7 Key Differences in microsoft entra id vs okta for workforce authentication to Choose the Best IAM Platform

🎧 Listen to a quick summary of this article:

⏱ ~2 min listen • Perfect if you’re on the go

Disclaimer: This article may contain affiliate links. If you purchase a product through one of them, we may receive a commission (at no additional cost to you). We only ever endorse products that we have personally used and benefited from.

Choosing between microsoft entra id vs okta for workforce authentication can feel like a high-stakes decision, especially when security gaps, login friction, and growing IT complexity are already draining your team. If you’re stuck comparing features, pricing, integrations, and user experience, you’re not alone.

This article will help you cut through the noise and confidently evaluate which IAM platform fits your workforce best. Instead of vague vendor claims, you’ll get a clear breakdown of the differences that actually affect security, administration, scalability, and day-to-day usability.

We’ll walk through seven key areas where Microsoft Entra ID and Okta differ, from identity management and single sign-on to conditional access, ecosystem fit, and cost considerations. By the end, you’ll know which platform is better suited for your business needs, IT environment, and long-term authentication strategy.

What is microsoft entra id vs okta for workforce authentication?

Microsoft Entra ID and Okta Workforce Identity are both cloud identity platforms that handle employee sign-in, single sign-on, multi-factor authentication, lifecycle automation, and conditional access. In plain terms, they decide who gets access to which apps, on what device, and under what risk conditions. For operators, the choice usually comes down to ecosystem fit, policy depth, and total operating cost.

Microsoft Entra ID, formerly Azure Active Directory, is typically strongest in organizations already standardized on Microsoft 365, Windows, Intune, and Defender. It provides directory services, SSO, passwordless authentication, and device-aware access controls tightly linked to the broader Microsoft security stack. That tight coupling can reduce integration work, but it also means some advanced controls are most valuable when you buy more Microsoft security products.

Okta is a vendor-neutral identity platform designed to sit across mixed environments such as Google Workspace, AWS, Salesforce, Workday, Slack, Zoom, and custom apps. It is often favored by companies with heterogeneous SaaS portfolios or a deliberate best-of-breed architecture. Its value proposition is straightforward: strong app integration coverage and consistent identity workflows across non-Microsoft estates.

At the feature level, both products cover the workforce identity baseline:

Single Sign-On: SAML, OIDC, and app launcher experiences for employee productivity apps.
Multi-Factor Authentication: push, TOTP, FIDO2, WebAuthn, and adaptive step-up controls.
Lifecycle Management: user provisioning and deprovisioning through SCIM, HR-driven automation, and group-based access.
Policy Enforcement: conditional access based on user risk, device compliance, location, and session context.

The implementation difference appears when operators map these capabilities into production. With Entra ID, a conditional access policy can combine user identity, device compliance from Intune, and threat telemetry from Defender in one workflow. With Okta, the same outcome is possible, but it may depend on third-party signals, additional connectors, or separate endpoint tooling.

A practical example is employee onboarding for a 2,000-user company using Workday as the source of truth. In Okta, Workday events can trigger account creation, group assignment, and downstream provisioning into Slack, Zoom, and Salesforce with minimal Microsoft dependency. In Entra ID, the workflow is efficient too, but it becomes especially compelling when the destination stack includes Microsoft 365, Teams, SharePoint, and Windows endpoints.

Pricing tradeoffs matter because identity cost is rarely isolated. Entra ID can look cheaper when key capabilities are already bundled inside Microsoft 365 E3/E5 or Entra ID P1/P2 licensing. Okta may introduce a clearer standalone line item, but buyers sometimes accept that premium for faster cross-SaaS integration and less platform lock-in.

Integration caveats are important during evaluation. Some legacy apps still require custom SAML tuning, complex attribute mapping, or agent-based connectors for on-prem environments. Operators should verify SCIM behavior, group claim limits, app template quality, and admin role granularity before assuming parity between vendors.

Here is a simple SAML-style attribute mapping example an operator might validate during testing:

{
  "email": "user.mail",
  "firstName": "user.givenName",
  "lastName": "user.surname",
  "groups": "user.memberOf"
}

Decision aid: choose Entra ID if Microsoft is already your control plane for productivity, devices, and security. Choose Okta if your workforce stack is mixed and you need neutral, app-centric identity orchestration across many vendors.

Best microsoft entra id vs okta for workforce authentication in 2025: Feature-by-Feature Comparison for Enterprise Teams

For enterprise workforce authentication, the practical choice usually comes down to your existing stack, identity maturity, and licensing posture. Microsoft Entra ID is typically stronger when your users already live in Microsoft 365, Intune, and Windows. Okta often stands out for mixed-vendor environments that need broad app federation without deep dependence on Microsoft controls.

From a core SSO perspective, both platforms handle SAML, OIDC, MFA, lifecycle automation, and conditional access at enterprise scale. The difference is operational depth. Entra ID integrates more natively with Windows sign-in, device compliance, and Microsoft security telemetry, while Okta usually offers a cleaner independent identity layer across SaaS-heavy estates.

Authentication policy is one of the clearest separation points. Entra Conditional Access is highly effective when you want policies tied to device state, user risk, location, and session controls across Microsoft services. Okta Adaptive MFA is easier to position when your environment includes Google Workspace, AWS, Salesforce, Zoom, and on-prem apps with fewer assumptions about endpoint management.

For provisioning, both support SCIM, HR-driven lifecycle flows, and group-based app assignment. Okta has long been favored for its broad app catalog and straightforward provisioning patterns, especially in decentralized SaaS procurement models. Entra ID has improved significantly, but operators should validate connector behavior app by app because parity is not universal across every third-party integration.

Pricing is where evaluation teams need discipline. Entra ID can look cheaper on paper if you already own Microsoft 365 E3/E5, Entra ID P1/P2, or EMS bundles. Okta may become more expensive at scale because costs are often tied to workforce identity modules, advanced MFA, lifecycle management, and privileged features sold separately.

A simple buyer scenario illustrates the tradeoff. A 12,000-user company already paying for Microsoft 365 E5 may unlock much of Entra’s value with limited net-new spend, making the ROI case straightforward. The same company adopting Okta could justify the premium only if its app estate is heterogeneous enough to reduce integration effort, help-desk tickets, or migration complexity.

Implementation constraints also differ in meaningful ways:

Choose Entra ID if you need tight alignment with Windows Hello for Business, Intune compliance, Defender signals, and Microsoft-native Zero Trust controls.
Choose Okta if you need neutral identity orchestration across multiple clouds and collaboration suites.
Test federation paths for legacy apps, VPNs, and RADIUS-based infrastructure before committing.
Model admin overhead for role design, delegated administration, and audit reporting.

Security teams should also compare privileged access and identity governance. Entra benefits from stronger adjacency to Microsoft Purview, Defender, and broader compliance workflows. Okta remains compelling for organizations that want identity as a dedicated control plane rather than an extension of a larger productivity platform.

Here is a simple policy example using Microsoft Graph-style conditional logic notation to show the kind of control buyers should map during pilots:

{
  "policy": "Require MFA",
  "if": ["userRisk = medium", "deviceCompliant = false"],
  "then": ["block or require step-up authentication"]
}

Bottom line: pick Entra ID for Microsoft-centric enterprises optimizing license efficiency and endpoint-aware access control. Pick Okta for vendor-neutral identity strategies where broad integration consistency matters more than Microsoft-native depth. The best decision usually comes from a 30-day pilot measuring integration time, policy coverage, and total cost per user.

Microsoft Entra ID vs Okta for Workforce Authentication: Security, MFA, Conditional Access, and Zero Trust Strengths

For workforce identity, **Microsoft Entra ID** and **Okta** both deliver strong SSO, MFA, and policy enforcement, but they fit different operating models. **Entra ID is usually strongest in Microsoft-heavy estates**, while **Okta often wins in heterogeneous SaaS environments** where neutrality and broad app coverage matter. Buyers should compare not just features, but also **license bundling, policy depth, admin effort, and incident tolerance**.

On MFA, both support **push, OTP, FIDO2 security keys, WebAuthn, and passwordless options**, but the operator experience differs. **Entra ID’s strength is native alignment with Microsoft 365, Windows, and Defender signals**, which reduces integration work for tenants already standardized on Microsoft. **Okta FastPass** is competitive for phishing-resistant authentication, especially when paired with Okta Verify and device trust policies across mixed endpoints.

Conditional access is where many enterprise evaluations become decisive. **Entra ID Conditional Access** is tightly connected to **user risk, sign-in risk, device compliance, Intune posture, location, session controls, and Microsoft Defender telemetry**. Okta counters with **Adaptive MFA, device context, network zones, behavior signals, and app-level policy controls**, but some organizations find the deepest endpoint-aware controls require more third-party stitching.

For Zero Trust programs, the main distinction is **signal density versus platform neutrality**. Entra ID benefits from Microsoft’s broad control plane across **identity, endpoint, email, cloud apps, and SOC workflows**, giving security teams more reusable context from one vendor. Okta is attractive when the business wants **identity as an independent layer** rather than a control tied closely to Microsoft infrastructure choices.

Implementation constraints matter more than marketing claims. Entra ID can be faster to roll out if you already use **Microsoft 365 E3/E5, Intune, Defender for Endpoint, and Windows Hello for Business**. Okta may require fewer political compromises in organizations running **Google Workspace, Zoom, AWS, Salesforce, Slack, and mixed MDM tools** because it does not assume Microsoft-first endpoint governance.

Pricing tradeoffs are material. **Entra ID can look cheaper when capabilities are bundled into broader Microsoft agreements**, especially if security and endpoint licenses are already committed in enterprise contracts. Okta pricing is often clearer as a dedicated identity line item, but **advanced lifecycle, device assurance, privileged access, and higher support tiers can expand total cost faster than expected**.

A practical buying lens is to map controls to the attack paths you actually see:

Choose Entra ID if you need **risk-based access tied to Windows, Intune compliance, and Microsoft Defender signals**.
Choose Okta if you need **strong cross-vendor identity orchestration** across a broad SaaS estate with fewer Microsoft dependencies.
Validate phishing resistance by testing **FIDO2 or platform passkeys** for admins, executives, and VPN users first.
Model support overhead for policy exceptions, contractor onboarding, and BYOD access before signing a multiyear agreement.

Here is a concrete policy example for an operator designing privileged access:

IF user.group == "Privileged Admins"
AND app IN ["Azure Portal", "AWS Console", "Salesforce Admin"]
THEN require phishing-resistant MFA
AND require compliant or registered device
AND block legacy authentication
AND deny access if sign-in risk == high

In Entra ID, this maps well to **Conditional Access plus Identity Protection**. In Okta, the equivalent typically combines **app sign-on policy, device assurance, network or behavior context, and phishing-resistant factor requirements**. The output can be similar, but **Entra usually has an advantage when the risk signal must flow directly from Microsoft endpoint and threat tools**.

A real-world scenario illustrates the ROI difference. A 12,000-user enterprise standardized on **Microsoft 365, Intune, and Defender** often lowers deployment time by choosing Entra ID because **device compliance, session control, and reporting are already in the stack**. A similarly sized company with **best-of-breed SaaS and mixed operating systems** may accept Okta’s higher standalone cost in exchange for **cleaner federation, less vendor lock-in, and simpler app onboarding across non-Microsoft services**.

Decision aid: if your security posture depends on **deep Microsoft-native telemetry and bundled economics**, Entra ID is usually the stronger workforce authentication platform. If your priority is **vendor-neutral identity control across a diverse SaaS estate**, Okta remains a top-tier choice.

How to Evaluate microsoft entra id vs okta for workforce authentication Based on Integration Depth, Admin Experience, and Scalability

Start with the question that actually changes cost and risk: **where does your identity stack already live**? If your workforce is heavily standardized on **Microsoft 365, Windows, Intune, and Conditional Access**, Microsoft Entra ID usually delivers faster time to value because the control plane is already familiar to admins. If your environment is more heterogeneous, with many non-Microsoft SaaS apps and mixed endpoint or directory tooling, **Okta often wins on neutral-platform flexibility**.

Evaluate **integration depth**, not just app catalog size. Both vendors support thousands of prebuilt SaaS integrations, but operators should test whether the connector supports only SSO or also **lifecycle management, group push, SCIM provisioning, API-based deprovisioning, and adaptive policy enforcement**. A 5,000-app catalog sounds impressive, but if your top 20 apps need custom scripting for offboarding, your admin burden and security exposure rise quickly.

A practical scorecard should compare the systems across the workflows your team runs every week. Use a weighted list like this:

Provisioning depth: Does the app support automatic create, update, suspend, and deactivate actions?
Policy granularity: Can you target access by user risk, device compliance, location, group, and session context?
Admin ergonomics: How many clicks or policy objects are required for a common change?
Reporting: Are sign-in logs, audit trails, and incident data easy to export to your SIEM?
Scale behavior: Can the platform handle mergers, multi-brand orgs, and delegated administration cleanly?

For **admin experience**, the difference is often philosophical rather than absolute. Entra ID is deeply effective when your team already understands Microsoft policy constructs, but it can feel distributed across multiple portals and adjacent services. **Okta is frequently praised for cleaner day-one usability**, especially for app onboarding and cross-vendor identity workflows, though advanced scenarios can still require careful policy design.

Implementation constraints matter more than buyers expect. If you need **hybrid Active Directory integration**, password hash sync, device-based access, and Windows-native controls, Entra ID can reduce architectural sprawl. If you are consolidating identities across Google Workspace, AWS, Salesforce, Zoom, Slack, and niche SaaS without wanting one ecosystem to dominate, **Okta may reduce integration friction**.

Pricing should be modeled as a full-stack decision, not a line-item comparison. Entra ID can appear cheaper when bundled into broader Microsoft licensing, especially for organizations already paying for **Microsoft 365 E3 or E5**, but the real comparison depends on which premium identity features you actually need. Okta pricing can be more modular, which helps some teams avoid overbuying, but it can also climb as you add **Lifecycle Management, Adaptive MFA, privileged controls, and advanced integrations**.

Here is a simple operator test scenario. Suppose HR terminates 50 contractors in one day across Microsoft 365, Salesforce, GitHub, Slack, and AWS. The better platform is the one that can **revoke sessions, disable upstream identity, deprovision downstream apps, and produce an audit log within minutes**, without custom scripts for half the stack.

A lightweight pilot can expose differences quickly. Run 10 to 15 representative apps, then measure: time to integrate, number of manual policy exceptions, help desk tickets for MFA or lockouts, and minutes to complete joiner-mover-leaver workflows. Those metrics are more decision-useful than generic feature matrices.

For teams that want an API-level validation, test automation early:

curl -X GET "https://example-idp/api/apps" \
  -H "Authorization: Bearer <token>"

If your IAM team can reliably script app inventory, entitlement review, and deprovisioning checks, **operational scale will be easier to sustain**. Final decision aid: choose **Entra ID for tighter Microsoft-native leverage and bundled economics**, and choose **Okta for cross-platform neutrality, cleaner SaaS-centric administration, and broader ecosystem independence**.

Pricing, Licensing, and ROI Breakdown for Microsoft Entra ID vs Okta in Workforce Identity Programs

Pricing posture is usually the first major separator in Microsoft Entra ID vs Okta evaluations. Entra ID often looks cheaper when an organization already owns Microsoft 365 E3 or E5, because core identity controls are partially bundled. Okta typically prices more transparently by workforce identity module, but total cost can climb faster as MFA, lifecycle automation, privileged controls, and advanced access policies are layered in.

Microsoft’s commercial advantage is bundling, not necessarily simpler licensing. Entra ID Free, P1, and P2 capabilities are split across Microsoft 365, EMS, and standalone SKUs, so operators must confirm whether Conditional Access, Identity Protection, Privileged Identity Management, and access reviews are already covered. In many mid-market estates, the real savings come from avoiding a second identity vendor rather than from lower standalone Entra list pricing.

Okta’s advantage is SKU clarity and ecosystem neutrality. Buyers can map costs more directly to Workforce Identity Cloud products such as Single Sign-On, Adaptive MFA, Lifecycle Management, and Privileged Access. That model is easier for non-Microsoft environments, but procurement teams should pressure-test renewal exposure because per-user pricing plus add-ons can materially expand over a 3-year term.

A practical way to evaluate both vendors is to model cost in three layers:

License cost: per-user or bundled subscription charges.
Implementation cost: migration labor, professional services, testing, and app remediation.
Operating cost: help desk tickets, identity admin time, audit preparation, and incident reduction.

For example, a 5,000-user company already standardized on Microsoft 365 E5 may find that moving to Entra ID P2-level controls adds little or no net-new identity license spend for many employees. The same company adopting Okta might justify the premium if it has a mixed SaaS estate, limited Microsoft dependency, and a requirement for faster prebuilt integrations across non-Microsoft applications. The cheaper platform on paper is not always the lower-cost operating model.

Implementation constraints matter because they directly affect ROI timing. Entra ID deployments are typically faster when Windows, Intune, Microsoft Defender, and Microsoft 365 are already in place, since device posture, user identity, and access policy can be linked quickly. Okta can reduce friction in heterogeneous estates, but complex app-by-app federation work, custom attribute mapping, and workflow redesign can extend time to value.

Integration caveats often create hidden cost. Legacy on-prem apps using older authentication methods may require Entra Application Proxy, third-party connectors, or modernization work; with Okta, some edge cases need custom SAML/OIDC setup or extra lifecycle tooling. If 15% to 20% of business-critical apps require manual remediation, project economics can shift more than any license delta.

Operators should also measure ROI through measurable service outcomes:

Fewer password-reset tickets through self-service and MFA-based recovery.
Faster joiner-mover-leaver workflows via HR-driven provisioning.
Lower audit effort with built-in access reviews and reporting.
Reduced breach exposure from adaptive access and phishing-resistant authentication.

A simple internal model can help: ROI = (annual labor savings + incident reduction + retired tool savings) - annual platform cost. If Entra ID lets you retire a third-party MFA product and cut 1,200 help desk tickets per year at $18 each, that alone represents $21,600 in annual support savings before security gains are counted. Okta can produce a similar payoff when it replaces fragmented SSO tools across a multi-vendor stack.

Decision aid: choose Entra ID when Microsoft licensing density is high and you want maximum bundle efficiency. Choose Okta when cross-platform integration neutrality, cleaner SKU packaging, and broad app ecosystem alignment outweigh higher incremental subscription cost.

Implementation, Migration, and Vendor Fit: When Microsoft Entra ID or Okta Makes More Sense for Your Stack

Implementation reality usually decides this evaluation faster than feature grids do. For workforce authentication, Microsoft Entra ID often wins when your estate already runs on Microsoft 365, Intune, Windows endpoints, and Conditional Access. Okta typically makes more sense when your application portfolio is broader, more heterogeneous, and less centered on Microsoft licensing.

Entra ID can reduce both deployment friction and effective cost if you already own the surrounding Microsoft stack. Operators can reuse identities, device compliance signals, Defender telemetry, and Microsoft 365 group structures without introducing another strategic control plane. That can materially shorten rollout time for MFA, app access policies, and lifecycle automation.

Okta is often the cleaner fit for multi-vendor environments with large numbers of SaaS apps, non-Windows devices, or mixed endpoint management tools. Teams that support Google Workspace, AWS-heavy infrastructure, Slack, Zoom, Salesforce, and custom SAML or OIDC apps often value Okta’s neutral positioning. In practice, that neutrality can simplify politics as much as architecture.

Migration planning should start with a hard inventory, not a licensing conversation. Document every authentication dependency, including SAML apps, OIDC clients, legacy LDAP ties, MFA factors, HR-driven provisioning flows, and admin break-glass accounts. Many delays come from forgotten service accounts, brittle SCIM mappings, or homegrown apps that assume old claim formats.

A practical operator checklist usually includes:

Source of truth: AD, HRIS, Google Workspace, or mixed authoritative systems.
Protocol mix: SAML, OIDC, WS-Fed, LDAP, RADIUS, and any VPN dependencies.
Device posture inputs: Intune, Jamf, CrowdStrike, or third-party MDM signals.
Provisioning scope: SCIM support, JIT access, group push, and deprovisioning latency.
Privilege controls: PAM overlap, admin MFA isolation, and emergency access design.

Pricing tradeoffs are rarely apples-to-apples. Entra ID can look cheaper when bundled through Microsoft 365 E3/E5 or Entra Suite adjacency, especially if you already pay for Intune and Defender. Okta can become cost-justified when it replaces custom federation work, reduces integration maintenance, or avoids buying broader Microsoft licensing just to solve identity.

For example, a 4,000-user company standardized on Microsoft 365, Windows 11, and Intune may get faster ROI from Entra ID because Conditional Access plus device compliance is already operational. The same company using Google Workspace, macOS, AWS, and 120 SaaS apps may find Okta cheaper in labor terms even if per-user licensing is higher. The hidden variable is usually administrative complexity per application, not sticker price alone.

Integration caveats matter during cutover. Entra ID migrations can be smoother for organizations with on-prem AD and hybrid identity, but operators must validate sync rules, UPN normalization, and legacy app compatibility. Okta migrations often shine for SaaS consolidation, but app-by-app testing is still required for session policies, group assignments, and SCIM attribute mappings.

Even a small claim mismatch can break access. Example OIDC claim output might look like this:

{
  "sub": "00u123example",
  "email": "user@company.com",
  "groups": ["Finance","Managers"]
}

If a downstream app expects role instead of groups, the migration fails functionally even though authentication succeeds. That is why pilot waves should include at least one high-risk admin app, one HR-connected app, and one legacy app with nonstandard claims. Test for sign-in success, provisioning accuracy, and clean deprovisioning.

Decision aid: choose Entra ID when Microsoft is already your operational backbone and you want the most leverage from existing licensing and device controls. Choose Okta when vendor neutrality, broad SaaS integration depth, and cleaner cross-platform identity orchestration matter more. For most operators, the right answer is the platform that minimizes long-term policy sprawl and migration exceptions.

FAQs About microsoft entra id vs okta for workforce authentication

Which platform is easier to justify financially? For Microsoft-centric organizations, Entra ID often wins on bundled value because core identity features may already be included in Microsoft 365 E3 or E5 licensing. Okta can still be cost-effective, but buyers should model per-user subscription costs, add-on MFA charges, lifecycle automation, and premium support before assuming lower total cost.

A practical buying scenario is a 2,500-user company already paying for Microsoft 365 E5. In that case, adding Entra ID capabilities may require fewer net-new contracts than deploying Okta Workforce Identity Cloud across the full employee base. The ROI difference usually comes from license consolidation, fewer third-party tools, and reduced integration overhead.

Which product is faster to implement? Okta is frequently praised for rapid SaaS onboarding and broad prebuilt app integrations, especially in mixed-vendor environments. Entra ID implementation is usually fastest when Windows devices, Microsoft 365, Teams, SharePoint, and Intune are already strategic standards.

Operators should validate implementation constraints early. For example, hybrid Active Directory synchronization, conditional access design, MFA enrollment campaigns, and privileged admin role cleanup can delay either deployment more than the product choice itself. A realistic rollout plan should include pilot users, break-glass accounts, and phased app migration.

How do integration differences affect daily operations? Okta is often preferred when enterprises need a vendor-neutral identity layer across AWS, Google Workspace, Salesforce, Slack, Zoom, and legacy web apps. Entra ID is typically stronger where organizations want tighter native alignment with Microsoft security controls, endpoint management, and productivity tooling.

Here is a common SAML-style example operators may encounter during app onboarding:

{
  "sso": {
    "protocol": "SAML",
    "entityId": "https://app.example.com/saml",
    "acsUrl": "https://app.example.com/sso/acs",
    "nameIdFormat": "emailAddress"
  }
}

The real operational difference is not the protocol but how quickly admins can map attributes, enforce MFA, test failover, and document ownership for each application. Buyers should ask vendors how many target apps can be migrated per week with internal staffing constraints. This directly affects labor cost and business disruption.

Which platform offers stronger security controls for workforce authentication? Both support modern requirements like MFA, phishing-resistant methods, conditional access, and lifecycle controls. The better fit depends on whether your team prioritizes Microsoft-native policy orchestration or an independent identity control plane spanning many cloud vendors.

One operator-facing caveat is that feature depth may be tier-dependent. Advanced risk-based access, identity governance, privileged workflows, and deeper reporting can sit behind higher licensing tiers in both ecosystems. Procurement teams should compare not just list price, but also what is required to meet audit, zero-trust, and compliance objectives.

What should buyers ask during evaluation?

What is the effective cost per active workforce user after MFA, governance, and support are included?
How many critical apps have prebuilt integrations versus custom federation work?
What is the migration path from on-prem AD and what outages or retraining risks exist?
Which reporting and incident response workflows are available without extra tooling?

Bottom line: choose Entra ID when Microsoft licensing and endpoint/security alignment drive the business case. Choose Okta when cross-platform neutrality, fast SaaS integration, and heterogeneous IT estates matter more. The best decision usually comes from a 90-day pilot with app migration metrics, help desk ticket volume, and true license impact.