I have a specific question regarding licensing architecture in a Hub-and-Spoke model.
Current Scenario (The Hub):
We currently have a mature Global IdentityIQ instance in production. All our users are already created, active, and fully licensed in this Global environment.
The Project (The Spoke):
We are planning to deploy a Local IdentityIQ instance (Brazil) to manage specific local legacy applications (ERPs, shop floor systems) that are out of the Global scope.
We will use the Global Instance as the Authoritative Source.
We will pull the existing users from Global to Local via SCIM.
The goal is strictly to provide “Sub-management” (RBAC, SoD, Provisioning) for these users on local targets.
The Question:
Since these users are already licensed in the Global Instance and we are referring to the exact same unique individuals:
Does moving them into a Local Instance for sub-management typically trigger a NEW license cost (Double Licensing) for the same person?
Or does the “Unique Identity” licensing model allow us to manage the same user across two instances without paying twice, provided they belong to the same organization?
Any insights on how SailPoint typically handles this “Distributed Governance” model would be helpful before we talk to sales.
There isn’t a “technical” mechanism in IIQ that prevents counting the same person twice across two separate IIQ repositories — licensing is determined by your Enterprise Agreement wording.
In a similar hub/spoke discussion, one team reported they were charged per IGA solution even for the same person, and they still recommended validating with Sales/CSM for the specific contract interpretation.
So the only safe assumption for planning is: treat the Brazil spoke as additional “management” of that population unless SailPoint confirms a single-count “unique identity” model across both IIQ instances for your org, in writing.