Oracle Identity Governance Licensing: Costs, Metrics and Audit Risk Management

What Oracle Identity Governance Does and Why Licensing Is Complex

Oracle Identity Governance is an enterprise identity lifecycle management platform that handles the complete lifecycle of user identities across connected systems. Core capabilities include automated provisioning and de-provisioning of user accounts in target applications, self-service access request workflows with approval routing, role management and segregation of duties (SoD) controls, access certification campaigns for periodic review and recertification, and compliance reporting for SOX, HIPAA, PCI, and other regulatory frameworks.

OIG was historically sold as Oracle Identity Manager (OIM) and rebranded as part of the Oracle Identity Governance Suite, which also includes Oracle Access Manager (OAM) and Oracle Internet Directory (OID) as complementary components. The product has been deployed at large financial institutions, healthcare organisations, government agencies, and multinational enterprises where regulated access control and auditable provisioning are mandatory.

Licensing complexity arises from three sources: the choice between Processor and Named User Plus metric and the different cost trajectories they create; the interaction between OIG licences and licences for dependent Oracle middleware components; and the connector licensing model that governs which target applications OIG can provision.

OIG Licensing Metrics: Processor vs Named User Plus

Processor Metric for OIG

The Processor metric licences OIG based on the server cores running the OIG software, adjusted by Oracle's Core Factor Table. For Intel Xeon servers (core factor 0.5), a 16-core server requires 8 processor licences. For IBM Power servers (core factor 1.0), the same 16-core server requires 16 processor licences.

Oracle Identity Governance Processor list price is approximately $180,000 per processor. Annual Oracle Support is 22% of net licence value at the time of purchase. Oracle contractually reserves the right to increase support fees by 8% per year — meaning a $180,000 processor licence purchased today generates approximately $39,600 in Year 1 support, rising to $42,768 in Year 2, $46,190 in Year 3, and $71,280 by Year 10.

Processor licensing is metric-independent of user count, which makes it the preferred metric for organisations with large or growing managed populations, external user provisioning scenarios, or environments where identifying every authorised user is operationally complex. Once the Processor licences cover the server infrastructure, deploying additional users incurs no incremental licence cost.

Named User Plus Metric for OIG

Named User Plus licences every unique individual whose identity is managed by OIG, whether they actively use the system or are simply provisioned accounts maintained within the OIG repository. Oracle's definition explicitly includes employees, contractors, partners, customers, service accounts, and any other entity with an identity record in OIG.

Oracle Identity Governance NUP list price is approximately $3,600 per user. Oracle enforces a minimum of 10 Named User Plus licences per processor. The breakeven between NUP and Processor metrics falls at approximately 50 users per licensed core. Below that ratio, NUP produces lower total cost. Above it, Processor licensing is more economical.

The fundamental challenge with NUP licensing for OIG is that the managed identity population frequently far exceeds what procurement teams anticipate. Every contractor identity, every partner account, every service account, and every historical user record that has not been properly terminated contributes to the NUP obligation. Organisations with mature identity hygiene practices and disciplined de-provisioning processes can manage NUP counts effectively; organisations without them face escalating compliance exposure.

Oracle Identity Governance Suite and Connector Licensing

Oracle Identity Governance does not provision users to target applications out of the box. Each target application requires a connector — a software adapter that implements the provisioning protocol for that application. Oracle licenses connectors through the Oracle Identity Governance Suite and through standalone connector products.

OIG Suite Licences

Oracle offers OIG in suite configurations that bundle the base OIG product with a defined set of connectors and components. The Oracle Identity Governance Suite (or Oracle Identity and Access Management Suite) bundles OIG with Oracle Access Manager, Oracle Internet Directory, and a set of Oracle-branded connectors for Oracle applications including Oracle E-Business Suite, Oracle Database, and Oracle LDAP targets.

Suite pricing is based on the Processor metric for the OIG runtime server, with the bundled connectors included. Organisations that only need OIG for Oracle application provisioning and use Oracle's directory infrastructure typically find suite licensing more economical than assembling individual product licences.

Third-Party Application Connectors

Provisioning to non-Oracle applications — Active Directory, SAP, Salesforce, ServiceNow, Workday, custom applications — requires separate connector licences or extended suite licences. Third-party connectors are licensed per connector or as part of connector packs, with the cost structure depending on the specific connector and whether it is Oracle-developed or from Oracle's certified connector library.

A common audit finding is organisations that have deployed OIG connectors for Active Directory, SAP HR, or SaaS applications under the assumption that the base OIG licence covers all provisioning targets. It does not. Each connector deployment must be evaluated against the licence terms, and non-bundled connectors require separate procurement.

Oracle WebLogic and Database Dependency Licences

Oracle Identity Governance requires Oracle WebLogic Server as the application server runtime and Oracle Database as the persistent data store. These dependencies create additional licence obligations that must be held separately from the OIG product licence itself.

WebLogic Server Requirement

OIG is deployed on Oracle WebLogic Server (Standard, Enterprise, or Suite edition depending on OIG version). WebLogic Server is licensed per Processor at approximately $25,000 per processor for Standard Edition or $50,000 per processor for Enterprise Edition at list price. The Processor count for WebLogic covers the server(s) running the OIG application tier — typically two servers for high availability deployments.

Organisations frequently discover during Oracle audits that they hold OIG licences but have not separately licensed the WebLogic Server runtime. This creates a compound compliance gap where the OIG licence is insufficient without the WebLogic foundation.

Oracle Database Requirement

OIG stores its identity repository in an Oracle Database instance. Oracle Database Enterprise Edition is required for OIG deployments in production environments. The Database processor licence obligation covers the cores in the server running the OIG database — typically a separate database server from the OIG application tier. At list price, Oracle Database Enterprise Edition is $47,500 per processor.

Organisations using an existing Oracle Database licence to serve both OIG and other applications need to verify that the licence count for the database server covers the total processor obligation, not just the OIG workload allocation.

OIG Support Cost Escalation

Oracle Identity Governance support costs follow Oracle's standard model: 22% of net licence value annually, with the contractual right to increase by 8% per year. For a mid-market OIG deployment with 10 processor licences at discounted prices of $80,000 each (a common starting point for negotiated enterprise pricing), Year 1 support is approximately $176,000. With 8% annual increases, that obligation reaches $190,000 in Year 2, $205,000 in Year 3, and $318,000 by Year 10.

When WebLogic and Oracle Database support costs are added to the OIG support obligation, the total annual support spend for a complete OIG deployment can exceed $400,000 to $600,000 for large enterprises — before any new licence purchases. Over a 10-year period, total support spend on an unchanged OIG estate can reach $5 million to $8 million.

Organisations evaluating cloud IAM migration — Oracle Identity Cloud Service (IDCS), Microsoft Entra ID Governance, or third-party IGA platforms — should model the support cost avoidance from retiring on-premises OIG as part of the total cost of ownership comparison. The cumulative support savings can frequently justify the migration investment within three to four years.

Common Oracle Audit Findings for OIG

Managed Identity Count Exceeds NUP Licences: The most common finding is organisations with OIG NUP licences whose managed identity count in the OIG repository significantly exceeds the number of licences held. Every entry in the OIG user store — regardless of account status, activity level, or business justification — is a Named User for Oracle's purposes until demonstrated otherwise.

Connector Deployments Without Licences: Third-party connectors deployed for Active Directory, SAP, or SaaS provisioning without separate connector licences create standalone audit findings independent of the OIG product licence position.

Missing WebLogic or Database Licences: OIG deployments where the WebLogic Server or Oracle Database runtime licences are not separately held create compound compliance gaps. Oracle auditors examine the complete software stack, not just the named Oracle Identity Governance product.

OIG Used Beyond Licensed Scope: Organisations that extend OIG to provision non-Oracle applications beyond the connector coverage included in their OIG suite licence — or that use OIG as a general-purpose identity platform beyond its originally licensed deployment scope — create use-case expansion findings that Oracle treats as requiring additional licence purchases.

Strategies for Oracle OIG Licence Optimisation

Audit Your OIG Identity Repository: Extract the actual count of managed identities from the OIG user store — including inactive accounts, contractor records, service accounts, and historical entries — and compare against held NUP licences. Implement a de-provisioning policy that removes terminated identities from OIG within a defined timeframe to prevent licence count inflation.

Evaluate Metric Conversion at Renewal: If your OIG managed population has grown beyond the economic breakeven for NUP licensing, evaluate converting to Processor metric at the next Oracle Support renewal. Processor licences eliminate per-user licence tracking and provide commercial headroom for population growth without incremental licence cost.

Verify Connector Licence Coverage: Audit all OIG connector deployments against the connector licences held or bundled in your OIG suite licence. Any unlicensed connector deployment should be remediated before an Oracle LMS review identifies it.

Challenge the 8% Support Uplift Annually: At every Oracle Support renewal, engage Oracle commercially with an alternative support strategy or migration timeline. Oracle will concede the 8% uplift when faced with credible competitive pressure from alternative IGA platforms or Oracle Identity Cloud Service migration planning.

Model Cloud IGA Migration TCO: Oracle Identity Cloud Service (IDCS) and Oracle's SaaS identity governance offerings provide subscription-based alternatives to on-premises OIG. Compare the total cost of cloud migration — including Oracle's BYOL migration incentives, subscription pricing, and implementation costs — against the projected 10-year cost of maintaining the on-premises OIG estate.