight Java application known as the Oracle E-Business Suite (EBS) Asserter. The right to use Oracle E-Business Suite Asserter also includes the right to use WebLogic Server Enterprise Edition solely for the purposes of running the asserter application in accordance with all terms and conditions as described in the Oracle Fusion Middleware Licensing Information User Manual.     Check mark
Terms of Use Present disclaimers and acceptable use policies, also known as Terms of Use, to your users. Terms of Use helps you set the terms and conditions for your users to access your applications, based on user consent. This feature allows identity domain administrators to set relevant disclaimers for legal or compliance requirements and enforce the terms by refusing the service. You can configure Terms of Use on an application basis and collect consent from users before allowing them access to the application.     Check mark
App Gateway

The Oracle Identity Cloud Service App Gateway is a software appliance that you can use to provide Single Sign-On (SSO) and authorization for your on-premises applications. This enables you to use one appliance to provide SSO for multiple applications by allowing external users to access internal applications securely without the need for a VPN client.

From the App Gateway for Identity Cloud Service application, you can access the documentation for the App Gateway. You can find this application on the Downloads page of the Identity Cloud Service console. To access this page, in the Identity Cloud Service console, expand the Navigation Drawer, click Settings, and then click Downloads.

    Check mark
WebGate

WebGate is a web-server plug-in that Oracle Access Management uses to protect on-premises web applications.

Instead of relying on Oracle Access Manager as an authentication service, WebGate can now interact with Oracle Identity Cloud Service to protect these applications by authenticating users to access the applications. When an unauthenticated user tries to access any applications that are protected by Oracle Identity Cloud Service, the user is redirected to the Sign In page of Oracle Identity Cloud Service for authentication.

    Check mark
Schema Extension If you're creating your own UI, and can't find a schema attribute that you need from the base Oracle Identity Cloud Service schema attributes, then you can add your own custom attributes using the Identity Cloud Service console.     Check mark
Generic SCIM App Template

With this template, you can provision or synchronize users between your applications and Oracle Identity Cloud Service. You can use this template to configure your applications so that the SCIM APIs are exposed, and you don't have to develop a single line of code. All that's required is to go to the App Catalog and search for a SCIM-managed app template. To use this template, you only have to provide your endpoint URL and the details that Oracle Identity Cloud Service requires to connect to your application, and then map the attributes between your application and Oracle Identity Cloud Service.

Using the SCIM template to sync users between Oracle Identity Cloud Service and non-Oracle end points is a paid tier feature.

    Check mark
Generic SCIM App Template

Using the SCIM template to sync users between two Oracle Identity Cloud Service instances.

Check mark    
SMS Messaging

The total SMS message count is a pool based on the total number of users who have enabled MFA with SMS multiplied by the number of messages per user per month.

Enterprise users are limited to 10 messages per user per month.

Consumer users are limited to three messages per user per month.

Any additional SMS messaging used beyond the limit is billed as additional Active users.

     Check mark
Advanced OAuth Capabilities Use advanced capabilities such as Custom Claims, Token Issuance Policies and apply Sign-On Policies to custom OAuth applications to control token issuance.     Check mark
Social Login Enable consumers to access applications using out-of-the-box social providers, define custom social providers (using the metadata-driven declarative providers feature), enable explicit registration and social data capture using Oracle Identity Cloud Service.     Check mark
Provisioning Bridge Use one or more Provisioning Bridges to provision and synchronize identities, groups, and application user accounts with applications with Oracle Identity Cloud Service.     Check mark
Create custom mobile, desktop, and web applications using OAuth 2.0 and OpenID Connect Develop web, desktop and mobile applications using OAuth 2.0 and OpenID Connect to secure APIs and to integrate with API Gateways. Use Custom Claims to enrich claims and policies to control token issuance.     Check mark

API Rate Limits

Understand API rate limits for Active User Per Hour tiers.

Oracle APIs are subject to rate limiting to protect the API service usage for all of Oracle's customers. If you reach the API limit for Foundation, Enterprise, or B2C, then a 429 error code is returned.

This table shows the API rate limits for the different editions.

  Foundation Enterprise B2C
AuthN / sec 50 95 90
AuthN / min 1000 4500 3100
Token Mgmt / sec 40 65 60
Token Mgmt / min 1000 3400 2300
Others / sec (excluding bulk, import and export) 50 90 80
Others / min (excluding bulk, import and export) 1500 5000 4000
Bulk / sec 1 2 2
Bulk / min 2 6 6
Import and export / day 2 5 5