Frequently Asked Questions

You do not need a license for development, testing, or trial. Download and use our library from NuGet and get started with trial mode. Start learning with the Duende IdentityServer quickstart tutorials.

Review our licensing packages on our pricing page. We offer a variety of licensing options designed for your architectural and business requirements. Not sure which license is right for you, or require a custom package? Reach out to our team to learn more.

If you are a current IdentityServer4 user, book a free 30-minute IS4 upgrade assessment with our team.

Upgrading is simple and flexible – you can do so at any time. We'll issue a new license for your updated term and ensure you receive prorated credit for the remaining unused time on your existing license.

Obtaining a license is straightforward and can typically be completed within a few business days. Here's where to start:

1. Review our License Plans: Start by visiting our pricing page to explore licensing options and find the right fit for your needs.

2. Request a Quote: Once you've chosen a license, reach out to our Sales Team to request a quote. We'll respond within 1 business day with a quote and instructions to proceed.

3. Confirm Your Order: Review the licensing agreement and sign the quote to confirm your purchase. If your organization uses Purchase Orders, we accept those as confirmation as well.

4. Invoicing & Payment: After your order is confirmed, we'll send an invoice with payment instructions.

5. Get Your License Key: Once payment is received, your license agreement and key will be issued and sent to you via email.

A connected app is any application or service registered with your Duende IdentityServer instance that relies on it for identity, access, or federation. Each connected app has a unique registration that defines how it interacts with IdentityServer and what it is allowed to do.

Connected apps fall into four categories:

1. Interactive applications use OpenID Connect (OIDC) to authenticate users and obtain tokens. These include web apps, native mobile or desktop applications, and SPAs, each identified by its own Client ID.

2. Machine-to-machine clients request access tokens without user interaction, typically using the client credentials grant. Background services, APIs calling other APIs, and MCP clients are common examples.

3. Third-party API consumer that requires a client ID and client secret, typically in a SaaS situation or B2B situation.

4. SAML Service Providers use SAML 2.0 to establish federated trust with IdentityServer acting as the Identity Provider (IdP), enabling single sign-on for apps that rely on SAML-based authentication.

A deployment is a single authority that supports OpenID Connect, OAuth, or SAML, hosted at a single URL. It may span multiple physical or virtual nodes to support load balancing and failover, while still counting as one deployment for licensing purposes.

Trial mode is automatically activated when running Duende IdentityServer in a non-production environment, such as development, test, or QA, without a valid license key. Duende IdentityServer is free to use for development, testing, and personal projects.

For users with a paid license, your production license can also be used in these test environments, if preferred over trial mode. If you have feedback on trial mode or would like to discuss specific use cases, we welcome you to open a community discussion.

Self-hosted means you are running Duende IdentityServer on your own infrastructure - whether that's your own data center or a cloud subscription you own. Standard licenses cover this model but do not permit redistribution to infrastructure owned by your business customers.

Redistribution is a separate license type designed for customers who want to bundle Duende IdentityServer as part of a product that they distribute to customers. A redistribution license covers both self-hosting scenarios (such as SaaS or hosting on behalf of customers) and deploying to a customer's own on-premises or cloud infrastructure, or a combination of both. Note that a redistribution license is tied to a specific product and cannot be used as a general-purpose identity provider for applications outside of that product.

If you plan to ship Duende IdentityServer as part of a product to your customers, you will need a redistribution license.

Licensing terms vary depending on the type of license being purchased. Each license agreement can be accessed from our licenses page.

Full pricing details are available on our pricing page, where you can compare plans and find the option that best fits your organization's needs.

1. Notification: We will email a renewal reminder notice 90 days before your license expires.
2. Action: Please ensure your contact information is up to date so you receive this notice.
3. Support: If you need to update your details or have questions, please contact our operations team.

You can configure the new license before the old license expires. While the expiration timestamp of a license is used to validate that a license is active, the start date is an administrative data point that Duende IdentityServer does not consider in license validation. In other words, you can safely configure the new license before the old one lapses.

See documentation for more details

Lite and Standard Edition licenses are subject to our standardized license agreements, including any additional legal agreements such as mutual NDAs.

Modifications, revisions, and additions to licensing agreements are only considered within our Advanced, Custom, and Redistribution licensing tiers.

If you are currently on or inquiring about a license within one of these included tiers and require adjustments to your agreement, please have your legal representative contact us to discuss.

SOC 2 and ISO 27001 certifications are designed for cloud-hosted vendors that process, transmit, or store customer data, which does not apply to Duende.

Since Duende IdentityServer runs entirely within your own infrastructure, your data never passes through a Duende-managed environment, making these certifications inapplicable in the traditional sense.

Our full security posture and practices are publicly documented at docs.duendesoftware.com/security.

A DPA governs how a vendor handles your data on your behalf. Since Duende IdentityServer operates entirely within your infrastructure and Duende has no access to your systems or data, we do not act as a data processor, and therefore a DPA is not applicable.

Duende does not require access to your confidential information under any circumstances. If your procurement process requires a mutual NDA, Duende can execute its standard mutual NDA upon request.

We offer several resources to help you get up and running with Duende IdentityServer, whether you're just starting out or looking to deepen your knowledge:

1. Duende Software Documentation – Comprehensive reference material covering all features and configuration options.
2. Duende Software Templates – Pre-built project templates to help you get started quickly.
3. Duende Software Quickstarts – Step-by-step guides walking you through common implementation scenarios.
4. Duende Software YouTube – Video tutorials and walkthroughs for a more hands-on learning experience.

Where do I get help?

• GitHub Discussions: Check out our .NET identity community. Questions answered, patterns shared, issues discussed.
• Partner Ecosystem: Find help for implementation, migration, and operations.
• Open Source: Boost your .NET development with key open-source libraries.
• Duende Product Insiders: Early access. Direct collaboration. Shape what ships.
• Developer Support: Your Duende license includes access to our support resources, depending on selected tier.

Our documentation is the best place to start for technical questions, as it covers a wide range of topics and implementation details.

If you can't find what you're looking for, you're welcome to open a discussion in our community or contact us directly. We'll make sure the right team member gets back to you as soon as possible.

Training is one of the most effective ways to build a strong foundation in OpenID Connect, OAuth, SAML, ASP.NET security, and identity architecture. We offer several training sessions to suit different experience levels and goals:

1. OAuth, OpenID Connect, and .NET - The Good Parts
2. Identity & Access Control for Modern Applications and APIs using ASP.NET Core

Visit our training page to learn more about each session and find the right fit for your team. For additional training needs or questions, please contact our Sales Team who can facilitate an introduction to a trusted training partner.

We have a global network of trusted partners that can help you with your identity projects. Explore our partner tools, components & solutions.

For additional expertise needs or questions, please contact our Sales Team who can facilitate an introduction to a trusted partner.