NetIQ Identity Manager metric definitions
NetIQ Identity Manager findings live and die by definitions most buyers never had to read closely until an audit. NetIQ Identity Manager metric definitions determine whether you are counted by managed identity, by connected system, or by a user population, and a finding inflates when the broadest reading is applied to a metric the Additional License Authorizations define narrowly.
NetIQ joined the OpenText estate through the Micro Focus acquisition that closed on January 31, 2023, and like most Micro Focus products it is governed by Additional License Authorizations rather than the OpenText EULA. Identity Manager synchronises and governs identities across connected systems, and its licensing can attach to several different units. Which unit governs your entitlement is the first thing to establish, because the same deployment can produce very different numbers under different metrics.
The metrics that can govern Identity Manager
Identity governance products are commonly licensed against one of a few dimensions, and the ALA is where yours is fixed. A managed identity metric counts the identities the platform governs. A connected system metric counts the applications and directories integrated. A user population metric counts the people whose identities are managed. These are not interchangeable, and a finding that applies the dimension producing the largest figure, rather than the dimension in your authorization, is not measuring your license. Settling which metric governs is the threshold step before any count is discussed.
The same Identity Manager deployment can yield wildly different counts depending on whether it is measured by managed identity, connected system, or user population. The ALA fixes which one applies. The finding should be held to that one.
How managed identity counts inflate
Where the metric is managed identities, the count inflates the same way every identity count does. Service accounts, automation identities, disabled and dormant records, test identities, and duplicates across connected systems all sit in the identity store and can be summed as though each were a governed, licensed identity. The corrective is to resolve the store into the set the metric actually defines, using the directory metadata and activity records the buyer controls.
- Service and automation identities. Non human records that exist for integration, not as governed user identities.
- Dormant and disabled records. Identities with no activity in the measurement window.
- Test and non production identities. Records in development and test stores swept into a production count.
- Cross system duplicates. The same person represented in multiple connected systems and counted more than once.
Connected system and population counts
Where the metric is connected systems, the question is what counts as a distinct connected system and whether non production integrations are included. Where it is user population, the question is which population the agreement defines and whether contractors, inactive accounts, and duplicates belong in it. In every case the pattern is the same: the audit reads the metric at its widest, and the defense reads it to the ALA. The interpretation work is where the ALAs earn their reputation as the key trap area across the Micro Focus portfolio.
Reconstruct against the authorization
The four Rs apply directly. Respond by controlling the channel inside the seven day notice window. Reconstruct the effective position by fixing the governing metric from the ALA and resolving the relevant count, whether identities, systems, or population, before any vendor script runs. Rebut the finding line by line on definition and scope. Resolve on terms that convert forward with the metric defined unambiguously so the next measurement starts from a settled definition.
A recent engagement
In a recent engagement an Identity Manager finding had been priced on a managed identity count that included service accounts, test identities, and cross system duplicates, and the governing metric in the ALA was narrower than the count assumed. Reading the metric back to the authorization and resolving the identity store to the defined set corrected the finding without inventing any new facts. The same discipline that resolves an ArcSight identity view applies here, anchored to the specific Identity Manager authorization rather than a generic description.
Settle the definition, then the count
Confirm the governing metric in the ALA, resolve the count it defines, remove non human, dormant, non production, and duplicate records, and hold connected system and population figures to their authorized definitions. Handled in that order, an Identity Manager finding becomes a bounded reconciliation against a document rather than an open argument about who counts.
Why the governing document is the whole argument
With Identity Manager more than most products, the dispute is settled by which document governs and what it says. Because NetIQ came across in the Micro Focus acquisition that closed on January 31, 2023, it is governed by the Additional License Authorizations rather than the OpenText EULA, and the ALAs are where the metric, the unit, and the scope are fixed. A finding that paraphrases the metric in a summary, without quoting the authorization, is inviting the buyer to accept an interpretation. The defensive discipline is to insist on the language of the ALA and to read the count strictly against it. Most of the reduction in an Identity Manager matter comes not from negotiating a number down but from establishing that the metric the audit applied is broader than the metric the buyer actually licensed.
Connected systems are not all distinct
Where the metric counts connected systems, the question of what makes a system distinct is easy to overstate. Multiple integrations to instances of the same application, connectors to development and test copies of a production system, and historical connections left configured after a system was retired can all be counted as separate connected systems when they do not represent distinct licensed integrations. The corrective mirrors the connector work on the ArcSight side: map each connected system to a real, live, distinct target, and remove the duplicates, the non production copies, and the retired connections. A connected system count handled this way reflects the integrations actually in licensed use rather than every connection the platform has ever held open.
Unsure which metric governs your NetIQ Identity Manager license?
We fix the governing metric from the ALA, resolve the count it defines, and reprice the finding against your authorized entitlement. To get a defense team on the file, open a case or download the ArcSight EPS defense briefing.
Get The Number Down →Related field notes
These notes from the ArcSight and Security audit defense cluster cover NetIQ and identity metrics. Each links back to the complete OpenText audit defense playbook for 2026.
- NetIQ identity and access license counting traps
- ArcSight identity views and named user definitions
- ArcSight identity user definitions and consumer counts
- Voltage data protection license metrics explained
- reconciling ArcSight entitlements before an audit
If you have received an OpenText or Micro Focus audit notice, the first seven days shape every week that follows. OpenText Audit Defense is an independent, buyer side practice founded in 2020 by former vendor compliance leadership. We have defended more than 200 audits, cut the average finding by 68 percent, and mitigated more than $90M in claims against vendor positions. We do not resell OpenText software and we are not affiliated with OpenText Corporation. To open a case, use the contact form on this site.