All Products
Search
Document Center

Identity as a Service:Billing

Last Updated:Oct 09, 2024

This topic describes the editions and billing of Identity as a Service (IDaaS) Employee Identity Access Management (EIAM) 2.0.

Editions

The following editions of IDaaS EIAM V2.0 are available:

  • Free Edition: You can use specific identity integration features free of charge to meet basic identity management requirements. For example, you can synchronize accounts and organizations from Active Directory (AD) to IDaaS and enable single sign-on (SSO) for logon to the Resource Access Management (RAM) console.

  • Enterprise Edition: This edition provides comprehensive identity integration features and a wide range of identity security features. It acts as a central identity hub in the cloud to break down identity silos.

Item

Free Edition

Enterprise Edition

The maximum number of accounts in an instance

50

Subject to the number of paid accounts

DingTalk as an inbound identity provider (IdP): QR code-based logon and full synchronization

Supported

Supported

DingTalk as an inbound IdP: features such as SSO, incremental synchronization, and sensitive data synchronization, which is an advanced feature

Not supported

Supported

AD or Lightweight Directory Access Protocol (LDAP) as an inbound IdP: delegated logon, user filtering, and full synchronization

Supported

Supported

AD or LDAP as an inbound IdP: features such as logon identifier customization, incremental synchronization, and scheduled verification

Not supported

Supported

WeCom as an inbound IdP: features such as QR code-based logon, SSO, and data synchronization

Not supported

Supported (A dedicated endpoint is required.)

OpenID Connect (OIDC)-supported inbound IdP: federated authentication for logon to IDaaS and manual account binding

Supported

Supported

OIDC-supported inbound IdP: automatic account binding, creation, and updates for integration with IDaaS solutions or applications such as Microsoft Entra ID (formerly Azure AD), Okta, and self-managed Authentication, Authorization, Accounting, and Audit (4A) solutions

Not supported

Supported

All outbound IdPs: features such as logon and data synchronization

Not supported

Supported for DingTalk (Purchase is required in the future.)

Grouping and extended fields

Not supported

Supported

Features such as SSO, data synchronization, and API operations for applications in the application marketplace

Supported only for specific applications

Supported

Features such as SSO, data synchronization, and API operations for standard applications such as Security Assertion Markup Language (SAML) and OIDC applications or self-developed applications

Not supported

Supported

The maximum number of applications in an instance

3

1000

Logon by using IDaaS accounts and passwords or SMS verification codes

Supported

Supported

Two-factor authentication by using one-time passwords (OTPs), SMS verification codes, or email verification codes

Supported

Supported

Two-factor authentication enforcement for logons

Not supported

Supported

Basic security features such as password complexity requirements and weak password detection

Supported

Supported

Advanced password management features such as initial password setup, regular password change, password history enforcement, and password reset

Not supported

Supported

Permissions granted on applications to accounts, organizations, and groups

Supported

Supported

Branding options such as logos, names, and custom domain names

Not supported

Supported

Dedicated endpoints for connecting WeCom, AD, or LDAP IdPs over private networks

Not supported

Purchase required

Service availability commitment and critical incident response

Not guaranteed

Commitment to 99.9% service availability and rapid response to critical incidents

Consulting services

Ticket

Guaranteed response within 24 hours of ticket submission and 8/5 live support available

Note

After an Enterprise Edition instance expires, you can no longer use paid features and the instance is automatically downgraded to a Free Edition instance. The data of the instance is not deleted after the instance is downgraded. You can upgrade the instance to the Enterprise Edition to continue using the paid features.

Billing of the number of accounts

IDaaS EIAM 2.0 supports the subscription billing method. You are charged based on the number of accounts in your instance. The unit price decreases as the number of accounts increases. The actual price on the buy page shall prevail. If you have questions, contact technical support in the DingTalk group 33328593.

Important

If the actual number of accounts in an IDaaS instance is greater than or equal to the number of accounts in your instance, new account creation is disabled. However, operations such as user logon and SSO remain unaffected. To enable new account creation, we recommend that you upgrade the specifications of your instance or reduce the number of existing accounts.

Billing of dedicated endpoints

Dedicated endpoints eliminate the need to enable public ports for AD and LDAP data synchronization and delegated authentication. Dedicated endpoints also allow you to connect WeCom IdPs by using a dedicated public IP address. For more information, see Endpoints.

You can purchase a dedicated endpoint quota only if you use an Enterprise Edition instance. The price of a dedicated endpoint is 30% of the total fee for the number of accounts in an Enterprise Edition instance.

Important

If an Enterprise Edition instance is released, the instance is downgraded to a Free Edition instance. In this case, the dedicated endpoint of the Enterprise Edition instance becomes unavailable. The dedicated endpoint is automatically deleted one day after the Enterprise Edition instance is released. After the dedicated endpoint is deleted, resources and data cannot be restored.