Oracle IAM Identity Domains
Oracle Corporation
Last verified 2026-05-30 · Reviewed by guptadeepak
Editorial verdict
Oracle merged the standalone IDCS service into OCI IAM Identity Domains; existing IDCS tenants have been migrated and the brand is now 'Oracle IAM Identity Domains'. IDCS authentication methods are being deprecated in OCI services starting April 11, 2026. The platform is the right CIAM choice for existing Oracle Cloud Infrastructure customers and Oracle Fusion Applications deployments where native integration justifies the platform. FedRAMP High plus full enterprise compliance footprint suits regulated workloads on Oracle Cloud. Outside Oracle ecosystem, the DX gap and pricing opacity still make it the wrong answer for greenfield evaluation.
Last verified by @guptadeepak on 2026-05-30.
At a glance
- Best for
- Existing Oracle Cloud Infrastructure customers
- Pricing
- tiered-mau
- Free tier
- None
- Deployment
- cloud-saas, hybrid
- SOC 2 Type II
- Yes
- Passkeys
- Native
- Self-host
- No
- Open source
- No
Funding & business
- Funding model
- Platform division
- Total raised
- None
- Latest round
- None disclosed
- Years in business
- 9 yrs
- Profitable
- Not disclosed
Identity domains inside Oracle Cloud Infrastructure (NYSE: ORCL).
Funding data from primary source. See also the CIAM investor landscape.
Strengths
- Native integration with Oracle Cloud Infrastructure (OCI) and Oracle Fusion Applications.
- FedRAMP High, PCI Level 1, HIPAA, full enterprise compliance footprint.
- Mature Oracle enterprise sales and support model.
- Strong fit for existing Oracle Database and Fusion Apps customers.
Limitations
- DX is dated and reflects classic Oracle enterprise design.
- Outside Oracle ecosystem, the integration story is weak.
- Pricing opacity and Oracle commercial complexity.
- Vendor lock-in via OCI integration is significant once production deployments are live.
Capability matrix
Every vendor scored on the same axes. See the methodology for criteria.
| Password authentication | Yes |
|---|---|
| Social login | Yes |
| Magic links | Yes |
| SMS OTP | Yes |
| Email OTP | Yes |
| TOTP (authenticator app) | Yes |
| Push MFA | Yes |
| WebAuthn / passkeys | Yes |
| Biometric | Yes |
| Hardware security keys | Yes |
| SAML SSO | Yes |
| OIDC SSO | Yes |
| OAuth 2.0 SSO | Yes |
| Enterprise federation | Yes |
| Passwordless-only flows | Yes |
| Adaptive MFA | Yes |
| Step-up auth | Yes |
| RBAC | Yes |
|---|---|
| ABAC | Yes |
| ReBAC | No |
| FGA engine | No |
| API authorization | Yes |
| Fine-grained permissions | Yes |
| Self-service registration | Yes |
|---|---|
| Progressive profiling | Partial |
| Self-service account | Yes |
| Bulk user import | Yes |
| Admin user search | Yes |
| Custom user metadata | Yes |
| Organizations / tenants | Partial |
| Multi-tenancy | Yes |
| REST API | Yes |
|---|---|
| GraphQL API | No |
| SDKs | js, node, java, python, dotnet |
| CLI | Yes |
| Terraform provider | Yes |
| Local emulator | No |
| Extension model | OCI Functions + custom workflows |
| Bot detection | Yes |
|---|---|
| Breached password detection | Yes |
| Brute-force protection | Yes |
| Anomaly detection | Yes |
| Log streams | Yes |
| Audit logs | Yes |
| GDPR data export | Yes |
| PII minimization | Partial |
| Post-quantum roadmap | No |
| MCP support | No |
|---|---|
| OAuth 2.1 | Yes |
| Dynamic client registration | Yes |
| Agent vs human token separation | No |
| Web Bot Auth | No |
| SOC 2 Type II | Yes |
|---|---|
| ISO 27001 | Yes |
| ISO 27018 | Yes |
| HIPAA | Yes |
| PCI DSS | Level 1 |
| GDPR | Yes |
| CCPA | Yes |
| FedRAMP | High |
| EU data residency | Yes |
| Consent management | Partial |
|---|---|
| Preference center | Partial |
| Purpose-specific consent | No |
| Integrates with CMPs | n/a |
Pricing
| 10,000 MAU | Quote required |
|---|---|
| 100,000 MAU | $5,500/mo |
| 500,000 MAU | $18,000/mo |
| 1,000,000 MAU | $32,000/mo |
- Per-user / per-MAU pricing typical for Oracle Cloud services
- Bundled with Oracle Cloud Infrastructure (OCI) deployments
- Strong fit for existing Oracle Database / Fusion Apps / Oracle Cloud customers
Estimates use the standard assumptions in our methodology. Always confirm with the vendor.
Best for
- Existing Oracle Cloud Infrastructure customers
- Oracle Fusion Applications deployments needing federated CIAM
- Public-sector workloads requiring FedRAMP High via Oracle Cloud
Not for
- Greenfield projects without Oracle ecosystem context
- Mid-market SaaS or startups
- Multi-cloud deployments not centered on Oracle
FAQ
- Does Oracle IDCS work outside Oracle Cloud?
- Yes technically, standard protocols (SAML, OIDC, OAuth 2.0) work with any application. But the integration value is materially stronger for existing OCI / Oracle Database / Fusion Apps customers. Greenfield non-Oracle projects rarely choose IDCS over Auth0 or Cognito.
- What's the relationship to Oracle Access Manager (OAM)?
- OAM is the legacy on-prem product (part of Oracle Identity and Access Management Suite); IDCS is the cloud-native successor. Many Oracle enterprise customers run both during migration. Hybrid deployments are common.
- What does Oracle IDCS cost?
- Enterprise quote via Oracle sales. Typically per-user or per-MAU pricing as part of broader OCI commercial agreements; transparency is low and total cost depends heavily on Oracle commercial relationship.
Sources
- Oracle IAM Identity Domains documentationaccessed 2026-05-08
- Oracle Cloud Service Changes (IDCS → Identity Domains migration)accessed 2026-05-08
What Oracle Identity Cloud Service is
Oracle Identity Cloud Service (IDCS) is Oracle's cloud-native CIAM, launched in 2017 as the successor to the legacy Oracle Access Manager. The product runs on Oracle Cloud Infrastructure (OCI) and serves as the identity layer for OCI-deployed applications, Oracle Fusion Applications, and federation with on-prem Oracle deployments. The buyer is typically an existing Oracle enterprise shop where IDCS integration justifies the platform.
Where Oracle IDCS wins
Native integration with OCI and Oracle Fusion Applications. FedRAMP High, PCI DSS Level 1, HIPAA, full enterprise compliance footprint. Mature Oracle enterprise sales and support. Strong fit for existing Oracle Database and Fusion Apps customers.
Where Oracle IDCS hurts
DX trails developer-first tier. Outside Oracle ecosystem the integration story is weak. Pricing opacity and Oracle commercial complexity. Vendor lock-in via OCI integration is significant.
How Oracle IDCS compares
The closest comparisons are Auth0 vs Oracle IDCS and Cognito vs Oracle IDCS for the cloud-native call. For other legacy enterprise CIAM, Ping Identity, ForgeRock, and IBM Security Verify are the peers.
Editorial changelog (1 entry)
Renamed from 'Oracle Identity Cloud Service' to 'Oracle IAM Identity Domains' to reflect Oracle's consolidation of IDCS into OCI IAM. Verdict notes April 11, 2026 deprecation of IDCS authentication methods in OCI services.