The following table indicates the current default IAM resource limits.
Limits marked as 'Adjustable' can only be modified through contacting our customer support. Please note that we will validate every request before considering a change.
Recommended
| Resource | Level | Default limit | Adjustable |
|---|---|---|---|
Users | Account | 10,000 | Yes |
Groups | Account | 5,000 | Yes |
Groups | User | 8,000 | Yes |
Permissions | Group | 1,000 | Yes |
OAuth clients | Account | 200 | No |
SCIM tokens | Account | 10 | No |
Policies | Account | 200 | No |
Policy statements | Policy | 100 | No |
Groups-to-policy bindings | Account or Environment | 30,000 | No |
Policy boundaries | Account | 2,000 | No |
Boundary assignments per policy | Boundary | 10 | No |
Platform tokens | Account | 50,000 | No |
Platform tokens per user across all accounts | Account | 50 | No |
Platform tokens per service user | Account | 100 | No |
If you exceed the Throttle at limit in the specified time period, you may experience HTTP 429 response status code errors, indicating that you need to slow down the rate of your requests.
Recommended
| Resource | Time window | Throttle at | Adjustable |
|---|---|---|---|
OAuth token requests per source IP address | 5 minutes | 1,000 | No |
OAuth token requests per OAuth Client Id | 5 minutes | 150 | No |
The following limits are system-wide and non-adjustable.
| Description | Limit | Adjustable |
|---|---|---|
Concurrent user sessions | 250 | No |
Maximum user session validity | 12 hours | No |
User session inactivity timeout | 1 hour | No |