This topic describes the editions and billing of Identity as a Service (IDaaS) Employee Identity Access Management (EIAM) 2.0.
Editions
The following editions of IDaaS EIAM V2.0 are available:
Free Edition: You can use specific identity integration features free of charge to meet basic identity management requirements. For example, you can synchronize accounts and organizations from Active Directory (AD) to IDaaS and enable single sign-on (SSO) for logon to the Resource Access Management (RAM) console.
Enterprise Edition: This edition provides comprehensive identity integration features and a wide range of identity security features. It acts as a central identity hub in the cloud to break down identity silos.
Item | Free Edition | Enterprise Edition |
The maximum number of accounts in an instance | 50 | Subject to the number of paid accounts |
DingTalk as an inbound identity provider (IdP): QR code-based logon and full synchronization | Supported | Supported |
DingTalk as an inbound IdP: features such as SSO, incremental synchronization, and sensitive data synchronization, which is an advanced feature | Not supported | Supported |
AD or Lightweight Directory Access Protocol (LDAP) as an inbound IdP: delegated logon, user filtering, and full synchronization | Supported | Supported |
AD or LDAP as an inbound IdP: features such as logon identifier customization, incremental synchronization, and scheduled verification | Not supported | Supported |
WeCom as an inbound IdP: features such as QR code-based logon, SSO, and data synchronization | Not supported | Supported (A dedicated endpoint is required.) |
OpenID Connect (OIDC)-supported inbound IdP: federated authentication for logon to IDaaS and manual account binding | Supported | Supported |
OIDC-supported inbound IdP: automatic account binding, creation, and updates for integration with IDaaS solutions or applications such as Microsoft Entra ID (formerly Azure AD), Okta, and self-managed Authentication, Authorization, Accounting, and Audit (4A) solutions | Not supported | Supported |
All outbound IdPs: features such as logon and data synchronization | Not supported | Supported for DingTalk (Purchase is required in the future.) |
Grouping and extended fields | Not supported | Supported |
Features such as SSO, data synchronization, and API operations for applications in the application marketplace | Supported only for specific applications | Supported |
Features such as SSO, data synchronization, and API operations for standard applications such as Security Assertion Markup Language (SAML) and OIDC applications or self-developed applications | Not supported | Supported |
The maximum number of applications in an instance | 3 | 1000 |
Logon by using IDaaS accounts and passwords or SMS verification codes | Supported | Supported |
Two-factor authentication by using one-time passwords (OTPs), SMS verification codes, or email verification codes | Supported | Supported |
Two-factor authentication enforcement for logons | Not supported | Supported |
Basic security features such as password complexity requirements and weak password detection | Supported | Supported |
Advanced password management features such as initial password setup, regular password change, password history enforcement, and password reset | Not supported | Supported |
Permissions granted on applications to accounts, organizations, and groups | Supported | Supported |
Branding options such as logos, names, and custom domain names | Not supported | Supported |
Dedicated endpoints for connecting WeCom, AD, or LDAP IdPs over private networks | Not supported | Purchase required |
Service availability commitment and critical incident response | Not guaranteed | Commitment to 99.9% service availability and rapid response to critical incidents |
Consulting services | Ticket | Guaranteed response within 24 hours of ticket submission and 8/5 live support available |
After an Enterprise Edition instance expires, you can no longer use paid features and the instance is automatically downgraded to a Free Edition instance. The data of the instance is not deleted after the instance is downgraded. You can upgrade the instance to the Enterprise Edition to continue using the paid features.
Billing of the number of accounts
IDaaS EIAM 2.0 supports the subscription billing method. You are charged based on the number of accounts in your instance. The unit price decreases as the number of accounts increases. The actual price on the buy page shall prevail. If you have questions, contact technical support in the DingTalk group 33328593.
If the actual number of accounts in an IDaaS instance is greater than or equal to the number of accounts in your instance, new account creation is disabled. However, operations such as user logon and SSO remain unaffected. To enable new account creation, we recommend that you upgrade the specifications of your instance or reduce the number of existing accounts.
Billing of dedicated endpoints
Dedicated endpoints eliminate the need to enable public ports for AD and LDAP data synchronization and delegated authentication. Dedicated endpoints also allow you to connect WeCom IdPs by using a dedicated public IP address. For more information, see Endpoints.
You can purchase a dedicated endpoint quota only if you use an Enterprise Edition instance. The price of a dedicated endpoint is 30% of the total fee for the number of accounts in an Enterprise Edition instance.
If an Enterprise Edition instance is released, the instance is downgraded to a Free Edition instance. In this case, the dedicated endpoint of the Enterprise Edition instance becomes unavailable. The dedicated endpoint is automatically deleted one day after the Enterprise Edition instance is released. After the dedicated endpoint is deleted, resources and data cannot be restored.