title: System Requirements & Sizing Guide category: Getting Started tags: requirements, hardware, software, sizing, deployment priority: Normal
System Requirements & Sizing Guide
Before deploying IdentityCenter, review the hardware, software, and network requirements below. Proper sizing ensures reliable synchronization performance and a responsive web portal experience, even in large enterprise environments.
Server Requirements
Operating System
IdentityCenter runs on any platform that supports the .NET 8 runtime:
| Operating System | Minimum Version | Notes |
|---|---|---|
| Windows Server | 2019 or later | Recommended for AD-joined deployments |
| Windows 10/11 | 21H2 or later | Development and evaluation only |
| Linux (Ubuntu) | 22.04 LTS | Requires .NET 8 runtime installed |
| Linux (RHEL) | 9.0 or later | Requires .NET 8 runtime installed |
Tip: Windows Server is recommended for production when your primary directory source is Active Directory, because it simplifies service account configuration and Kerberos authentication.
Hardware Sizing
Choose your tier based on the total number of directory objects (users, groups, computers, contacts) you plan to synchronize:
| Tier | Objects | CPU Cores | RAM | Disk | Notes |
|---|---|---|---|---|---|
| Small | Up to 10,000 | 4 | 8 GB | 50 GB SSD | Suitable for single-domain environments |
| Medium | 10,000 - 50,000 | 8 | 16 GB | 100 GB SSD | Most mid-size organizations |
| Large | 50,000 - 200,000 | 16 | 32 GB | 200 GB SSD | Multi-forest, dedicated SQL server recommended |
| Enterprise | 200,000+ | 16+ | 64 GB | 500 GB+ SSD | Multiple app servers with load balancing |
- RAM is the most critical factor. The sync engine holds working sets in memory during bulk upsert operations, and the Blazor Server UI maintains per-session circuits.
- SSD storage is strongly recommended for the database volume. Mechanical disks create I/O bottlenecks during full synchronization runs.
SQL Server Requirements
IdentityCenter stores all identity data, audit logs, and configuration in Microsoft SQL Server.
| SQL Server Edition | Minimum Version | Recommended For |
|---|---|---|
| SQL Server Express | 2019+ | Small environments (< 10,000 objects) |
| SQL Server Standard | 2019+ | Medium and Large environments |
| SQL Server Enterprise | 2019+ | Enterprise environments, Always On AG |
| Azure SQL Database | General Purpose tier | Cloud-hosted deployments |
SQL Server Sizing
| Tier | CPU | RAM | Storage | Edition |
|---|---|---|---|---|
| Small | 2 cores | 4 GB | 20 GB | Express (10 GB limit) |
| Medium | 4 cores | 16 GB | 50 GB | Standard |
| Large | 8 cores | 32 GB | 100 GB | Standard or Enterprise |
| Enterprise | 16+ cores | 64 GB+ | 250 GB+ | Enterprise with Always On |
Note: SQL Server Express has a 10 GB database size limit. For environments approaching 10,000 objects with full audit logging enabled, plan to upgrade to Standard edition.
Database Migration System
IdentityCenter uses an automatic migration system powered by DatabaseMigrationService. Embedded SQL scripts (V001 through V006 and beyond) run on startup to create and update the schema. Migrations are idempotent and safe to re-run. No manual SQL execution is required.
Network Requirements
Port Matrix
The following ports must be open between IdentityCenter and the relevant systems:
| Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
| IdentityCenter | Domain Controllers | 389 | TCP | LDAP queries |
| IdentityCenter | Domain Controllers | 636 | TCP | LDAPS (encrypted LDAP) |
| IdentityCenter | Domain Controllers | 3268 | TCP | Global Catalog (multi-domain) |
| IdentityCenter | Domain Controllers | 3269 | TCP | Global Catalog over SSL |
| IdentityCenter | SQL Server | 1433 | TCP | Database connectivity |
| IdentityCenter | Entra ID (Internet) | 443 | TCP | Microsoft Graph API |
| IdentityCenter | SMTP Server | 25 / 587 | TCP | Email notifications |
| Client Browsers | IdentityCenter | 443 | TCP | Web portal (HTTPS) |
| Client Browsers | IdentityCenter | 80 | TCP | HTTP redirect (optional) |
Tip: If you are using LDAPS (port 636), ensure the domain controller has a valid server authentication certificate installed. See Connection Troubleshooting for certificate guidance.
DNS Requirements
- The IdentityCenter server must be able to resolve domain controller hostnames via DNS.
- If connecting to multiple forests, each forest's DNS zones must be resolvable (either through conditional forwarders or a shared DNS infrastructure).
Browser Support
The IdentityCenter web portal is a Blazor Server application and supports the following browsers:
| Browser | Minimum Version |
|---|---|
| Microsoft Edge (Chromium) | 79+ |
| Google Chrome | 80+ |
| Mozilla Firefox | 78+ |
| Safari | 14+ (macOS only) |
Internet Explorer and legacy Edge are not supported. Mobile browsers on iOS Safari and Android Chrome are supported but the interface is optimized for desktop use.
Service Account Requirements
IdentityCenter requires a service account to connect to each directory source. The permissions depend on the intended operations:
Active Directory Service Account
| Permission Level | Use Case | How to Grant |
|---|---|---|
| Read-only | Synchronization only | Add to "Read all user information" or delegate Read on target OUs |
| Read/Write | Sync + write-back (enable/disable, attribute updates) | Delegate Write on target OUs |
| Password Reset | Self-service password operations | Delegate "Reset Password" on target OUs |
The service account should be:
- A dedicated account (not a personal admin account)
- Set to Password never expires or managed via gMSA
- Not a member of Domain Admins (use least-privilege delegation)
SQL Server Service Account
The application needs db_owner role on the IdentityCenter database to run migrations and manage schema. For day-to-day operations after initial setup, db_datareader and db_datawriter are sufficient, though db_owner is recommended to allow automatic migration execution on upgrades.
.NET 8 Runtime
If you are deploying on a server without the .NET 8 runtime pre-installed, download the ASP.NET Core Runtime 8.x (not just the base runtime) from the official Microsoft download page. The ASP.NET Core runtime is required for the Blazor Server hosting model.
Pre-Deployment Checklist
Use this checklist before beginning installation:
- Server meets minimum hardware requirements for your tier
- Operating system is patched and up to date
- .NET 8 ASP.NET Core runtime is installed
- SQL Server is installed and accessible from the app server
- Service account is created with appropriate AD permissions
- SQL login is created with
db_owneron the target database - Required network ports are open (see port matrix above)
- DNS resolution works from the app server to all domain controllers
- SSL certificate is available for HTTPS on the web portal
- SMTP server details are available for email notifications
Next Steps
- Installation Guide -- Install IdentityCenter on your server
- Quick Start Guide -- Get up and running in minutes
- Quick Config Wizard -- Guided first-run setup
- Upgrading from Previous Versions -- Upgrade an existing deployment
- Connection Troubleshooting -- Resolve connectivity issues