Multi-Seat Scenario Licensing

General
#1

This is my first post on this forum.

Our development company has been intermittently using Cryptlex in our software for a few years, for node-locked subscription licenses only. We are happy with the functionality Cryptlex has provided so far.

We now are facing a new scenario. I now reach out to better understand whether hosted floating, node-locked multi-seat, or something else could be a good fit for us in this particular scenario.

Let’s say we are developing a custom software for a client organization with around 100 individual end users. Over a year, there may be an employee turnover of say 10 percent. All employees have internet access. Some work from home, and use VPN or similar to access centrally shared resources.

The organization will install our custom software to all end users centrally, via Azure, Windows Active Directory or similar. Same for software updating.

In this particular scenario, the client organization wants a super-easy way of consuming licenses or seats for their end users, and emphasizes that their typical end user is not tech savvy at all. The client organization does not want to make end users have to activate individual licenses by copy-pasting an emailed license key.

Since all software installation will be done centrally, I think it is acceptable to:

  1. Agree one single common license period for all seats, typically 1 year from issue.

  2. Ship a software with a built-in license key validation. At first-use button-click, the software will automatically activate and consume a seat, and keep it consumed for the entire license period.

We developers want to:

  1. At any given time see how many seats have been consumed in the current license period, so we may bill the client organization per seats used.

  2. Be able to seamlessly extend the license period, if the client organization wishes to renew the software, and thus make the current seat count reset.

  3. Preferably receive an email in case the the number of consumed seats in the period reaches a set target, so we may manually add more seats.

At first, we thought that a floating license model with a lease period of say 365 days would be best. However, if the client organization does not want individual end users to validate by individual keys, and we only care for counting unique users during a period, and not concurrent users, then a multi-seat node-locked license may perhaps be simpler.

Cryptlex – What solution would you advise that we implement, and why?

#2

Hi Matheron,

Your use-case is pretty simple. A node-locked license with say 100 allowed activations would suffice.

In case you don’t want end-user to put in a license key to activate the software, you can use email/password flow too. Wherein each end user will have to provide email/password credentials using which you can fetch the license linked with that user (or org) in the app itself and activate it.

In case you link org with a license, your client can create users in the customer portal and link them with the license.

  1. Preferably receive an email in case the the number of consumed seats in the period reaches a set target, so we may manually add more seats.

We don’t have an webhook event for that yet, but this can be handled in your app itself wherein if they hit the limit your app can notify you through any mechanism.

#3

Thank you.

One solution, then, is to use a single license for the organisation, but to require individual end users to first input their unique email address and perhaps name etc before letting them activate a seat.

Then, we developers should then be able to in some way make our software require this email address to match against a pre-existing Cryptlex user list, and possibly other criteria, in order for our software to run.

In this way, we should be able to verify, track and manage individual users per activation (“seat”) instead of per license. Checking against a premade Cryptlex user list allows the client to distribute the software more freely,

Does this sound like a viable way to proceed, or is there something better? What comments and thoughts do you have?

#4

We already support this. So you just need to create an Organization in Cryptlex for your customer, then create users and link them to the organization.

Next, link the organization with a license. Once this is done, you can simply call:

AuthenticateUser( string email, string password) followed by GetUserLicenses() to get the license linked with the org of the user. Once you get the license, you can call SetLicenseKey() followed by ActivateLicense() function.

In case you want the organization to manage users too, you can create a user with role organization-admin and link this user with the organisation. Then this user will be able to create/update/delete users in the customer portal.

In both the cases user will be automatically to the activation. You can use node-locked as well as hosted-floating license in this case.

#5

Thank you.

In light of your recommendations above, our customer has commissioned us to implement this solution.

Our intended general setup is this: We aim to use 1 single license with about 100 activations, for about 100 already known end users with known individual email addresses. Cryptlex will contain these users before we release the software.

When each user first runs the software, they will be prompted to enter their email address. We check this against our list of Cryptlex users, and only if the email address matches a registered Cryplex user, and perhaps additional criteria, then we consume an activation and let the software run.

Ideally, we want to allow activation only if this Cryptlex user currently also has zero activations for this product. So within the product, we need to provide users with a way to deactivate their individual current activation.

You write above that I should “link the organization with a license”. To implement this solution, I start by going into the Cryptlex legacy dashboard to create a new organisation-wide license.

However, when I try to create a new license with “Require Authentication” enabled, and I at the same time assign this license to an organisation but no individual user, then the Cryptlex interface throws an error: “User id is required if authentication is enabled!”. I thought the point was to create a license that is independent of particular users. I’m sure there is a good solution. We would like to hear what you suggest.

  1. Does our intended general setup above sound like a good solution to you, or what do you recommend?

  2. In terms of license creation steps, how should we proceed?

#6

Hi,

You don’t need to enable requireAuthentication, it is deprecated and no more needed. That is the reason the new admin portal doesn’t even offer this option.

After creating the licence and linking and organization with the licence, you just need to call AuthenticateUser function in your app. Follow this by calling GetUserLicenses() function. This will provide you the licence with some licence details. Afterwards you can set the licence key and proceed with licence activation in your app.

#7

Thank you. We will try something like this on our end.

#8

In the scenario described above, we use one single license linked to an organisation. The organisation has say 100 users. They will are be preregistered as individual users within that Organisation, in Cryptlex.

At first software run, we prompt each new user to enter his own email address. Then, our software checks the entered email address against the Cryptlex user database. Only if the entered email address matches a preexisting Cryptlex user do we proceed and let the user consume an activation for this license.

We can easily limit the aggregate number of activations by editing the shared license.

For security reasons, we also need to track the number of activations performed by a particular user.

We want to proceed to activation only if the individual user has zero current activations for this product. In other words, a standard user may only consume one activation.

What’s the best and simplest way in Cryptlex to create, get, and set activations per user?

#9

How do you check the email against the Cryptlex User database? You can’t access users info from within your app. In case you have embedded an access token in your app, then it is a major security risk and you will end up risking all your user data. You must never embed access tokens in client apps.

The way to check against the Cryptlex user database is by calling the AuthenticateUser() function. If this succeeds then the user exists.

We want to proceed to activation only if the individual user has zero current activations for this product. In other words, a standard user may only consume one activation.

You can get the activations for each user using the following endpoint:

https://api.cryptlex.com/v3/docs#tag/Users/operation/get/v3/me/activations

But this requires access token from user login endpoint. Since LexActivator doesn’t support this you will have to take following route:

1- Instead of AuthenticateUser() function invoke the following endpoint from your app:

https://api.cryptlex.com/v3/docs#tag/Authentication/operation/post/v3/accounts/login

The AuthenticateUser() function essentially does the same. This endpoint will return an access token of the user which can be used to invoke the following endpoint to get the user licenses and user activations:

https://api.cryptlex.com/v3/docs#tag/Users/operation/get/v3/me/licenses

https://api.cryptlex.com/v3/docs#tag/Users/operation/get/v3/me/activations

The number of activations each user is allowed can be stored in user metadata.

#10

Thanks. We are trying something like this. What we have implemented so far seems to work. If I have further questions, we will return.