Oracle Middleware Licensing

Oracle Identity and Access Management Licensing Explained

Oracle Identity and Access Management Licensing:

  • User-Based or Processor-Based: Choose between Named User Plus (NUP) or processor-based licensing.
  • Component-Specific Costs: Each IAM component has distinct pricing.
  • Compliance Focus: Ensure correct licensing to avoid non-compliance risks.
  • Restricted Use Licenses: Be aware of limitations on deployment.
  • Cloud & Hybrid Options: License for cloud or hybrid environments with BYOL.

Oracle IAM Suite Components

Oracle IAM Suite Components

List of Components:
The Oracle Identity and Access Management (IAM) suite is a comprehensive set of products designed to help organizations manage user identities, enforce access controls, and ensure regulatory compliance.

The key components within the Oracle IAM suite include:

  • Oracle Identity Manager (OIM): OIM is a robust solution for managing user identities across various applications and systems. It automates user provisioning and de-provisioning, helping organizations maintain a secure and compliant identity lifecycle.
  • Oracle Access Manager (OAM): OAM provides centralized authentication, single sign-on (SSO), and authorization services. It ensures secure access to web applications and enterprise systems, offering a seamless user experience while maintaining strong security controls.
  • Oracle Identity Governance (OIG): OIG is designed to manage and govern user identities and their associated access rights. It helps organizations meet regulatory requirements by providing comprehensive reporting, access certification, and audit capabilities.
  • Oracle Unified Directory (OUD): OUD is an optimized directory service solution that provides scalable and high-performance data storage for identity information. It supports LDAP and RESTful interfaces, making it versatile for different identity management needs.
  • Oracle Identity Cloud Service (IDCS): IDCS is a cloud-based identity management solution that provides identity as a service (IDaaS). It offers features like identity lifecycle management, access management, and secure SSO for cloud and on-premises applications.

Functionality of Each Component:
Each component of the Oracle IAM suite plays a critical role in the broader identity and access management ecosystem:

  • Oracle Identity Manager (OIM): Automates and manages the entire identity lifecycle, from onboarding new users to revoking access when necessary. It integrates with various enterprise systems to ensure consistent and secure identity management.
  • Oracle Access Manager (OAM): Acts as a gatekeeper, ensuring that only authenticated and authorized users gain access to sensitive applications and data. It also enables SSO, reducing the need for users to remember multiple passwords.
  • Oracle Identity Governance (OIG) provides oversight and governance of user access rights, ensuring appropriate access and compliance with internal policies and external regulations. It offers tools for auditing and certifying access regularly.
  • Oracle Unified Directory (OUD) is the backbone for storing and managing identity data. It ensures that identity-related information is readily available and can be accessed securely and efficiently.
  • Oracle Identity Cloud Service (IDCS): Bridges the gap between on-premises and cloud environments, providing a unified identity management solution that extends across hybrid infrastructures. It facilitates secure and compliant identity management in the cloud.

Oracle IAM License Metrics

Oracle IAM License Metrics

User-Based Licensing:
Oracle IAM products can be licensed based on the Named User Plus (NUP) model.

This licensing model charges based on the number of distinct users who access the Oracle IAM system.

Here are the key points:

  • Minimums: Each Oracle IAM product requires a minimum number of NUP licenses to be purchased. For example, a specific IAM component may require a minimum of 25 users per processor.
  • Calculation: To determine the total number of NUP licenses needed, count all unique users, including internal employees, contractors, and external partners who access the system.

Processor-Based Licensing:
Processor-based licensing is another option particularly useful for organizations with many users or dynamic user bases, where counting individual users is challenging.

Key aspects include:

  • Core Factor Table: Oracle uses a core factor table to determine the number of licenses required based on the type of processors used. The number of processor licenses is calculated by multiplying the number of cores by a factor specified in Oracle’s core factor table.
  • Applicability: This licensing model is ideal for larger deployments or when user numbers fluctuate significantly, making NUP licensing less practical.

Perpetual vs. Subscription Licensing:
Oracle IAM products can be licensed either on a perpetual or subscription basis, each with its benefits:

  • Perpetual Licensing: This traditional model allows organizations to purchase the software outright, with a one-time fee. The license is perpetual, meaning it never expires. However, ongoing support and updates require an annual fee, typically 22% of the license cost.

Oracle IAM Products on the Price List

Oracle IAM Products on the Price List

Oracle Identity Manager (OIM):

  • Overview of OIM’s Role in Identity Lifecycle Management:
    Oracle Identity Manager (OIM) is a comprehensive identity management solution designed to manage the entire lifecycle of user identities across various systems and applications within an organization. OIM automates user provisioning, de-provisioning, role management, and access requests, ensuring users have access at the right time.
  • Licensing Options and Cost per License:
    OIM can be licensed per user using the Named User Plus (NUP) model or on a processor basis. The cost per NUP license typically starts at around $800, with a minimum purchase requirement that depends on the specific deployment. Processor-based licensing uses Oracle’s core factor calculation, with the cost generally starting at approximately $60,000 per processor.

Oracle Access Manager (OAM):

  • Overview of OAM’s Role in Secure Access Control and Single Sign-On (SSO):
    Oracle Access Manager (OAM) provides centralized authentication, policy enforcement, and single sign-on (SSO) capabilities for web applications and enterprise systems. It ensures secure resource access by verifying user identities and enforcing access policies. OAM is essential for organizations that streamline user access while maintaining strong security controls.
  • Licensing Options and Cost per License:
    OAM is available under the Named User Plus (NUP) and processor-based licensing models like OIM. The cost per NUP license typically starts at around $900, with processor licensing starting at approximately $70,000 per processor. These prices may vary based on deployment size and customization needs.

Oracle Identity Governance (OIG):

  • Overview of OIG’s Role in Ensuring Compliance and Governance Over Identities:
    Oracle Identity Governance (OIG) focuses on managing and governing user access rights across the enterprise. It helps organizations comply with regulations by providing tools for access certification, audit reporting, and segregation of duties (SoD) enforcement. OIG ensures that user access is continuously reviewed and certified, reducing the risk of unauthorized access.
  • Licensing Options and Cost per License:
    OIG licensing is typically offered per user (NUP) or processor. NUP licenses generally start at around $850 per user, while processor licenses begin at approximately $65,000 per processor. These prices include core governance functionalities but may vary depending on additional features or integration needs.

Oracle Unified Directory (OUD):

  • Overview of OUD’s Role in Directory Services and Data Replication:
    Oracle Unified Directory (OUD) is a scalable, high-performance directory service that manages identity data. OUD supports LDAP and RESTful interfaces, making it versatile for various identity management needs. It is particularly useful for organizations requiring high availability, data replication, and synchronization across distributed environments.
  • Licensing Options and Cost per License:
    OUD is typically licensed per user or per processor. The cost per NUP license is generally around $700, while processor licensing starts at approximately $55,000 per processor. These costs can vary depending on the specific features and deployment configurations required.

Oracle Identity Cloud Service (IDCS):

  • Overview of IDCS as a Cloud-Based Identity Management Solution:
    Oracle Identity Cloud Service (IDCS) is a cloud-native identity management solution that provides identity as a service (IDaaS). IDCS offers features such as identity lifecycle management, access management, and secure single sign-on for cloud and on-premises applications. It integrates seamlessly with other Oracle cloud services, offering a unified platform for managing identities across hybrid environments.
  • Licensing Options and Cost per License:
    IDCS is generally licensed on a subscription basis, with costs depending on the number of users and the specific service tier. Pricing typically starts at around $3 per user per month for the basic service tier, with more advanced tiers costing upwards of $10 per user per month. The subscription model provides flexibility, allowing organizations to scale their licensing according to their needs.

Cost Breakdown for Oracle IAM Products

Cost Breakdown for Oracle IAM Products

Pricing Structure:

  • Per-User Licensing (Named User Plus):
    • Oracle Identity Manager (OIM): Approximately $800 per NUP license.
    • Oracle Access Manager (OAM): Approximately $900 per NUP license.
    • Oracle Identity Governance (OIG): Approximately $850 per NUP license.
    • Oracle Unified Directory (OUD): Approximately $700 per NUP license.
    • Oracle Identity Cloud Service (IDCS): Starting at $3 per user per month, depending on the service tier.
  • Per-Processor Licensing:
    • Oracle Identity Manager (OIM): Approximately $60,000 per processor.
    • Oracle Access Manager (OAM): Approximately $70,000 per processor.
    • Oracle Identity Governance (OIG): Approximately $65,000 per processor.
    • Oracle Unified Directory (OUD): Approximately $55,000 per processor.

Additional Costs:

  • Support and Maintenance Fees: Support and maintenance fees are typically 22% of the annual license cost. This fee covers software updates, patches, and access to Oracle’s support services.
  • Integration and Customization Costs: Depending on the complexity of the deployment, organizations may incur additional costs for integrating Oracle IAM products with existing systems and customizing them to meet specific business needs.

Discounts and Negotiations:

  • Volume Discounts: Oracle often provides volume discounts for larger purchases, particularly when licensing multiple products or large user bases. Organizations should negotiate these discounts to reduce overall costs.
  • Bundled Package Deals: Bundling multiple Oracle IAM components or including them as part of a broader Oracle technology stack can result in significant savings. Exploring these options with Oracle representatives during the negotiation process is advisable.
  • Long-Term Agreements: Committing to longer-term contracts can sometimes lead to better pricing and more favorable terms. However, balancing this with the flexibility needed to adapt to changing business requirements is essential.

Restricted Use Licensing for Oracle IAM

Restricted Use Licensing for Oracle IAM

Definition of Restricted Use: Restricted use licenses allow organizations to use Oracle software with certain limitations compared to full-use licenses.

These restrictions might include limitations on the deployment environment, specific functionalities, or integration with other Oracle products.

Restricted-use licenses typically cost less but come with stringent conditions that must be adhered to to remain compliant.

Examples of Restricted Use in IAM:

  • Oracle Identity Manager (OIM): In some cases, OIM might be licensed for restricted use in managing identities only within specific applications or environments rather than across the entire enterprise. For example, a restricted use license might allow OIM to manage identities solely within an Oracle Cloud environment but not for on-premises systems.
  • Oracle Access Manager (OAM): A restricted use license for OAM might limit its usage to specific web applications or services. For instance, OAM could be restricted to providing single sign-on (SSO) capabilities for a set of internal applications without extending those capabilities to external or third-party applications.
  • Oracle Unified Directory (OUD): OUD could be licensed for restricted use where it only serves as a directory service for a particular set of applications or specific types of data, such as user authentication data, rather than being deployed as a general-purpose directory across the organization.

Compliance Risks with Restricted Use: Restricted use licenses carry inherent compliance risks if the terms of the license are not carefully managed and followed. Common compliance risks include:

  • Unintended Expansion of Usage: An organization might start using the IAM product beyond the scope of the restricted use license, either by adding more applications or users than allowed or by deploying the software in environments not covered by the license.
  • Integration Violations: Integrating IAM components with other systems or applications outside the scope of the restricted license could lead to non-compliance. For example, using OAM’s SSO functionality for non-authorized applications or extending OIM’s identity management to additional systems without proper licensing.
  • Audit Vulnerabilities: Oracle audits could uncover usage that exceeds the restricted use terms, leading to penalties, the need to purchase additional licenses, or both. Ensuring all stakeholders understand and adhere to the restrictions is crucial for avoiding these pitfalls.

Licensing Considerations for Specific Scenarios

Licensing Considerations for Specific Scenarios

Cloud Deployments:

  • BYOL (Bring Your Own License) Options: Oracle IAM components can be deployed under the BYOL model in cloud environments. This allows organizations to leverage their existing on-premises licenses in the cloud. When using BYOL, it’s essential to ensure that the licenses cover cloud deployments and that usage metrics (such as processors or users) are correctly accounted for in the cloud environment.
  • Cloud-Specific Licensing Models: Oracle also offers cloud-specific licensing models that may be more flexible than traditional licenses. These models are often subscription-based and can be scaled up or down based on usage, providing cost efficiency in dynamic cloud environments. However, it is important to evaluate whether the cloud-specific licenses align with the organization’s long-term IT strategy and usage patterns.

Common Licensing Pitfalls and Compliance Issues

Over-Licensing and Under-Licensing:

  • Over-Licensing: Over-licensing occurs when organizations purchase more licenses than they need. This often happens due to a lack of proper assessment of actual usage or a tendency to overestimate future requirements. To avoid over-licensing, thoroughly assess your current and projected usage needs. Regularly review your license inventory to ensure that it aligns with actual usage, and consider whether certain licenses can be scaled back or reallocated within the organization.
  • Under-Licensing: Under-licensing, on the other hand, happens when an organization uses more Oracle IAM products than they have licenses for, which can lead to serious compliance issues and costly penalties. To prevent under-licensing, maintain a robust tracking system for all IAM deployments and regularly compare this data with your current license entitlements. Educating IT and procurement teams about the licensing requirements is crucial to prevent accidental overuse.

License Audits:

  • What to Expect During an Oracle IAM License Audit: Oracle regularly conducts license audits to ensure customers comply with their licensing agreements. During an audit, Oracle may request detailed information on your deployment of IAM products, including user counts, processor usage, and the environments in which the products are deployed. They might also use their License Management Services (LMS) tools to analyze your software usage.
  • How to Prepare for an Audit: To prepare for an Oracle IAM license audit, ensure that all licensing documentation is up-to-date and easily accessible. Regularly conduct internal audits to verify your usage aligns with your purchased licenses. Implement a system for monitoring and reporting usage that can provide accurate data during an audit. Being proactive and transparent during the audit process can help mitigate potential compliance issues.

Unintentional Non-Compliance:

  • Common Scenarios Leading to Non-Compliance: Non-compliance can occur unintentionally in various scenarios, such as when an organization expands its IAM usage without purchasing additional licenses, integrates IAM products into new environments without adjusting the license count, or exceeds user or processor counts due to organic growth. Another common issue is misinterpreting the terms of restricted-use licenses, leading to unauthorized deployments or integrations.
  • How to Mitigate These Risks: Establish clear internal processes for tracking and managing licenses. Regularly train IT and operations staff on the specific licensing requirements of Oracle IAM products to ensure that all deployments and expansions are properly licensed. Implementing automated tools that track software usage and provide alerts when thresholds are approached can also help prevent non-compliance.

Optimizing Oracle IAM Licensing

Optimizing Oracle IAM Licensing

License Management Best Practices:

  • Regular Audits and Usage Tracking: Regular internal audits of your Oracle IAM usage are critical for maintaining compliance and optimizing license use. Use tools that can track and report on the deployment and utilization of IAM components across your organization. Keeping detailed records of your software usage and license inventory allows you to identify and address discrepancies early before they become compliance issues.
  • Centralized License Management: Implementing a centralized system for managing all Oracle IAM licenses can help streamline the process of tracking, allocating, and renewing licenses. This system should include clear procedures for requesting, approving, and deploying new licenses and decommissioning unused licenses. Centralized management also makes it easier to keep track of compliance across different departments or business units.

Cost Optimization Tips:

  • Choosing the Right Licensing Model: Evaluate whether your current licensing model (e.g., per-user, per-processor) is the most cost-effective for your needs. For example, a per-user model might be more economical if your organization has many users but relatively few processors. Conversely, a processor-based model may offer better value if your usage is processor-intensive.
  • Avoiding Unnecessary Components: Review the components in your IAM suite to ensure you are not paying for features you don’t need. For instance, if you’re not utilizing certain advanced features or integrations, consider whether a simpler or less expensive software version might meet your needs.
  • Leveraging Volume Discounts and Bundling: Negotiate volume discounts with Oracle, especially if your organization anticipates growing its IAM usage. Bundling IAM products with other Oracle products or services can also save costs. Always negotiate with a clear understanding of your current and future needs to secure the best possible deal.

FAQs

What is Oracle Identity and Access Management (IAM) Licensing?
Oracle IAM licensing involves purchasing the necessary licenses for various Oracle IAM products, such as Oracle Identity Manager and Oracle Access Manager. These licenses can be user-based or processor-based.

How is Oracle IAM licensed?
Oracle IAM products can be licensed by Named User Plus (NUP) or processors. NUP is based on the number of users, while processor licensing is based on the hardware running the software.

What is the difference between Named User Plus and processor-based licensing?
Named User Plus (NUP) licensing is calculated based on the number of users who access the software, while processor-based licensing is based on the number of processor cores used by the software.

Can Oracle IAM products be deployed in the cloud?
Yes, Oracle IAM products can be deployed in cloud environments. You can use Bring Your Own License (BYOL) options for cloud deployments.

What are restricted-use licenses in Oracle IAM?
Restricted-use licenses allow limited use of specific IAM components, often tied to specific functions or environments. They are not as flexible as full-use licenses.

How do I calculate the number of licenses needed for Oracle IAM?
For Named User Plus, count each user who accesses the system. Use Oracle’s core factor table to calculate the required licenses based on your hardware configuration for processor-based licensing.

What is the minimum number of users required for NUP licensing?
The number of users required for NUP licensing varies depending on the Oracle IAM product. It’s important to check Oracle’s licensing documentation for each product.

Are there any additional costs associated with Oracle IAM licensing?
Yes, additional costs can include support and maintenance fees, typically a percentage of the license cost. These costs should be factored into your overall budget.

How can I optimize Oracle IAM licensing costs?
Regularly audit your usage, ensure you’re using the appropriate licensing model, and consider whether any licenses can be consolidated or retired. Negotiating with Oracle for better terms is also an option.

What should I expect during an Oracle IAM license audit?
During an Oracle IAM license audit, Oracle will review your deployment and usage of IAM products to ensure compliance with licensing agreements. You should be prepared to provide detailed usage data.

What are some common compliance issues with Oracle IAM licensing?
Common issues include under-licensing, where more users or processors are used than licensed, and over-licensing, where you pay for more licenses than needed. Both can lead to financial and operational risks.

Can I negotiate Oracle IAM licensing terms?
Oracle IAM licensing terms, including pricing and user minimums, can often be negotiated, especially for large deployments or renewals.

Author
  • Fredrik Filipsson brings two decades of Oracle license management experience, including a nine-year tenure at Oracle and 11 years in Oracle license consulting. His expertise extends across leading IT corporations like IBM, enriching his profile with a broad spectrum of software and cloud projects. Filipsson's proficiency encompasses IBM, SAP, Microsoft, and Salesforce platforms, alongside significant involvement in Microsoft Copilot and AI initiatives, improving organizational efficiency.

    View all posts