SaaS unification of NetIQ capabilities
Identity lifecycle, federation, MFA, and governance unified into one SaaS surface. Programs running standalone NetIQ products get the unification benefit.
OpenText • Identity and access management
OpenText Core Identity Foundation
Core Identity Foundation is the SaaS IAM bundle for cloud-first programs ready to leave NetIQ on-prem behind. It unifies identity lifecycle, federation, MFA, and governance into one SaaS surface, with the modernization path from legacy NetIQ deployments designed in.
Programs modernizing off NetIQ on-prem onto SaaS IAM do it through Merito, with capability-area sequencing (federation first, MFA next, lifecycle and governance last) and cloud-native operating-model redesign so the migration moves the program forward rather than copying old patterns into SaaS.
- Best for
- IAM leaders modernizing off legacy NetIQ on-prem onto SaaS IAM, Cloud-first identity architects building greenfield IAM, CISOs evaluating consolidation onto OpenText SaaS IAM versus Okta or Microsoft Entra
- Hosting
- SaaS
- Time to value
- First identity flow live in four to eight weeks. Modernization off legacy NetIQ in eight to sixteen weeks per capability area. Enterprise rollout typically runs six to eighteen months.
- Security posture
- GDPR, HIPAA-aligned design, PCI DSS-aligned design
- Last reviewed
- 2026-04-26
What it is
OpenText Core Identity Foundation in the enterprise stack
Core Identity Foundation is the SaaS IAM bundle inside the OpenText IAM line. It unifies the capabilities the standalone NetIQ products (Identity Manager, Access Manager, Identity Governance, Advanced Authentication) cover into one SaaS-first surface for cloud-native programs. Customers running standalone NetIQ products on-premises modernize onto Core Identity Foundation when constraints relax; net-new programs adopt Core Identity Foundation directly as the SaaS-shaped option.
The strategic SaaS direction is the load-bearing positioning. NetIQ products remain the on-prem and hybrid backbone for regulated programs that cannot adopt SaaS IAM, but OpenText's strategic IAM direction is SaaS-first through Core Identity Foundation. Programs picking Core Identity Foundation are picking the cloud-native modernization path; programs picking standalone NetIQ products are picking the regulated and on-prem operational shape. Both paths are valid and Merito designs the right one per program.
Modernization off legacy NetIQ on-prem is the most common engagement. Programs running NetIQ Identity Manager for provisioning, NetIQ Access Manager for SSO, NetIQ Privileged Account Manager for PAM, and NetIQ Identity Governance for access reviews on-premises typically end up with multiple operating models, multiple integration patterns, and substantial run cost. Core Identity Foundation unifies the capabilities in SaaS. Merito treats the move as a chance to refresh provisioning patterns, federation policy, and governance cadence rather than a license-swap exercise.
What kills Core Identity Foundation adoption is treating the SaaS migration as identical to the on-prem deployment. The on-prem NetIQ model assumes deep customization and custom connector authoring; the SaaS Core Identity Foundation model assumes more standardized integration and SaaS-shaped operations. Programs that lift-and-shift the on-prem operating model into SaaS get NetIQ-shaped operations rather than Core Identity Foundation-shaped operations. Merito's engagement redesigns the operating model rather than copying it.
Ideal use cases
- Modernizing off legacy NetIQ on-prem onto SaaS-unified Core Identity Foundation
- Net-new cloud-first programs adopting SaaS IAM with NetIQ depth
- Consolidating multiple NetIQ subscriptions onto one Core Identity Foundation
- Hybrid programs running Core Identity Foundation in SaaS plus on-prem NetIQ where regulatory constraints require it
- Regulated SaaS IAM evidence under SOC 2, FedRAMP, HIPAA
What it is best at
Where OpenText Core Identity Foundation earns its seat
Modernization path designed in
Legacy NetIQ Identity Manager, Access Manager, Identity Governance, Advanced Authentication migrate to Core Identity Foundation as the strategic OpenText SaaS direction.
Cloud-native operations
No on-prem IAM tax. Programs cut over from NetIQ on-prem to SaaS-shaped operations with continuous integration and standardized patterns.
Regulated SaaS posture
FedRAMP-aligned editions where applicable, SOC 2 Type II, ISO 27001 + 27017 + 27018, HIPAA-aligned design.
Hybrid co-existence with on-prem NetIQ
Programs running Core Identity Foundation in SaaS plus on-prem NetIQ for regulated workloads get one identity policy across both deployment shapes.
Core capabilities
OpenText Core Identity Foundation capabilities, grouped by outcome
Unified SaaS IAM
What Core Identity Foundation actually delivers as a SaaS-unified bundle.
SaaS identity lifecycle
Cloud-native joiner-mover-leaver provisioning with HR-system integration.
SaaS federation and SSO
SaaS-deployed SSO and federation across SAML, OAuth, OIDC.
SaaS MFA and adaptive authentication
FIDO2, passwordless, and risk-based MFA in the SaaS bundle.
SaaS access reviews
Cloud-native access-review cadence with audit-evidence packaging.
Modernization path
How NetIQ on-prem programs migrate to Core Identity Foundation.
NetIQ Identity Manager modernization
Provisioning patterns, role models, and HR-driven flows migrated to SaaS.
NetIQ Access Manager modernization
Federation policy and SSO flows migrated to SaaS.
NetIQ Identity Governance modernization
Access-review cadence and SOD policy migrated to SaaS.
Hybrid co-existence
Programs running mixed SaaS and on-prem deployments share identity policy across both shapes.
Operations and integration
Core Identity Foundation inside the cloud-native operating model.
OpenText Cybersecurity catalog integration
Native integration with the rest of the OpenText Cybersecurity catalog (SecOps, Data Security, AppSec, DFIR).
Cloud-native log and audit
Continuous audit logging and compliance evidence integrated with cloud SIEM.
Compliance reporting
Audit-ready evidence for SOC 2, FedRAMP, HIPAA, PCI DSS, and ISO 27001.
Multi-tenant cloud operations
Cloud-native scaling and operational simplicity compared to on-prem NetIQ deployments.
Where it fits in the stack
How OpenText Core Identity Foundation connects to the rest of your landscape
OpenText IAM and Cybersecurity (native)
Native- OpenText Identity ManagerOn-prem provisioning paired with SaaS Core Identity Foundation in hybrid programs.
- OpenText Access ManagerOn-prem federation paired with SaaS Core Identity Foundation in hybrid programs.
- OpenText Identity GovernanceOn-prem governance paired with SaaS Core Identity Foundation in hybrid programs.
- OpenText Privileged Access ManagerPAM integration paired with Core Identity Foundation.
- OpenText Cybersecurity SaaS catalogIntegration with Core Threat Detection and Response, Core Data Discovery, and Core Application Security in SaaS.
Cloud and enterprise sources (certified)
Certified- Workday, SuccessFactors, Oracle HCMHR-driven provisioning sources.
- AD, Azure AD/Entra ID, NetIQ eDirectoryDirectory-source integration.
- ServiceNow, Salesforce, M365, Google WorkspaceSaaS application integration.
- AWS, Azure, GCPCloud platform identity integration.
Custom integrations
Custom- Internal applications and proprietary identity storesCustom integration for non-standard environments.
- Hybrid bridge with on-prem NetIQIdentity-policy synchronization across SaaS Core Identity Foundation and on-prem NetIQ.
- Federal compliance reportingFedRAMP-aligned compliance evidence packages.
Deployment and implementation
How it rolls out
- Hosting
- SaaS (North America, EMEA, APJ)
- Implementation complexity
- High
- Typical time to value
- First identity flow live in four to eight weeks. Modernization off legacy NetIQ in eight to sixteen weeks per capability area. Enterprise rollout typically runs six to eighteen months.
- Prerequisites
- Existing NetIQ on-prem inventory or net-new IAM scope
- Cloud-readiness assessment per capability area
- Named identity architect and IAM owner
- Modernization roadmap and migration sequence
- Hybrid co-existence policy if applicable
- What Merito usually handles
- OpenText Core Identity Foundation runs as SaaS with FedRAMP-authorized editions for federal customers. Merito handles tenant setup, modernization from legacy NetIQ, capability-area sequencing, and cloud-native operating-model design.
Licensing and packaging
How it is bought
- Model
- Subscription
- What to expect
- OpenText Core Identity Foundation is SaaS-licensed by user count, capability scope, and edition (commercial vs. Government Cloud / FedRAMP). Pricing depends on lifecycle, federation, MFA, and governance breadth in scope. License acquisition flows through Merito; modernization scopes under a separate engagement.
- Editions and modules
Core Identity Foundation commercial
SaaS-unified IAM bundle with identity lifecycle, federation, MFA, and governance.
Best for: Programs modernizing off legacy NetIQ or starting net-new SaaS IAM.
Core Identity Foundation Government Cloud (FedRAMP)
FedRAMP-authorized edition for federal customers and federal contractors.
Best for: Federal IAM programs requiring FedRAMP-authorized SaaS.
- Common expansion areas
- Add OpenText Privileged Access Manager for PAM coverage
- Add OpenText Data Access Governance for unstructured-data permission review
- Layer OpenText Cybersecurity SaaS catalog for cross-pillar consolidation
- Plan hybrid co-existence with on-prem NetIQ where regulatory constraints require it
Merito services
How Merito helps you win with OpenText Core Identity Foundation
Merito sells licenses and the delivery work around them. Pick the service that matches where you are in the lifecycle.
01
Core Identity Foundation Implementation
Tenant setup, modernization from legacy NetIQ, capability-area sequencing, cloud-native operating-model design.
Explore service02Upgrade and Migration
NetIQ on-prem to Core Identity Foundation modernization including policy and connector transfer.
Explore service03MAPS Assessment
IAM program scoping for Core Identity Foundation alongside Okta, Microsoft Entra, SailPoint, and Saviynt.
Explore service04DevOps Consulting
Application SSO integration, identity automation, and cloud-native operating-model setup.
Explore service05Premium Support
Named engineer, priority SLAs, and release-time coverage for Core Identity Foundation.
Explore service06Managed Services
Long-term run support including hybrid bridge maintenance, modernization-sequence operation, and IAM program evolution.
Explore service07Training and Enablement
Role-based training for identity architects, IAM operators, and compliance teams.
Explore service08Staff Augmentation
Merito-placed identity engineers and OpenText specialists embedded on long-running programs.
Explore serviceOpenText Core Identity Foundation licensing
License Core Identity Foundation. Sequence capability-area modernization. Same engagement.
Core Identity Foundation pricing arrives with tenant setup, NetIQ-to-Core-Identity-Foundation modernization, capability-area sequencing, and cloud-native operating-model design that move the program forward rather than recreate on-prem NetIQ patterns inside SaaS.
Merito point of view
The strategic OpenText IAM direction is SaaS through Core Identity Foundation. Standalone NetIQ remains the regulated and on-prem option.
Merito has scoped IAM modernizations where Core Identity Foundation is exactly the right answer (programs ready to leave NetIQ on-prem, programs subject to OpenText SaaS catalog consolidation) and others where standalone NetIQ remains the right answer (regulated programs subject to data sovereignty, on-prem operational constraints, or air-gap requirements). Both paths are valid; the right one depends on the regulatory and operational constraints actually in effect.
Merito recommends Core Identity Foundation specifically for programs ready to modernize off NetIQ on-prem, programs subject to OpenText catalog consolidation, or programs starting net-new IAM in SaaS with regulated compliance posture. For greenfield cloud-native programs without OpenText footprint, Okta and Microsoft Entra are usually stronger picks. For regulated programs that cannot adopt SaaS IAM, standalone NetIQ products remain the right answer. Merito surfaces those alternatives honestly.
Capability-area sequencing is the load-bearing operational decision. Programs that try to migrate identity lifecycle, federation, MFA, and governance from NetIQ on-prem to Core Identity Foundation in one step typically struggle. The cleaner shape is to sequence: federation first (because cloud-app SSO is the lowest-friction migration), MFA and adaptive authentication next, identity lifecycle third, governance fourth. Each step ships value; the program does not stall on the last step.
What buyers usually underestimate
- Lift-and-shifting the on-prem NetIQ operating model into SaaS without redesigning for cloud-native operations.
- Trying to migrate every NetIQ capability area in one step rather than sequencing.
- Picking Core Identity Foundation when cloud-native Okta or Microsoft Entra would fit better.
- Migrating off mature Okta or Entra deployments without an honest assessment of delta value.
- Failing to plan hybrid co-existence with on-prem NetIQ where regulatory constraints require it.
Related from Merito
Continue exploring OpenText Core Identity Foundation on Merito
Related solutions
Related services
Related products
- OpenText Identity ManagerOn-prem provisioning paired with Core Identity Foundation in hybrid programs.
- OpenText Access ManagerOn-prem federation paired with Core Identity Foundation in hybrid programs.
- OpenText Identity GovernanceOn-prem governance paired with Core Identity Foundation in hybrid programs.
- OpenText Privileged Access ManagerPAM coverage paired with Core Identity Foundation.
- OpenText Advanced AuthenticationMFA paired with Core Identity Foundation in hybrid programs.
- OpenText Cybersecurity (vendor portfolio)Full OpenText Cybersecurity catalog across AppSec, IAM, SecOps, Data Security, and DFIR.
Frequently Asked Questions
OpenText Core Identity Foundation FAQs
Consultation request
Talk to Merito about OpenText Core Identity Foundation
Share your current NetIQ footprint, modernization timeline, and IAM program shape. A Merito OpenText specialist follows up within one business day.
SaaS unification
NetIQ depth in SaaS
Identity lifecycle, federation, MFA, and governance unified in one SaaS bundle.
Modernization path
From legacy NetIQ on-prem
Designed-in migration from standalone NetIQ products to SaaS-unified Core Identity Foundation.
Next step
Sequence the modernization. Do not lift-and-shift.
A Merito Core Identity Foundation engagement starts with capability-area sequencing and cloud-native operating-model design. Lift-and-shift migrations leave most of the SaaS unification value on the table.